Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/cy-yQy1ppYJYkXv9M8NSQAnRDQ8.roa
File:                     cy-yQy1ppYJYkXv9M8NSQAnRDQ8.roa (raw, json)
Hash identifier:          F1k2uyOLmuMWrJGz3JWqRK0etDU2O+s3WDacKofmB2A=
Subject key identifier:   73:2F:B2:43:2D:69:A5:82:58:91:7B:FD:33:C3:52:40:09:D1:0D:0F
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0193371AE651CFB0CE729D28F930F84DA9EA
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/cy-yQy1ppYJYkXv9M8NSQAnRDQ8.roa
Signing time:             Sat 16 Nov 2024 22:32:09 +0000
ROA not before:           Sat 16 Nov 2024 22:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a13:8000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:37:1a:e6:51:cf:b0:ce:72:9d:28:f9:30:f8:4d:a9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Nov 16 22:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=732fb2432d69a58258917bfd33c3524009d10d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:55:19:27:a3:8e:8c:61:bf:fb:b3:93:ae:43:
                    95:c7:4b:96:90:59:08:26:43:e4:8c:c5:c0:13:d6:
                    06:ae:fc:0c:85:45:e5:5a:cc:31:24:00:28:59:6f:
                    99:b0:87:99:75:55:10:f5:0e:89:e3:57:06:5f:30:
                    09:b4:e6:9c:45:d1:95:2a:bc:5b:2e:a1:52:63:33:
                    b0:8c:77:b4:91:ce:2f:14:b4:10:b7:e5:12:fa:a5:
                    6e:7b:e1:0d:77:d9:5b:36:62:ae:d5:a0:56:15:7a:
                    90:88:94:5d:58:9d:ae:5e:e0:29:da:e8:69:6b:48:
                    aa:10:75:46:ec:ad:0f:66:d6:0e:d0:ff:40:61:c9:
                    73:cb:8d:23:8c:3e:e2:7e:e9:ce:23:3e:7f:a2:45:
                    42:c4:29:de:ec:c6:b4:fd:aa:2b:0c:1c:2a:eb:05:
                    a2:b8:5f:6d:84:43:74:0a:52:22:4c:5e:60:74:ba:
                    51:5a:7a:c9:95:09:2f:b6:54:9a:24:b3:2a:48:64:
                    ac:84:6d:eb:dd:2e:da:ba:c4:7e:de:58:ce:20:32:
                    8a:da:70:47:b4:51:43:24:48:b3:3a:5a:11:fe:9f:
                    f6:a0:1e:e5:fc:38:49:0f:68:48:17:61:2a:c5:d5:
                    61:07:20:c3:7b:e9:24:bf:c1:ba:cb:10:ab:2b:c4:
                    ac:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:2F:B2:43:2D:69:A5:82:58:91:7B:FD:33:C3:52:40:09:D1:0D:0F
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/cy-yQy1ppYJYkXv9M8NSQAnRDQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8000::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:38:8d:19:0b:8d:e1:85:18:b8:f5:c1:a1:89:fe:15:e1:ca:
         fd:39:fe:17:1e:e3:79:71:e5:fd:a0:7e:ba:da:5c:8c:3d:9a:
         5d:d6:39:49:05:f6:04:da:6b:f2:ee:70:aa:54:d9:b0:f0:f4:
         0e:70:20:f6:4d:80:27:e5:a0:59:61:64:ab:fe:c8:d5:1e:b2:
         45:87:c2:9f:67:06:b7:ce:40:2f:3c:ec:c6:59:4f:fb:97:d2:
         f5:76:d1:ec:be:61:12:ae:36:3d:13:00:38:04:c3:80:45:a3:
         1c:fb:5d:8f:05:9c:8d:dd:00:81:96:6b:d9:d9:d0:d0:6c:32:
         8c:d9:64:4d:7c:9d:b3:44:41:9b:f4:51:2c:fc:23:79:e7:b5:
         b3:35:9d:b9:88:ee:67:a1:78:0b:a6:bf:64:62:a2:2e:9b:2d:
         3c:ae:f1:9e:8c:65:dd:a3:25:de:74:1a:cf:09:3e:00:2a:21:
         55:94:f5:a2:a1:91:f5:6b:03:10:1d:0d:a7:bd:e9:fe:42:76:
         c3:48:cd:da:7b:97:63:67:8d:23:00:9b:58:44:f5:53:11:c1:
         63:74:c1:6c:c1:17:ba:32:56:c4:d8:98:48:63:38:e1:8f:cd:
         e9:09:ea:3f:aa:97:95:75:dc:d9:39:85:9f:0a:fd:3a:bc:51:
         0f:44:15:d2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZM3GuZRz7DOcp0o+TD4TanqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQxMTE2MjIzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzJmYjI0MzJkNjlhNTgyNTg5MTdiZmQzM2MzNTI0MDA5ZDEwZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFUZJ6OOjGG/+7OTrkOVx0uWkFkI
JkPkjMXAE9YGrvwMhUXlWswxJAAoWW+ZsIeZdVUQ9Q6J41cGXzAJtOacRdGVKrxb
LqFSYzOwjHe0kc4vFLQQt+US+qVue+ENd9lbNmKu1aBWFXqQiJRdWJ2uXuAp2uhp
a0iqEHVG7K0PZtYO0P9AYclzy40jjD7ifunOIz5/okVCxCne7Ma0/aorDBwq6wWi
uF9thEN0ClIiTF5gdLpRWnrJlQkvtlSaJLMqSGSshG3r3S7ausR+3ljOIDKK2nBH
tFFDJEizOloR/p/2oB7l/DhJD2hIF2EqxdVhByDDe+kkv8G6yxCrK8SsjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHMvskMtaaWCWJF7/TPDUkAJ0Q0PMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvY3kteVF5MXBwWUpZa1h2OU04TlNRQW5SRFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOAADAN
BgkqhkiG9w0BAQsFAAOCAQEAMDiNGQuN4YUYuPXBoYn+FeHK/Tn+Fx7jeXHl/aB+
utpcjD2aXdY5SQX2BNpr8u5wqlTZsPD0DnAg9k2AJ+WgWWFkq/7I1R6yRYfCn2cG
t85ALzzsxllP+5fS9XbR7L5hEq42PRMAOATDgEWjHPtdjwWcjd0AgZZr2dnQ0Gwy
jNlkTXyds0RBm/RRLPwjeee1szWduYjuZ6F4C6a/ZGKiLpstPK7xnoxl3aMl3nQa
zwk+ACohVZT1oqGR9WsDEB0Np73p/kJ2w0jN2nuXY2eNIwCbWET1UxHBY3TBbMEX
ujJWxNiYSGM44Y/N6QnqP6qXlXXc2TmFnwr9OrxRD0QV0g==
-----END CERTIFICATE-----