Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/Kw2aRR5y3pBjZ2mLG8VzTBLdygY.roa
File:                     Kw2aRR5y3pBjZ2mLG8VzTBLdygY.roa (raw, json)
Hash identifier:          7DWepCb4gUSfs+JdZ6LnKE2zBQ11JtzAlvXWbrSwJC4=
Subject key identifier:   2B:0D:9A:45:1E:72:DE:90:63:67:69:8B:1B:C5:73:4C:12:DD:CA:06
Certificate issuer:       /CN=ec79a7b54c8c94d06ca2f685971a2449fb8fcece
Certificate serial:       018CC4246B3F5B5F48F8D216C48F4174E3E5
Authority key identifier: EC:79:A7:B5:4C:8C:94:D0:6C:A2:F6:85:97:1A:24:49:FB:8F:CE:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HmntUyMlNBsovaFlxokSfuPzs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/Kw2aRR5y3pBjZ2mLG8VzTBLdygY.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48194
IP address blocks:        2a13:9644:10::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/7HmntUyMlNBsovaFlxokSfuPzs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/7HmntUyMlNBsovaFlxokSfuPzs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HmntUyMlNBsovaFlxokSfuPzs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:07:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6b:3f:5b:5f:48:f8:d2:16:c4:8f:41:74:e3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec79a7b54c8c94d06ca2f685971a2449fb8fcece
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b0d9a451e72de906367698b1bc5734c12ddca06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:44:8d:96:fb:d5:b0:04:2a:e8:28:3b:48:53:
                    26:89:3e:bc:c8:79:88:e9:ba:31:46:91:5e:93:3d:
                    6b:50:d5:f5:57:09:5a:4c:fa:ed:be:16:5c:73:c5:
                    f1:66:dc:d0:f7:0c:3a:bd:5e:4c:ff:c3:3b:52:05:
                    9c:e0:ee:16:7c:81:86:2d:22:87:27:8b:e0:ff:43:
                    0b:b0:33:9a:33:9b:6f:d0:0a:5b:2c:dc:37:65:ad:
                    fd:b7:4e:25:eb:aa:7b:5f:46:ba:5c:ca:4d:50:76:
                    51:92:9c:15:74:54:22:1c:9c:7f:f0:ac:45:05:fe:
                    d3:75:ab:6a:84:05:ed:56:3b:9d:e7:3b:5f:50:d9:
                    99:10:1f:a3:e7:90:bf:4f:d2:ae:48:cf:60:0e:fe:
                    0a:bc:77:6f:7b:29:a1:e6:88:aa:2b:7a:92:81:69:
                    c9:25:16:de:c9:d9:8e:b4:af:d6:b1:1e:96:d1:49:
                    c6:14:9c:4a:0d:e3:a6:d6:f4:00:35:9b:84:07:fc:
                    6e:aa:77:c2:cf:b5:f7:f6:51:89:fd:21:05:43:f9:
                    6e:33:89:5b:ce:c8:7d:74:4d:40:11:d4:26:b9:c4:
                    94:59:31:a4:4f:ea:2c:6d:55:9a:ba:f4:01:2f:32:
                    4c:fa:35:04:8f:56:4a:2f:87:c7:58:97:63:c4:2f:
                    0e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0D:9A:45:1E:72:DE:90:63:67:69:8B:1B:C5:73:4C:12:DD:CA:06
            X509v3 Authority Key Identifier:
