Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/tGF0KepWs_QQSq5Gqg3jdlf7Wg4.roa
File:                     tGF0KepWs_QQSq5Gqg3jdlf7Wg4.roa (raw, json)
Hash identifier:          TESttPZc3JvCUN0ojsF44ZWR9WcYNw/S3gDe81zvl7M=
Subject key identifier:   B4:61:74:29:EA:56:B3:F4:10:4A:AE:46:AA:0D:E3:76:57:FB:5A:0E
Certificate issuer:       /CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
Certificate serial:       01942067CA6B5D6C5EC715C0E5E547AA81DE
Authority key identifier: 8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/tGF0KepWs_QQSq5Gqg3jdlf7Wg4.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199614
IP address blocks:        2a13:a280::/29 maxlen: 29
                          2a13:a280::/33 maxlen: 33
                          2a13:a280:8000::/33 maxlen: 33
                          2a13:a281::/33 maxlen: 33
                          2a13:a281:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ca:6b:5d:6c:5e:c7:15:c0:e5:e5:47:aa:81:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4617429ea56b3f4104aae46aa0de37657fb5a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bd:87:b2:08:0d:42:75:7d:ff:d0:38:55:1d:
                    4c:2f:9a:cb:7e:f5:0c:50:67:f8:ef:50:0d:e6:df:
                    54:c6:9f:b6:81:1b:10:1d:80:28:24:f1:1a:1b:e6:
                    a4:e5:9e:b2:f9:d1:b4:8b:dc:48:6c:cf:40:85:87:
                    f5:d0:1d:a9:32:a8:bd:29:37:58:d4:91:e9:29:29:
                    46:bd:24:81:df:9c:fe:50:3b:37:50:e7:82:1d:38:
                    33:3d:b3:fb:43:62:89:ff:e8:a4:73:34:10:02:05:
                    0f:74:6f:ca:83:44:c2:bc:c2:1d:7c:3d:6d:f3:88:
                    c1:3e:7c:73:15:50:c7:ef:1d:d1:2b:d1:81:c7:9f:
                    75:dd:04:66:47:fb:4e:d2:a1:b6:37:57:a3:e9:29:
                    fd:f4:dd:3d:ca:7e:47:b9:15:ff:49:34:b5:ed:7f:
                    88:49:36:9c:9a:dc:dc:ef:7e:7c:5e:44:64:1c:f8:
                    de:d4:fb:ac:ec:4d:8f:6e:6e:12:4a:d0:a0:ca:99:
                    9f:35:0f:92:77:36:99:dc:7c:96:5d:7f:f1:af:22:
                    4e:f2:af:d5:05:09:4b:96:a8:7d:2a:01:a7:43:bd:
                    ab:07:89:fe:82:30:ba:40:b1:81:b6:3e:4c:94:28:
                    ab:2f:29:44:fc:9b:e7:da:9b:e9:de:96:61:4d:82:
                    80:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:61:74:29:EA:56:B3:F4:10:4A:AE:46:AA:0D:E3:76:57:FB:5A:0E
            X509v3 Authority Key Identifier:
                keyid:8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/tGF0KepWs_QQSq5Gqg3jdlf7Wg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a280::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:42:74:f0:71:22:53:73:be:ad:28:5e:c0:53:d5:ea:08:a5:
         84:4d:03:61:1c:d3:ba:d3:de:67:ce:54:98:77:df:39:65:9d:
         18:09:71:50:23:9f:dc:46:7d:46:4b:bc:bd:68:ae:da:6c:c0:
         84:0f:b4:10:c4:d6:1d:87:b6:d5:bb:b2:93:ce:ee:91:25:94:
         8e:5d:47:5e:e1:fa:1b:d1:ec:1a:b6:ad:44:d6:2a:5e:b1:9a:
         1c:03:3a:05:3b:d6:a7:3a:99:35:35:bc:a5:71:e9:f7:53:f6:
         02:3d:5b:46:7c:05:8e:3c:4a:bc:93:24:ff:5e:25:ee:e6:75:
         b4:0d:ea:92:3f:68:c1:66:58:58:d9:08:37:d8:cb:94:b8:fb:
         4b:6b:41:bd:6b:4b:00:cd:f2:0e:f5:82:d8:2a:a2:a1:08:90:
         12:43:27:8e:89:8b:ad:79:25:dc:a9:f1:82:77:f6:72:36:01:
         73:d2:a4:d8:c5:6e:2e:d2:a5:a0:d8:94:70:b2:ff:1f:a8:45:
         bf:64:03:66:19:92:83:8f:eb:6b:53:f2:28:1d:f3:e5:3f:b0:
         71:cb:e3:e9:66:42:86:41:28:b6:b5:21:96:c4:c5:b2:fb:31:
         b5:d8:5f:2c:95:8f:0d:95:5c:a5:ab:25:2f:c6:57:da:18:bb:
         bd:1b:23:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgZ8prXWxexxXA5eVHqoHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMDZmNWE3MzE0YjJmOTY2YjI0ZmM1MzE1NWNlN2JmNjA0
YzA3YTYwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDYxNzQyOWVhNTZiM2Y0MTA0YWFlNDZhYTBkZTM3NjU3ZmI1YTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb2HsggNQnV9/9A4VR1ML5rLfvUM
UGf471AN5t9Uxp+2gRsQHYAoJPEaG+ak5Z6y+dG0i9xIbM9AhYf10B2pMqi9KTdY
1JHpKSlGvSSB35z+UDs3UOeCHTgzPbP7Q2KJ/+ikczQQAgUPdG/Kg0TCvMIdfD1t
84jBPnxzFVDH7x3RK9GBx5913QRmR/tO0qG2N1ej6Sn99N09yn5HuRX/STS17X+I
STacmtzc7358XkRkHPje1Pus7E2Pbm4SStCgypmfNQ+SdzaZ3HyWXX/xryJO8q/V
BQlLlqh9KgGnQ72rB4n+gjC6QLGBtj5MlCirLylE/Jvn2pvp3pZhTYKARwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLRhdCnqVrP0EEquRqoN43ZX+1oOMB8GA1UdIwQY
MBaAFI4G9acxSy+WayT8UxVc579gTAemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEt
YjQ3NDk3MGVjYTY2LzEvdEdGMEtlcFdzX1FRU3E1R3FnM2pkbGY3V2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEtYjQ3NDk3MGVjYTY2
LzEvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOigDAN
BgkqhkiG9w0BAQsFAAOCAQEAJEJ08HEiU3O+rShewFPV6gilhE0DYRzTutPeZ85U
mHffOWWdGAlxUCOf3EZ9Rku8vWiu2mzAhA+0EMTWHYe21buyk87ukSWUjl1HXuH6
G9HsGratRNYqXrGaHAM6BTvWpzqZNTW8pXHp91P2Aj1bRnwFjjxKvJMk/14l7uZ1
tA3qkj9owWZYWNkIN9jLlLj7S2tBvWtLAM3yDvWC2CqioQiQEkMnjomLrXkl3Knx
gnf2cjYBc9Kk2MVuLtKloNiUcLL/H6hFv2QDZhmSg4/ra1PyKB3z5T+wccvj6WZC
hkEotrUhlsTFsvsxtdhfLJWPDZVcpaslL8ZX2hi7vRsj7w==
-----END CERTIFICATE-----