Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/h3aQxTdPC-HgXDYrBTBm269F5T8.roa
File:                     h3aQxTdPC-HgXDYrBTBm269F5T8.roa (raw, json)
Hash identifier:          UtQOwsPBex6Y/gaOFIvyrVP3f9gv/mUhr8M/KLSeTkY=
Subject key identifier:   87:76:90:C5:37:4F:0B:E1:E0:5C:36:2B:05:30:66:DB:AF:45:E5:3F
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0192EF306E9C7AF0DE2027506226ED11241F
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/h3aQxTdPC-HgXDYrBTBm269F5T8.roa
Signing time:             Sat 02 Nov 2024 23:23:01 +0000
ROA not before:           Sat 02 Nov 2024 23:23:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213993
IP address blocks:        2a13:bfc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ef:30:6e:9c:7a:f0:de:20:27:50:62:26:ed:11:24:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Nov  2 23:23:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=877690c5374f0be1e05c362b053066dbaf45e53f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:df:2a:92:ff:d7:fb:c0:45:54:9d:e5:7c:98:
                    d5:21:2d:5b:7e:0f:93:cb:f9:8c:39:98:4e:0a:36:
                    4f:1a:27:d4:b2:a6:c7:55:72:33:fc:94:91:5e:e1:
                    1a:f7:f2:22:ea:d5:e5:49:c3:5c:5c:25:5f:47:5d:
                    ff:a0:ad:3d:16:5b:7e:f3:37:1e:c9:58:12:35:3a:
                    c0:39:34:03:a5:86:56:63:41:4c:e7:05:64:70:95:
                    64:0e:9d:4b:6f:72:ef:fe:ac:68:ff:47:a1:ca:eb:
                    c7:d7:e5:bf:cf:ee:b5:43:73:99:49:f9:ed:e7:c6:
                    f7:74:04:83:86:a5:91:12:71:2d:e0:3e:20:6d:1d:
                    f0:fd:0a:cd:fd:73:88:1c:3e:31:2f:52:21:39:3d:
                    d5:90:3c:fe:12:6c:42:95:c2:99:60:05:34:16:fd:
                    a1:84:78:fe:65:23:89:dc:7e:70:60:af:98:57:fd:
                    c8:96:11:1c:50:9b:21:cc:28:52:54:02:49:46:8b:
                    a9:ac:ae:e8:23:4a:d6:27:64:5a:e4:34:0e:9a:23:
                    2c:5d:9a:e6:f5:77:fb:0d:89:df:ed:88:fb:02:27:
                    62:28:6c:cc:b3:4b:4e:1e:17:50:1e:44:0a:35:66:
                    2f:cd:26:d1:a1:0e:e2:8c:17:30:58:7b:45:e1:84:
                    20:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:76:90:C5:37:4F:0B:E1:E0:5C:36:2B:05:30:66:DB:AF:45:E5:3F
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/h3aQxTdPC-HgXDYrBTBm269F5T8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:d8:4b:65:f1:12:49:4d:f9:b2:64:6c:bc:84:c1:66:3e:23:
         91:b9:51:c7:77:82:81:5c:2a:b3:db:ab:d3:d0:5d:89:82:51:
         1f:2b:01:7f:2f:dd:ca:a3:5b:c4:48:ff:1a:69:35:a3:17:a4:
         bc:18:ff:ef:05:f3:ee:80:f1:6c:01:54:f1:67:6e:25:4d:69:
         11:1c:47:ec:6f:d1:dd:ee:ff:c7:83:dc:b5:17:ea:f5:d4:d9:
         70:9d:9b:f9:d9:5d:93:b1:65:6e:81:69:9c:6d:91:b9:37:9d:
         58:98:dc:4a:6d:b4:e4:22:8c:0a:87:a5:62:08:06:ff:bc:60:
         6e:76:f3:c6:af:6c:4d:62:2a:23:e9:0e:69:8a:7d:7f:0e:29:
         a8:0d:83:b9:cd:a7:e9:60:79:41:54:9b:52:7e:ec:1a:af:2b:
         80:c9:3f:6e:eb:0d:2d:1b:1d:00:1b:55:4e:81:d5:3e:c8:54:
         50:8b:69:4b:91:cf:28:06:6d:7e:e1:a5:30:fb:92:53:e1:c9:
         bb:0d:fc:15:30:3d:25:ab:ec:80:11:0c:52:34:fe:95:95:5f:
         84:68:2c:67:9b:23:10:51:af:b4:7a:f8:28:32:5d:be:8b:5a:
         6d:30:a4:5c:b1:e1:8e:81:a8:7e:2a:50:62:a9:0b:76:a6:d9:
         47:b5:52:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLvMG6cevDeICdQYibtESQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQxMTAyMjMyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzc2OTBjNTM3NGYwYmUxZTA1YzM2MmIwNTMwNjZkYmFmNDVlNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN8qkv/X+8BFVJ3lfJjVIS1bfg+T
y/mMOZhOCjZPGifUsqbHVXIz/JSRXuEa9/Ii6tXlScNcXCVfR13/oK09Flt+8zce
yVgSNTrAOTQDpYZWY0FM5wVkcJVkDp1Lb3Lv/qxo/0ehyuvH1+W/z+61Q3OZSfnt
58b3dASDhqWREnEt4D4gbR3w/QrN/XOIHD4xL1IhOT3VkDz+EmxClcKZYAU0Fv2h
hHj+ZSOJ3H5wYK+YV/3IlhEcUJshzChSVAJJRouprK7oI0rWJ2Ra5DQOmiMsXZrm
9Xf7DYnf7Yj7AidiKGzMs0tOHhdQHkQKNWYvzSbRoQ7ijBcwWHtF4YQgSwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFId2kMU3Twvh4Fw2KwUwZtuvReU/MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvaDNhUXhUZFBDLUhnWERZckJUQm0yNjlGNVQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO/wDAN
BgkqhkiG9w0BAQsFAAOCAQEAcNhLZfESSU35smRsvITBZj4jkblRx3eCgVwqs9ur
09BdiYJRHysBfy/dyqNbxEj/Gmk1oxekvBj/7wXz7oDxbAFU8WduJU1pERxH7G/R
3e7/x4PctRfq9dTZcJ2b+dldk7FlboFpnG2RuTedWJjcSm205CKMCoelYggG/7xg
bnbzxq9sTWIqI+kOaYp9fw4pqA2Duc2n6WB5QVSbUn7sGq8rgMk/busNLRsdABtV
ToHVPshUUItpS5HPKAZtfuGlMPuSU+HJuw38FTA9JavsgBEMUjT+lZVfhGgsZ5sj
EFGvtHr4KDJdvotabTCkXLHhjoGofipQYqkLdqbZR7VSpg==
-----END CERTIFICATE-----