Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/ZjCGvlLkw2t_wLaqNJCYTKXL9hA.roa
File:                     ZjCGvlLkw2t_wLaqNJCYTKXL9hA.roa (raw, json)
Hash identifier:          EWl148q0OfqpWzNpfLi+VIAjAgKEcWGhe27d2VIgcDI=
Subject key identifier:   66:30:86:BE:52:E4:C3:6B:7F:C0:B6:AA:34:90:98:4C:A5:CB:F6:10
Certificate issuer:       /CN=a82a023ebdb12e971e7a8729d826a7924cf7e832
Certificate serial:       018CC500FD2C60FC0214C29265461B2DDAA1
Authority key identifier: A8:2A:02:3E:BD:B1:2E:97:1E:7A:87:29:D8:26:A7:92:4C:F7:E8:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCoCPr2xLpceeocp2Cankkz36DI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/ZjCGvlLkw2t_wLaqNJCYTKXL9hA.roa
Signing time:             Mon 01 Jan 2024 12:30:25 +0000
ROA not before:           Mon 01 Jan 2024 12:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        2a13:6200::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/qCoCPr2xLpceeocp2Cankkz36DI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/qCoCPr2xLpceeocp2Cankkz36DI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCoCPr2xLpceeocp2Cankkz36DI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 12:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fd:2c:60:fc:02:14:c2:92:65:46:1b:2d:da:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a82a023ebdb12e971e7a8729d826a7924cf7e832
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663086be52e4c36b7fc0b6aa3490984ca5cbf610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5d:d0:9d:20:50:53:c2:f1:2b:dd:d6:c9:af:
                    31:f7:32:cc:97:eb:50:c9:c4:e0:53:38:0c:8b:90:
                    ca:da:b7:1c:e9:36:3b:87:53:c0:e8:86:ab:29:ff:
                    83:72:98:86:4b:b3:df:cb:3d:3e:bd:e5:5e:d9:cd:
                    32:fb:c8:53:22:83:ea:1c:47:9f:5a:96:21:45:a2:
                    38:10:7d:73:f5:11:83:07:4c:7c:c5:86:ac:93:e3:
                    a6:36:d9:f9:77:aa:58:7c:15:ff:f9:ff:c9:dd:e6:
                    ed:c5:bc:93:fc:06:52:ac:d3:b6:71:fa:d3:0c:a1:
                    27:f2:f5:e4:e1:90:bc:b5:7f:70:b7:0b:b9:e6:b7:
                    f5:92:5f:60:24:94:36:2b:8c:5d:e6:2f:6b:08:36:
                    a5:9b:57:83:da:a7:45:47:46:5b:1e:64:e0:fb:67:
                    f1:d4:06:29:e7:5c:71:6a:c6:d0:6d:00:a3:70:97:
                    2e:e8:f0:8f:46:ea:8f:0c:28:0e:07:ae:db:51:bf:
                    3e:71:4e:ec:85:ea:3b:28:93:48:32:28:7e:86:d3:
                    bc:b6:a6:b5:aa:c2:b6:d3:c0:9c:72:7d:11:94:c1:
                    9f:09:aa:66:7b:68:ad:78:8b:c4:d4:e3:a7:44:91:
                    05:00:8c:d2:13:b8:d8:fa:13:f1:02:b1:86:b7:0a:
                    ec:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:30:86:BE:52:E4:C3:6B:7F:C0:B6:AA:34:90:98:4C:A5:CB:F6:10
            X509v3 Authority Key Identifier:
