Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/zmZGG04X6iX6N5WaYt1WHi8mke4.roa
File:                     zmZGG04X6iX6N5WaYt1WHi8mke4.roa (raw, json)
Hash identifier:          ZOCFDx0qi0qhef+KErg+TtngEqEKkhrDP0X+6BvI1Kk=
Subject key identifier:   CE:66:46:1B:4E:17:EA:25:FA:37:95:9A:62:DD:56:1E:2F:26:91:EE
Certificate issuer:       /CN=40cc81ff82ced61aef8476ace7a0e818bbae8fc4
Certificate serial:       019023C72F482D65DDD6EFDF2B4CD89B8571
Authority key identifier: 40:CC:81:FF:82:CE:D6:1A:EF:84:76:AC:E7:A0:E8:18:BB:AE:8F:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QMyB_4LO1hrvhHas56DoGLuuj8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/zmZGG04X6iX6N5WaYt1WHi8mke4.roa
Signing time:             Mon 17 Jun 2024 01:19:34 +0000
ROA not before:           Mon 17 Jun 2024 01:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204774
IP address blocks:        2a13:5000::/29 maxlen: 48
                          2a13:5000::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/QMyB_4LO1hrvhHas56DoGLuuj8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/QMyB_4LO1hrvhHas56DoGLuuj8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QMyB_4LO1hrvhHas56DoGLuuj8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:23:c7:2f:48:2d:65:dd:d6:ef:df:2b:4c:d8:9b:85:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40cc81ff82ced61aef8476ace7a0e818bbae8fc4
        Validity
            Not Before: Jun 17 01:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce66461b4e17ea25fa37959a62dd561e2f2691ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:38:ec:05:fe:d0:a2:5d:b2:cf:14:cc:72:a2:
                    97:34:17:19:c5:5e:6d:5e:c2:da:e2:32:6c:d6:89:
                    cc:6c:29:ee:22:7c:a0:6f:fb:d8:17:6a:00:75:4f:
                    38:25:97:e3:b6:13:35:ca:e7:88:56:89:aa:97:d9:
                    45:56:55:0c:21:87:5d:4d:88:d3:01:e5:79:42:ba:
                    7a:6c:4c:44:de:9c:d4:d7:86:e5:b5:8b:50:18:8b:
                    11:a0:80:70:d7:3b:3e:73:b2:77:ba:b4:9a:c7:e1:
                    1c:b3:65:43:86:8d:a2:0a:9e:19:fb:28:2d:6f:6a:
                    2f:6f:c1:73:57:b6:7c:25:f1:49:eb:51:b5:32:1f:
                    83:2f:04:df:be:12:a3:e6:d4:52:b4:ac:16:74:e7:
                    4f:97:f5:30:a8:33:b4:a0:d3:44:11:b5:a4:9b:fe:
                    b6:89:87:03:5f:91:fb:e6:3f:cc:4d:2d:be:cc:c6:
                    74:4f:74:e4:fd:79:5c:4e:4a:33:a8:4b:52:3f:5a:
                    20:b0:56:3b:f5:e9:a5:46:6c:a6:a1:20:69:a4:a0:
                    ca:6f:65:77:74:d9:09:b6:1f:63:a8:ca:1b:38:72:
                    19:0f:55:3c:67:4f:90:a9:23:b4:30:19:23:ec:71:
                    3f:80:0f:91:2e:82:26:97:2e:e5:28:f0:1b:9d:0d:
                    db:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:66:46:1B:4E:17:EA:25:FA:37:95:9A:62:DD:56:1E:2F:26:91:EE
            X509v3 Authority Key Identifier:
