Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/mMbX9a7F3PDeET-jlq7mupmHLtc.roa
File:                     mMbX9a7F3PDeET-jlq7mupmHLtc.roa (raw, json)
Hash identifier:          K+cR4Ra7OKtyo/Zq8GfOGdmX7r2FSSdJN2yfoI1zb5s=
Subject key identifier:   98:C6:D7:F5:AE:C5:DC:F0:DE:11:3F:A3:96:AE:E6:BA:99:87:2E:D7
Certificate issuer:       /CN=cff5dc76eb6f814ed601568fdd2c8110edef8c17
Certificate serial:       018EA876A4E83C710A55E3E1C77353C215DD
Authority key identifier: CF:F5:DC:76:EB:6F:81:4E:D6:01:56:8F:DD:2C:81:10:ED:EF:8C:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/mMbX9a7F3PDeET-jlq7mupmHLtc.roa
Signing time:             Thu 04 Apr 2024 09:35:31 +0000
ROA not before:           Thu 04 Apr 2024 09:35:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215184
IP address blocks:        2a13:82c3::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/z_XcdutvgU7WAVaP3SyBEO3vjBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/z_XcdutvgU7WAVaP3SyBEO3vjBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:76:a4:e8:3c:71:0a:55:e3:e1:c7:73:53:c2:15:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cff5dc76eb6f814ed601568fdd2c8110edef8c17
        Validity
            Not Before: Apr  4 09:35:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98c6d7f5aec5dcf0de113fa396aee6ba99872ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:77:45:2a:29:3e:02:ab:d1:dd:a5:03:e3:41:
                    67:2c:16:1f:a5:29:06:ac:a0:b3:d6:61:77:0a:79:
                    9b:5c:0e:5c:74:81:77:b4:bc:4e:25:c2:89:f3:c9:
                    c0:59:a8:34:04:d8:09:0b:b3:fd:5a:13:7d:d4:b9:
                    d8:ad:08:ef:9b:85:b0:eb:81:1e:40:b7:4d:5a:85:
                    f3:3c:a8:24:06:a6:99:28:4e:90:78:23:61:55:99:
                    68:1d:bd:d8:8d:50:91:69:ef:16:63:48:29:55:80:
                    3b:b6:2d:ec:ac:11:b2:d5:fd:e6:0a:08:35:b3:54:
                    7c:44:f3:8f:c3:7e:96:0d:31:6b:7e:23:c2:58:6f:
                    2e:00:f3:0f:b0:95:48:e0:41:8a:89:f8:f3:6b:4e:
                    eb:b8:12:20:ca:88:97:57:e8:bd:bb:24:85:6c:66:
                    e1:87:be:2f:01:ae:97:b1:dd:56:43:d8:07:b7:a9:
                    d0:a7:ec:24:b4:7c:ac:da:0b:ab:40:14:b8:ce:3a:
                    af:09:64:a5:5a:22:4f:eb:6a:9c:f9:24:6d:b3:95:
                    2e:44:d9:6b:19:ad:dd:b1:a9:96:50:de:f3:cd:ea:
                    e8:a8:88:14:59:5c:a8:cc:4b:2e:59:98:0f:15:af:
                    a1:c6:6e:73:a2:61:47:cb:98:31:3d:6b:b9:ed:5b:
                    de:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C6:D7:F5:AE:C5:DC:F0:DE:11:3F:A3:96:AE:E6:BA:99:87:2E:D7
            X509v3 Authority Key Identifier:
