Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/xzTWRGBZUqJe71WzlNjbK22Xz9Y.roa
File:                     xzTWRGBZUqJe71WzlNjbK22Xz9Y.roa (raw, json)
Hash identifier:          2JJAzYqugQ9anH7n5tEYQ2DUBm7VjxL7KrxKSjDCUPw=
Subject key identifier:   C7:34:D6:44:60:59:52:A2:5E:EF:55:B3:94:D8:DB:2B:6D:97:CF:D6
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       018E0D3379D64BE005E07459E004FC50F532
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/xzTWRGBZUqJe71WzlNjbK22Xz9Y.roa
Signing time:             Tue 05 Mar 2024 06:01:01 +0000
ROA not before:           Tue 05 Mar 2024 06:01:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200216
IP address blocks:        2a13:b640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:33:79:d6:4b:e0:05:e0:74:59:e0:04:fc:50:f5:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Mar  5 06:01:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c734d644605952a25eef55b394d8db2b6d97cfd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cd:c0:ac:e0:6c:17:e3:88:a0:97:77:4a:99:
                    e0:a6:18:68:03:f0:94:d6:52:8e:e2:ed:a6:cb:ad:
                    35:9b:6f:fc:4a:c7:2b:46:4f:84:e5:3a:c2:24:22:
                    75:a9:5f:07:2b:98:5f:a1:d8:68:10:87:8b:78:33:
                    d4:f7:5f:3f:41:68:ae:68:2c:d8:12:6a:ad:f0:fc:
                    d7:a6:66:38:0b:83:a8:d1:28:b9:08:98:15:2f:3d:
                    9f:1f:f8:32:0b:ef:86:7c:e9:8c:89:5e:f8:22:4d:
                    17:7c:8b:9f:43:6e:61:6a:17:ad:89:cb:72:37:95:
                    d3:9f:aa:6f:db:fb:e3:b7:55:a1:ea:40:28:58:1f:
                    32:3b:0d:38:83:39:ae:e5:8a:c9:e8:3c:12:b7:3e:
                    1e:0d:58:c6:51:75:59:81:d8:e2:ff:a5:94:f3:63:
                    74:52:dc:06:fc:7b:80:b5:4b:15:b1:d1:43:87:85:
                    06:95:ee:52:71:a0:2b:32:58:a9:99:87:6b:2e:d4:
                    96:e0:3d:1c:09:8e:72:49:f6:62:2e:aa:1e:2f:3a:
                    80:be:d5:95:68:aa:09:d4:1a:34:fd:02:ec:4a:a1:
                    a9:32:1d:04:0e:2a:ce:85:78:1b:25:64:49:65:84:
                    1e:4a:a2:e7:6b:51:ab:b4:77:69:99:4d:a5:81:bd:
                    53:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:34:D6:44:60:59:52:A2:5E:EF:55:B3:94:D8:DB:2B:6D:97:CF:D6
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/xzTWRGBZUqJe71WzlNjbK22Xz9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b640::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:a4:fd:fa:47:3a:1f:48:74:8b:9d:01:08:ba:9e:95:d0:54:
         ab:51:f1:20:99:c1:d6:1a:66:66:fe:c8:24:64:0a:96:b4:c7:
         10:c2:6e:90:d2:ed:f8:db:77:90:e3:cf:65:96:e6:9d:f9:86:
         5d:6a:78:94:9a:65:a6:66:4c:74:22:de:dd:0c:1c:c1:28:a2:
         b7:06:27:c0:fd:4b:25:b5:75:b4:a0:b7:81:b8:96:d9:47:7d:
         3c:67:22:08:5a:97:b7:82:d9:ed:6a:15:62:7e:02:a9:88:9d:
         b7:5f:56:a2:26:f5:8f:41:a3:bf:41:01:a6:89:8b:3f:6f:b0:
         13:96:c2:20:bd:6e:cd:1b:ad:54:2c:f6:7e:f7:f9:12:95:ac:
         cd:08:0d:96:91:6e:e0:5e:92:64:02:96:51:32:6c:8f:04:16:
         d9:c5:b7:95:7c:83:a9:f1:86:c5:bb:fc:1d:6f:92:90:78:bf:
         32:e1:bb:3b:fa:f2:f9:91:5e:ee:04:b4:86:c1:63:ba:18:5c:
         3d:7f:c7:d8:df:6c:9e:c3:77:a5:5c:32:46:f6:91:ec:e4:af:
         56:d5:1b:32:8a:48:47:dd:50:92:d7:a4:8a:b4:11:83:44:d0:
         03:9d:ee:a9:e9:d9:3f:31:39:74:97:d6:ad:2e:d2:e4:67:49:
         82:92:76:b0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4NM3nWS+AF4HRZ4AT8UPUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwMzA1MDYwMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM0ZDY0NDYwNTk1MmEyNWVlZjU1YjM5NGQ4ZGIyYjZkOTdjZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM3ArOBsF+OIoJd3SpngphhoA/CU
1lKO4u2my601m2/8SscrRk+E5TrCJCJ1qV8HK5hfodhoEIeLeDPU918/QWiuaCzY
Emqt8PzXpmY4C4Oo0Si5CJgVLz2fH/gyC++GfOmMiV74Ik0XfIufQ25haheticty
N5XTn6pv2/vjt1Wh6kAoWB8yOw04gzmu5YrJ6DwStz4eDVjGUXVZgdji/6WU82N0
UtwG/HuAtUsVsdFDh4UGle5ScaArMlipmYdrLtSW4D0cCY5ySfZiLqoeLzqAvtWV
aKoJ1Bo0/QLsSqGpMh0EDirOhXgbJWRJZYQeSqLna1GrtHdpmU2lgb1THQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMc01kRgWVKiXu9Vs5TY2yttl8/WMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEveHpUV1JHQlpVcUplNzFXemxOamJLMjJYejlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO2QDAN
BgkqhkiG9w0BAQsFAAOCAQEANKT9+kc6H0h0i50BCLqeldBUq1HxIJnB1hpmZv7I
JGQKlrTHEMJukNLt+Nt3kOPPZZbmnfmGXWp4lJplpmZMdCLe3QwcwSiitwYnwP1L
JbV1tKC3gbiW2Ud9PGciCFqXt4LZ7WoVYn4CqYidt19Woib1j0Gjv0EBpomLP2+w
E5bCIL1uzRutVCz2fvf5EpWszQgNlpFu4F6SZAKWUTJsjwQW2cW3lXyDqfGGxbv8
HW+SkHi/MuG7O/ry+ZFe7gS0hsFjuhhcPX/H2N9snsN3pVwyRvaR7OSvVtUbMopI
R91QktekirQRg0TQA53uqenZPzE5dJfWrS7S5GdJgpJ2sA==
-----END CERTIFICATE-----