                keyid:EC:79:A7:B5:4C:8C:94:D0:6C:A2:F6:85:97:1A:24:49:FB:8F:CE:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HmntUyMlNBsovaFlxokSfuPzs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/Kw2aRR5y3pBjZ2mLG8VzTBLdygY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/7HmntUyMlNBsovaFlxokSfuPzs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9644:10::/46

    Signature Algorithm: sha256WithRSAEncryption
         9c:ef:37:7a:b5:b4:39:72:10:14:26:7f:a1:87:e3:ae:43:d7:
         f9:b1:0e:e0:90:02:9b:58:b3:ba:a8:71:8f:5b:30:33:66:0c:
         e2:d0:97:c2:25:1c:26:65:7e:e8:8c:aa:af:d4:9f:cd:65:57:
         26:33:37:a5:b9:58:97:92:b1:75:08:ab:4f:ea:0e:07:5c:20:
         07:22:d4:2e:4d:45:3e:ad:a6:b5:c2:f2:61:4f:99:4b:3d:15:
         51:a0:9d:16:e7:5f:75:16:a0:92:83:70:78:29:4f:e8:42:e5:
         43:1d:fa:72:ff:18:1d:1f:75:fa:c5:d0:2c:61:2b:c3:46:04:
         72:17:06:03:34:a5:c8:85:e2:04:0e:f1:01:e3:b8:74:62:be:
         a4:c9:95:a5:8b:ec:a0:58:ef:28:89:8c:7e:b8:17:ca:f4:d1:
         c9:dc:7d:b4:ad:b5:12:2c:f7:ba:3f:83:f0:05:fd:5b:4c:e3:
         f2:22:f3:39:84:56:27:0b:2e:c9:11:ab:47:b6:cb:45:bd:96:
         c2:36:b6:29:4d:24:df:11:e5:ea:e0:fd:65:ec:bb:2f:3f:35:
         c5:ca:3c:f8:5b:ed:43:c2:0d:ca:f6:88:9f:6c:cc:7f:6a:9f:
         b1:a5:dc:5c:be:41:2a:9b:55:8b:34:a2:f3:1f:7e:82:1d:14:
         54:3a:21:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGs/W19I+NIWxI9BdOPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzlhN2I1NGM4Yzk0ZDA2Y2EyZjY4NTk3MWEyNDQ5ZmI4
ZmNlY2UwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBkOWE0NTFlNzJkZTkwNjM2NzY5OGIxYmM1NzM0YzEyZGRjYTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0SNlvvVsAQq6Cg7SFMmiT68yHmI
6boxRpFekz1rUNX1VwlaTPrtvhZcc8XxZtzQ9ww6vV5M/8M7UgWc4O4WfIGGLSKH
J4vg/0MLsDOaM5tv0ApbLNw3Za39t04l66p7X0a6XMpNUHZRkpwVdFQiHJx/8KxF
Bf7TdatqhAXtVjud5ztfUNmZEB+j55C/T9KuSM9gDv4KvHdveymh5oiqK3qSgWnJ
JRbeydmOtK/WsR6W0UnGFJxKDeOm1vQANZuEB/xuqnfCz7X39lGJ/SEFQ/luM4lb
zsh9dE1AEdQmucSUWTGkT+osbVWauvQBLzJM+jUEj1ZKL4fHWJdjxC8O5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCsNmkUect6QY2dpixvFc0wS3coGMB8GA1UdIwQY
MBaAFOx5p7VMjJTQbKL2hZcaJEn7j87OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0htbnRVeU1sTkJzb3ZhRmx4b2tTZnVQenM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9hOWJkNTAtYjRhNC00MDYzLTg0MzYt
NGUyYThmODRhZWVkLzEvS3cyYVJSNXkzcEJqWjJtTEc4VnpUQkxkeWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9hOWJkNTAtYjRhNC00MDYzLTg0MzYtNGUyYThmODRhZWVk
LzEvN0htbnRVeU1sTkJzb3ZhRmx4b2tTZnVQenM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhOWRAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCc7zd6tbQ5chAUJn+hh+OuQ9f5sQ7gkAKbWLO6
qHGPWzAzZgzi0JfCJRwmZX7ojKqv1J/NZVcmMzeluViXkrF1CKtP6g4HXCAHItQu
TUU+raa1wvJhT5lLPRVRoJ0W5191FqCSg3B4KU/oQuVDHfpy/xgdH3X6xdAsYSvD
RgRyFwYDNKXIheIEDvEB47h0Yr6kyZWli+ygWO8oiYx+uBfK9NHJ3H20rbUSLPe6
P4PwBf1bTOPyIvM5hFYnCy7JEatHtstFvZbCNrYpTSTfEeXq4P1l7LsvPzXFyjz4
W+1Dwg3K9oifbMx/ap+xpdxcvkEqm1WLNKLzH36CHRRUOiEv
-----END CERTIFICATE-----