                keyid:CF:F5:DC:76:EB:6F:81:4E:D6:01:56:8F:DD:2C:81:10:ED:EF:8C:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/mMbX9a7F3PDeET-jlq7mupmHLtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/z_XcdutvgU7WAVaP3SyBEO3vjBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:82c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         c2:eb:4d:95:e9:b9:eb:72:fd:6a:9d:ed:98:2a:01:e4:7d:a7:
         85:83:52:e8:b5:99:79:92:42:24:d7:bc:a0:84:61:6f:16:94:
         5f:08:59:b1:e3:52:ec:21:de:97:1e:6d:9d:8b:a9:f6:97:a4:
         e4:f5:b9:95:36:6e:84:66:46:26:d3:d4:51:da:e9:1b:2a:27:
         25:f6:95:ac:92:05:bf:57:2e:52:75:ca:fa:01:72:b9:ef:8f:
         77:d0:03:2e:e3:94:49:48:92:70:66:81:2c:58:7e:2a:6e:ef:
         0f:f9:88:3a:6a:18:52:69:4b:c6:87:e0:9a:a0:e5:9e:19:25:
         2f:28:5d:e1:3a:04:3c:18:1f:6a:22:81:05:4c:99:48:7c:60:
         e4:a4:f7:7e:da:74:76:dd:fa:8e:34:17:ea:68:d7:86:16:87:
         06:d0:14:0f:de:7a:48:45:d8:a5:16:29:38:c5:85:b3:3d:bf:
         10:86:e3:f7:71:5a:9a:11:6b:e2:79:14:4b:29:18:d8:23:ff:
         da:98:ce:f2:e8:a4:a9:65:67:b0:37:60:36:5f:65:c6:de:c7:
         fc:9e:59:c9:85:5b:84:0c:e8:3f:ba:bb:29:00:63:f5:40:b9:
         35:92:ac:f4:69:79:97:4d:26:f9:98:4c:36:c4:bd:5e:75:c2:
         54:65:76:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6odqToPHEKVePhx3NTwhXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZjVkYzc2ZWI2ZjgxNGVkNjAxNTY4ZmRkMmM4MTEwZWRl
ZjhjMTcwHhcNMjQwNDA0MDkzNTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGM2ZDdmNWFlYzVkY2YwZGUxMTNmYTM5NmFlZTZiYTk5ODcyZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXdFKik+AqvR3aUD40FnLBYfpSkG
rKCz1mF3CnmbXA5cdIF3tLxOJcKJ88nAWag0BNgJC7P9WhN91LnYrQjvm4Ww64Ee
QLdNWoXzPKgkBqaZKE6QeCNhVZloHb3YjVCRae8WY0gpVYA7ti3srBGy1f3mCgg1
s1R8RPOPw36WDTFrfiPCWG8uAPMPsJVI4EGKifjza07ruBIgyoiXV+i9uySFbGbh
h74vAa6Xsd1WQ9gHt6nQp+wktHys2gurQBS4zjqvCWSlWiJP62qc+SRts5UuRNlr
Ga3dsamWUN7zzeroqIgUWVyozEsuWZgPFa+hxm5zomFHy5gxPWu57Vve9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJjG1/Wuxdzw3hE/o5au5rqZhy7XMB8GA1UdIwQY
MBaAFM/13Hbrb4FO1gFWj90sgRDt74wXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvel9YY2R1dHZnVTdXQVZhUDNTeUJFTzN2akJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny84YzBjMDAtNWZjZS00NWNiLWJiYjct
MDFkOWU5ZDMxOTQzLzEvbU1iWDlhN0YzUERlRVQtamxxN211cG1ITHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny84YzBjMDAtNWZjZS00NWNiLWJiYjctMDFkOWU5ZDMxOTQz
LzEvel9YY2R1dHZnVTdXQVZhUDNTeUJFTzN2akJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOCwzAN
BgkqhkiG9w0BAQsFAAOCAQEAwutNlem563L9ap3tmCoB5H2nhYNS6LWZeZJCJNe8
oIRhbxaUXwhZseNS7CHelx5tnYup9pek5PW5lTZuhGZGJtPUUdrpGyonJfaVrJIF
v1cuUnXK+gFyue+Pd9ADLuOUSUiScGaBLFh+Km7vD/mIOmoYUmlLxofgmqDlnhkl
Lyhd4ToEPBgfaiKBBUyZSHxg5KT3ftp0dt36jjQX6mjXhhaHBtAUD956SEXYpRYp
OMWFsz2/EIbj93FamhFr4nkUSykY2CP/2pjO8uikqWVnsDdgNl9lxt7H/J5ZyYVb
hAzoP7q7KQBj9UC5NZKs9Gl5l00m+ZhMNsS9XnXCVGV2iA==
-----END CERTIFICATE-----