                keyid:A8:2A:02:3E:BD:B1:2E:97:1E:7A:87:29:D8:26:A7:92:4C:F7:E8:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCoCPr2xLpceeocp2Cankkz36DI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/ZjCGvlLkw2t_wLaqNJCYTKXL9hA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/qCoCPr2xLpceeocp2Cankkz36DI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6200::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:4d:ba:44:40:ae:f2:a3:12:2b:8d:53:17:10:f4:ee:ba:1a:
         41:8a:0e:b1:a8:af:c1:4c:12:d7:15:f8:73:20:66:26:ef:d9:
         44:e5:68:d0:2e:18:2d:22:9d:ef:a8:20:f4:27:df:b5:37:c7:
         af:ad:67:0f:65:5f:78:83:cc:a0:e8:bc:7c:97:b8:2d:93:f3:
         27:f8:5a:bd:56:aa:cc:e0:a5:fa:16:f4:73:ce:85:51:d8:3f:
         d8:30:12:2f:0d:6e:5a:64:91:3f:ba:d9:0f:5f:18:95:a0:c4:
         8a:c4:ad:7c:c7:f7:de:2a:56:8b:a8:60:ce:fc:5c:99:2f:e3:
         ff:73:05:a9:df:ce:a7:b2:c3:fe:41:b6:fc:5a:82:b2:72:68:
         02:73:5c:e4:b1:06:30:a5:dc:bc:69:fb:c0:ff:e8:e4:e9:7c:
         88:5a:20:27:8d:94:a5:30:bd:23:65:4f:67:73:53:f0:ca:d4:
         8b:42:cf:b2:37:de:de:2e:08:a3:14:1c:1f:8b:04:a0:de:00:
         fb:5e:0c:02:78:04:31:c8:09:49:c6:c3:5f:f3:b6:58:d3:67:
         71:b1:9c:3f:f8:37:56:30:f6:78:45:cd:79:72:a1:7e:fb:a9:
         6e:ef:91:01:4f:72:e7:74:23:99:30:30:12:00:e8:32:10:8e:
         08:62:dc:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAP0sYPwCFMKSZUYbLdqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MmEwMjNlYmRiMTJlOTcxZTdhODcyOWQ4MjZhNzkyNGNm
N2U4MzIwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjMwODZiZTUyZTRjMzZiN2ZjMGI2YWEzNDkwOTg0Y2E1Y2JmNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkl3QnSBQU8LxK93Wya8x9zLMl+tQ
ycTgUzgMi5DK2rcc6TY7h1PA6IarKf+DcpiGS7Pfyz0+veVe2c0y+8hTIoPqHEef
WpYhRaI4EH1z9RGDB0x8xYask+OmNtn5d6pYfBX/+f/J3ebtxbyT/AZSrNO2cfrT
DKEn8vXk4ZC8tX9wtwu55rf1kl9gJJQ2K4xd5i9rCDalm1eD2qdFR0ZbHmTg+2fx
1AYp51xxasbQbQCjcJcu6PCPRuqPDCgOB67bUb8+cU7sheo7KJNIMih+htO8tqa1
qsK208Cccn0RlMGfCapme2iteIvE1OOnRJEFAIzSE7jY+hPxArGGtwrsMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGYwhr5S5MNrf8C2qjSQmEyly/YQMB8GA1UdIwQY
MBaAFKgqAj69sS6XHnqHKdgmp5JM9+gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUNvQ1ByMnhMcGNlZW9jcDJDYW5ra3ozNkRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8zMTdkZGQtNjg3ZC00NThhLTlmZjUt
MjJmYzU4OGJjNjZmLzEvWmpDR3ZsTGt3MnRfd0xhcU5KQ1lUS1hMOWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8zMTdkZGQtNjg3ZC00NThhLTlmZjUtMjJmYzU4OGJjNjZm
LzEvcUNvQ1ByMnhMcGNlZW9jcDJDYW5ra3ozNkRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNiADAN
BgkqhkiG9w0BAQsFAAOCAQEAjE26RECu8qMSK41TFxD07roaQYoOsaivwUwS1xX4
cyBmJu/ZROVo0C4YLSKd76gg9CfftTfHr61nD2VfeIPMoOi8fJe4LZPzJ/havVaq
zOCl+hb0c86FUdg/2DASLw1uWmSRP7rZD18YlaDEisStfMf33ipWi6hgzvxcmS/j
/3MFqd/Op7LD/kG2/FqCsnJoAnNc5LEGMKXcvGn7wP/o5Ol8iFogJ42UpTC9I2VP
Z3NT8MrUi0LPsjfe3i4IoxQcH4sEoN4A+14MAngEMcgJScbDX/O2WNNncbGcP/g3
VjD2eEXNeXKhfvupbu+RAU9y53QjmTAwEgDoMhCOCGLcYA==
-----END CERTIFICATE-----