Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/vzhRSRT0i2gSZ5AdHjjp1u356b4.roa
File:                     vzhRSRT0i2gSZ5AdHjjp1u356b4.roa (raw, json)
Hash identifier:          smHVAf3e7QmjiK1z0yZj+Loku3oxSUrLdjmss+HVmQw=
Subject key identifier:   BF:38:51:49:14:F4:8B:68:12:67:90:1D:1E:38:E9:D6:ED:F9:E9:BE
Certificate issuer:       /CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
Certificate serial:       018CC500F6B8E4E2D932AE3322341B837F6E
Authority key identifier: 8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/vzhRSRT0i2gSZ5AdHjjp1u356b4.roa
Signing time:             Mon 01 Jan 2024 12:30:23 +0000
ROA not before:           Mon 01 Jan 2024 12:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        2a13:a280::/29 maxlen: 29
                          2a13:a280::/33 maxlen: 33
                          2a13:a280:8000::/33 maxlen: 33
                          2a13:a281::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 03:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f6:b8:e4:e2:d9:32:ae:33:22:34:1b:83:7f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
        Validity
            Not Before: Jan  1 12:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf38514914f48b681267901d1e38e9d6edf9e9be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ee:9e:c8:52:36:46:5a:61:a5:51:7b:10:4a:
                    f7:7d:96:72:98:ed:e6:df:9e:07:67:f3:4b:79:39:
                    a0:3d:be:86:ce:7e:ba:dc:61:75:7d:23:16:2b:16:
                    1d:e6:53:91:6e:c3:94:ac:9e:69:64:e0:87:3a:51:
                    08:9a:7b:a1:fa:00:f4:03:40:2c:ae:f3:78:4d:53:
                    65:30:55:83:6a:c5:c0:e0:e5:b1:c7:8a:cf:df:1d:
                    7a:32:bd:6b:f5:e0:ef:48:ed:9d:f5:15:b0:d3:40:
                    ab:d5:5e:11:8c:11:ce:02:9a:f3:71:a1:87:ea:3c:
                    b9:42:c4:b0:11:16:fb:c2:7c:ff:ad:57:5d:e1:07:
                    27:e9:9f:2a:0b:8e:04:96:7a:12:f0:9a:cd:1b:a2:
                    a5:34:5a:35:82:3c:64:df:65:9a:5c:a6:e9:dd:45:
                    b0:45:ca:b8:2a:bc:02:f0:31:81:ac:b5:1e:7a:da:
                    f6:2b:2f:b8:61:db:f6:7c:9e:5b:43:b0:d9:6e:7e:
                    5a:14:51:7c:63:ea:c9:c2:43:a9:8a:bc:17:fa:54:
                    25:07:12:ac:fa:7a:6f:29:fb:35:cf:83:11:18:5c:
                    0b:45:be:47:7f:c9:f9:22:97:7d:23:e3:19:32:f6:
                    9b:a9:72:26:4a:20:9d:c9:91:cf:ce:23:aa:0d:ff:
                    4b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:38:51:49:14:F4:8B:68:12:67:90:1D:1E:38:E9:D6:ED:F9:E9:BE
            X509v3 Authority Key Identifier:
                keyid:8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/vzhRSRT0i2gSZ5AdHjjp1u356b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a280::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:18:28:a6:23:3e:2e:2f:2d:0c:22:9c:9c:9f:d4:f8:93:9f:
         21:77:0d:8c:26:c1:fc:cd:3d:94:aa:77:5f:48:2c:20:02:53:
         ec:1e:0b:58:18:c7:39:14:4a:82:95:d7:98:34:a7:77:98:fd:
         4e:1e:8a:2d:85:34:e3:17:16:47:83:84:c1:c8:67:89:d8:1a:
         27:2c:14:08:4d:74:dd:c9:ba:b0:95:8e:b8:f0:d2:8f:fc:69:
         33:77:d7:0e:0a:26:48:e0:78:35:75:df:65:96:b6:48:a9:aa:
         a6:18:46:d1:26:ac:68:6c:f1:19:21:8f:d8:20:88:7e:58:62:
         a9:fe:eb:14:55:f2:02:10:f7:64:f7:00:7f:e3:ba:11:36:e5:
         54:03:f7:96:60:7c:2c:8d:80:cb:1d:66:e4:8f:92:7b:91:96:
         87:8f:35:98:f9:53:6c:53:c9:ae:3a:60:50:ae:1e:c1:ad:36:
         07:25:5b:13:4f:1c:72:d9:07:90:08:50:7d:d2:78:4c:58:5f:
         9b:76:b1:7a:6f:f7:81:29:97:6e:c4:03:ee:5c:e9:4b:78:20:
         fa:02:49:46:35:83:31:1d:d1:80:ad:32:2f:ab:14:d3:65:84:
         5c:51:79:0d:d6:ba:46:43:1f:35:17:7f:4e:b9:09:db:d8:e9:
         9f:24:ad:a4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAPa45OLZMq4zIjQbg39uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMDZmNWE3MzE0YjJmOTY2YjI0ZmM1MzE1NWNlN2JmNjA0
YzA3YTYwHhcNMjQwMTAxMTIzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjM4NTE0OTE0ZjQ4YjY4MTI2NzkwMWQxZTM4ZTlkNmVkZjllOWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju6eyFI2RlphpVF7EEr3fZZymO3m
354HZ/NLeTmgPb6Gzn663GF1fSMWKxYd5lORbsOUrJ5pZOCHOlEImnuh+gD0A0As
rvN4TVNlMFWDasXA4OWxx4rP3x16Mr1r9eDvSO2d9RWw00Cr1V4RjBHOAprzcaGH
6jy5QsSwERb7wnz/rVdd4Qcn6Z8qC44ElnoS8JrNG6KlNFo1gjxk32WaXKbp3UWw
Rcq4KrwC8DGBrLUeetr2Ky+4Ydv2fJ5bQ7DZbn5aFFF8Y+rJwkOpirwX+lQlBxKs
+npvKfs1z4MRGFwLRb5Hf8n5Ipd9I+MZMvabqXImSiCdyZHPziOqDf9LaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL84UUkU9ItoEmeQHR446dbt+em+MB8GA1UdIwQY
MBaAFI4G9acxSy+WayT8UxVc579gTAemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEt
YjQ3NDk3MGVjYTY2LzEvdnpoUlNSVDBpMmdTWjVBZEhqanAxdTM1NmI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEtYjQ3NDk3MGVjYTY2
LzEvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOigDAN
BgkqhkiG9w0BAQsFAAOCAQEAiRgopiM+Li8tDCKcnJ/U+JOfIXcNjCbB/M09lKp3
X0gsIAJT7B4LWBjHORRKgpXXmDSnd5j9Th6KLYU04xcWR4OEwchnidgaJywUCE10
3cm6sJWOuPDSj/xpM3fXDgomSOB4NXXfZZa2SKmqphhG0SasaGzxGSGP2CCIflhi
qf7rFFXyAhD3ZPcAf+O6ETblVAP3lmB8LI2Ayx1m5I+Se5GWh481mPlTbFPJrjpg
UK4ewa02ByVbE08cctkHkAhQfdJ4TFhfm3axem/3gSmXbsQD7lzpS3gg+gJJRjWD
MR3RgK0yL6sU02WEXFF5Dda6RkMfNRd/TrkJ29jpnyStpA==
-----END CERTIFICATE-----