                keyid:40:CC:81:FF:82:CE:D6:1A:EF:84:76:AC:E7:A0:E8:18:BB:AE:8F:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QMyB_4LO1hrvhHas56DoGLuuj8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/zmZGG04X6iX6N5WaYt1WHi8mke4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/QMyB_4LO1hrvhHas56DoGLuuj8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5000::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:66:54:0f:8b:b2:30:5e:5c:d8:b5:22:32:15:d7:20:a8:86:
         de:25:30:c1:bc:04:3a:c7:31:5a:a2:3d:1f:02:e7:0e:c9:f2:
         73:b4:c4:32:20:d8:d5:29:15:23:ef:d7:5c:84:06:ba:fe:ad:
         d6:9a:89:0d:3c:61:e1:3c:af:3b:4e:60:f4:55:bd:28:04:59:
         d4:5e:1b:c2:c9:ce:2f:37:a2:b8:7c:b3:56:ce:ae:9f:61:b1:
         bd:d7:55:ea:ef:fb:c3:7d:a7:cd:38:db:7e:e0:5e:18:23:9f:
         af:c0:55:0f:8f:b7:13:ed:0b:8e:ba:9b:e3:60:9a:f4:6e:a7:
         b9:8e:6e:65:66:37:3a:d7:67:18:f2:92:da:16:ea:54:fa:37:
         cc:b9:05:70:99:48:5a:a6:c7:5f:f5:a0:3d:a0:ff:f6:62:cd:
         23:ea:32:7d:5a:7a:81:8c:fc:e2:cd:1f:16:a1:f6:95:9e:04:
         b1:94:3c:b1:97:4b:0c:0f:fd:e1:30:a6:6d:0f:f1:b2:4a:a8:
         69:b6:87:06:80:12:1b:12:2b:76:cf:2b:de:b8:5f:1e:b3:79:
         3c:cf:46:18:2d:89:8c:97:07:ca:d1:78:30:ec:25:30:1d:cc:
         77:2d:24:ef:46:4b:d2:98:16:75:76:86:6a:3d:f2:ba:1d:19:
         33:05:e5:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZAjxy9ILWXd1u/fK0zYm4VxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwY2M4MWZmODJjZWQ2MWFlZjg0NzZhY2U3YTBlODE4YmJh
ZThmYzQwHhcNMjQwNjE3MDExOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTY2NDYxYjRlMTdlYTI1ZmEzNzk1OWE2MmRkNTYxZTJmMjY5MWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjjsBf7Qol2yzxTMcqKXNBcZxV5t
XsLa4jJs1onMbCnuInygb/vYF2oAdU84JZfjthM1yueIVomql9lFVlUMIYddTYjT
AeV5Qrp6bExE3pzU14bltYtQGIsRoIBw1zs+c7J3urSax+Ecs2VDho2iCp4Z+ygt
b2ovb8FzV7Z8JfFJ61G1Mh+DLwTfvhKj5tRStKwWdOdPl/UwqDO0oNNEEbWkm/62
iYcDX5H75j/MTS2+zMZ0T3Tk/XlcTkozqEtSP1ogsFY79emlRmymoSBppKDKb2V3
dNkJth9jqMobOHIZD1U8Z0+QqSO0MBkj7HE/gA+RLoImly7lKPAbnQ3bxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM5mRhtOF+ol+jeVmmLdVh4vJpHuMB8GA1UdIwQY
MBaAFEDMgf+CztYa74R2rOeg6Bi7ro/EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU15Ql80TE8xaHJ2aEhhczU2RG9HTHV1ajhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZTFmNTMtYjY3NC00MGU4LThiYjgt
ZGI1ZDg5ZThhMTdjLzEvem1aR0cwNFg2aVg2TjVXYVl0MVdIaThta2U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZTFmNTMtYjY3NC00MGU4LThiYjgtZGI1ZDg5ZThhMTdj
LzEvUU15Ql80TE8xaHJ2aEhhczU2RG9HTHV1ajhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNQADAN
BgkqhkiG9w0BAQsFAAOCAQEARmZUD4uyMF5c2LUiMhXXIKiG3iUwwbwEOscxWqI9
HwLnDsnyc7TEMiDY1SkVI+/XXIQGuv6t1pqJDTxh4TyvO05g9FW9KARZ1F4bwsnO
LzeiuHyzVs6un2GxvddV6u/7w32nzTjbfuBeGCOfr8BVD4+3E+0Ljrqb42Ca9G6n
uY5uZWY3OtdnGPKS2hbqVPo3zLkFcJlIWqbHX/WgPaD/9mLNI+oyfVp6gYz84s0f
FqH2lZ4EsZQ8sZdLDA/94TCmbQ/xskqoabaHBoASGxIrds8r3rhfHrN5PM9GGC2J
jJcHytF4MOwlMB3Mdy0k70ZL0pgWdXaGaj3yuh0ZMwXlcQ==
-----END CERTIFICATE-----