Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/vZhwfFLIW4ov7mMnQu29uOfbLKc.roa
File:                     vZhwfFLIW4ov7mMnQu29uOfbLKc.roa (raw, json)
Hash identifier:          BxFAH96SpkWhXQw0RfHvgFG3oqj/ff48gV92Z8lSs94=
Subject key identifier:   BD:98:70:7C:52:C8:5B:8A:2F:EE:63:27:42:ED:BD:B8:E7:DB:2C:A7
Certificate issuer:       /CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
Certificate serial:       018CC500F5F6D0276B733B6BC96014F78817
Authority key identifier: 8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/vZhwfFLIW4ov7mMnQu29uOfbLKc.roa
Signing time:             Mon 01 Jan 2024 12:30:23 +0000
ROA not before:           Mon 01 Jan 2024 12:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a13:a286:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f5:f6:d0:27:6b:73:3b:6b:c9:60:14:f7:88:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
        Validity
            Not Before: Jan  1 12:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd98707c52c85b8a2fee632742edbdb8e7db2ca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6d:53:a9:e7:b5:ff:d2:97:14:e3:95:4c:bf:
                    79:c9:dc:cc:26:f3:a9:0c:d3:1f:ca:c8:af:2f:3b:
                    48:12:bc:89:5b:ab:fd:72:4a:33:54:4b:22:f9:42:
                    b6:b8:be:92:3e:41:97:20:c5:16:8f:4b:43:ce:a5:
                    77:96:15:22:f9:65:1c:b2:f4:35:02:1b:ba:8b:87:
                    6d:f1:b1:f5:6a:e7:94:13:ba:34:bd:e8:98:af:8f:
                    13:39:bc:dd:78:20:ea:78:44:53:28:16:42:f8:e8:
                    13:d4:6c:a0:04:11:44:e3:8f:c4:83:cb:93:e7:56:
                    73:9e:5d:0d:7a:60:fa:56:47:b1:78:77:8d:2a:1f:
                    c9:ea:05:f2:67:e3:cf:d9:dc:8c:38:dd:4b:16:f6:
                    da:05:25:ca:84:97:71:b5:d0:9d:30:88:5d:62:17:
                    95:73:3c:01:59:94:6f:fc:2b:d7:28:22:f7:b9:95:
                    d9:39:63:60:84:ce:5b:6e:61:52:67:bb:4b:4a:b6:
                    4e:6a:4c:4e:14:d8:22:50:27:44:d5:b2:d2:06:f2:
                    db:07:0e:7f:38:72:d9:dd:d6:76:a4:c9:66:2f:17:
                    72:f7:e3:67:1c:0e:79:2c:d9:4e:e0:8b:50:8d:ab:
                    04:60:85:d1:72:74:e0:cf:38:05:ce:4d:3e:f6:f7:
                    e4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:98:70:7C:52:C8:5B:8A:2F:EE:63:27:42:ED:BD:B8:E7:DB:2C:A7
            X509v3 Authority Key Identifier:
                keyid:8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/vZhwfFLIW4ov7mMnQu29uOfbLKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a286:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         cb:ac:79:7d:98:80:72:4e:d4:b2:2e:86:bc:96:f2:7a:ad:bc:
         bf:a1:d7:a9:56:80:d1:af:a9:52:b1:84:62:92:50:3e:05:16:
         1a:94:60:e0:23:b2:0c:5d:6b:ff:38:ba:ba:fa:08:7a:ea:85:
         44:26:5c:cf:6f:6f:07:eb:af:23:1f:01:58:5e:a2:df:ca:37:
         64:62:a3:9d:9e:ea:33:66:99:9a:18:74:d2:bf:62:3e:90:5c:
         7d:90:6b:15:3b:75:83:b6:a2:2d:6c:ec:4e:0a:32:65:8e:14:
         c4:2a:23:ac:d7:81:b6:1e:90:96:32:41:b5:50:22:36:1c:5a:
         f3:5c:a9:af:7b:4b:8c:41:56:1c:10:d7:65:4d:99:75:96:b3:
         83:93:58:2d:73:af:b6:95:5d:3a:13:64:64:b3:87:08:a0:5d:
         7c:f0:7d:7b:8e:03:b9:9a:70:2a:6f:22:f5:dc:39:1a:32:55:
         e4:ac:e1:13:de:c8:91:6d:b5:50:9a:16:cf:28:4d:01:6f:73:
         89:9d:c9:00:36:17:7e:b7:f5:3c:7e:13:23:0c:25:73:aa:cc:
         84:08:72:12:9c:c8:37:f3:9b:6a:76:a9:c2:c9:fe:c7:73:85:
         f2:fa:a2:2d:f1:02:ae:e9:ad:05:f9:39:a6:a5:b7:02:fc:c3:
         fd:6b:f9:13
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFAPX20CdrcztryWAU94gXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMDZmNWE3MzE0YjJmOTY2YjI0ZmM1MzE1NWNlN2JmNjA0
YzA3YTYwHhcNMjQwMTAxMTIzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDk4NzA3YzUyYzg1YjhhMmZlZTYzMjc0MmVkYmRiOGU3ZGIyY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG1Tqee1/9KXFOOVTL95ydzMJvOp
DNMfysivLztIEryJW6v9ckozVEsi+UK2uL6SPkGXIMUWj0tDzqV3lhUi+WUcsvQ1
Ahu6i4dt8bH1aueUE7o0veiYr48TObzdeCDqeERTKBZC+OgT1GygBBFE44/Eg8uT
51Zznl0NemD6VkexeHeNKh/J6gXyZ+PP2dyMON1LFvbaBSXKhJdxtdCdMIhdYheV
czwBWZRv/CvXKCL3uZXZOWNghM5bbmFSZ7tLSrZOakxOFNgiUCdE1bLSBvLbBw5/
OHLZ3dZ2pMlmLxdy9+NnHA55LNlO4ItQjasEYIXRcnTgzzgFzk0+9vfkDwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL2YcHxSyFuKL+5jJ0Ltvbjn2yynMB8GA1UdIwQY
MBaAFI4G9acxSy+WayT8UxVc579gTAemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEt
YjQ3NDk3MGVjYTY2LzEvdlpod2ZGTElXNG92N21NblF1Mjl1T2ZiTEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEtYjQ3NDk3MGVjYTY2
LzEvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhOihoAw
DQYJKoZIhvcNAQELBQADggEBAMuseX2YgHJO1LIuhryW8nqtvL+h16lWgNGvqVKx
hGKSUD4FFhqUYOAjsgxda/84urr6CHrqhUQmXM9vbwfrryMfAVheot/KN2Rio52e
6jNmmZoYdNK/Yj6QXH2QaxU7dYO2oi1s7E4KMmWOFMQqI6zXgbYekJYyQbVQIjYc
WvNcqa97S4xBVhwQ12VNmXWWs4OTWC1zr7aVXToTZGSzhwigXXzwfXuOA7macCpv
IvXcORoyVeSs4RPeyJFttVCaFs8oTQFvc4mdyQA2F3639Tx+EyMMJXOqzIQIchKc
yDfzm2p2qcLJ/sdzhfL6oi3xAq7prQX5OaaltwL8w/1r+RM=
-----END CERTIFICATE-----