Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/Bwwlq6FW_ciSTIbZByXYVZU0cx0.roa
File:                     Bwwlq6FW_ciSTIbZByXYVZU0cx0.roa (raw, json)
Hash identifier:          KrY6dqhuWu0T0QFL9p1KsvbvWlb+2300oAuoKth9i1Q=
Subject key identifier:   07:0C:25:AB:A1:56:FD:C8:92:4C:86:D9:07:25:D8:55:95:34:73:1D
Certificate issuer:       /CN=e2636e02f1554f70d971a656849c01bdff138ce8
Certificate serial:       018CC86F703D9F281E2638D8E3586C7DDC6F
Authority key identifier: E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/Bwwlq6FW_ciSTIbZByXYVZU0cx0.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202827
IP address blocks:        2a13:89c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:70:3d:9f:28:1e:26:38:d8:e3:58:6c:7d:dc:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2636e02f1554f70d971a656849c01bdff138ce8
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=070c25aba156fdc8924c86d90725d8559534731d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4a:02:91:7c:0d:b7:d1:07:ac:40:a6:72:e7:
                    28:8b:96:4a:d2:36:c6:fe:94:7a:a8:cf:28:35:cd:
                    6a:90:fa:52:47:f8:3c:1c:35:76:ab:89:2f:54:5e:
                    97:e4:50:64:29:68:5c:fa:d8:ec:ea:23:25:9a:c5:
                    47:d4:a2:11:ba:92:38:d5:2e:4b:56:b3:5f:7e:d6:
                    57:a6:00:06:64:a6:c4:44:7d:f4:8d:51:73:2d:0c:
                    a1:9d:fc:30:6c:b1:26:e7:98:fb:c8:63:a0:89:f7:
                    f8:a9:d3:76:74:f1:f2:fd:57:93:dd:72:24:c9:0e:
                    bb:7e:0e:42:1d:f4:eb:86:4b:5b:81:90:7a:c1:e3:
                    be:ee:1a:06:38:90:6c:da:94:66:8b:9d:1d:b1:3f:
                    61:6b:06:a1:90:b9:01:ac:57:0a:eb:a0:31:8b:af:
                    55:42:22:d5:f7:6e:28:3b:da:cc:4e:7e:45:b2:fd:
                    65:0d:fe:03:56:4f:24:0a:86:73:97:d5:27:d8:e3:
                    9e:e9:be:e5:ac:3e:0e:64:e5:95:76:c7:9a:de:ce:
                    4a:ce:70:0d:17:33:e9:c7:53:d5:a6:38:1b:76:be:
                    1c:d5:20:c7:b7:ca:6a:2f:7a:2a:a2:4f:bc:57:cb:
                    13:3f:08:d7:e2:50:d1:6d:f9:76:72:b3:d1:0a:bb:
                    be:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:0C:25:AB:A1:56:FD:C8:92:4C:86:D9:07:25:D8:55:95:34:73:1D
            X509v3 Authority Key Identifier:
                keyid:E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/Bwwlq6FW_ciSTIbZByXYVZU0cx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:89c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:bb:71:61:5f:03:32:13:71:b8:13:8b:dc:32:3d:00:a6:b4:
         35:07:09:a4:5b:f5:cd:dd:b2:b4:72:76:38:67:35:f3:5f:d4:
         cc:b0:c0:01:a6:3d:1d:5e:dd:ca:7b:1c:41:7a:32:d4:8c:69:
         8f:56:43:05:d2:5c:21:1c:a6:6a:23:97:94:75:e4:c5:67:d8:
         c0:6a:fb:46:20:37:64:18:24:46:e4:a2:cc:f7:61:5e:da:d3:
         e9:5c:79:a3:c8:48:a7:09:2f:6a:54:f6:f1:a1:2d:63:2d:0c:
         a0:a9:bf:1e:c8:e8:1a:f4:19:00:69:3a:76:d7:6b:35:57:ab:
         81:19:59:c8:07:47:9c:d8:43:75:00:38:36:e9:17:0a:09:a1:
         1d:a0:c7:b4:88:28:b5:aa:f8:cb:88:7a:3a:38:94:6f:58:cb:
         20:9c:1c:6d:4e:79:9a:0e:d3:22:7b:9f:4f:e7:39:1c:ac:df:
         f8:06:33:91:4f:b3:45:bb:8a:70:49:c9:96:a3:21:24:96:27:
         ce:58:f2:cb:ae:eb:5e:53:1f:70:d2:7a:24:3d:15:fa:6b:6f:
         83:70:44:54:4b:87:36:7d:d0:21:df:cc:33:5b:da:d4:48:63:
         e1:4c:93:b5:e1:d5:4a:97:50:d7:0d:26:51:db:cf:65:7d:98:
         b6:a8:22:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb3A9nygeJjjY41hsfdxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNjM2ZTAyZjE1NTRmNzBkOTcxYTY1Njg0OWMwMWJkZmYx
MzhjZTgwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzBjMjVhYmExNTZmZGM4OTI0Yzg2ZDkwNzI1ZDg1NTk1MzQ3MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUoCkXwNt9EHrECmcucoi5ZK0jbG
/pR6qM8oNc1qkPpSR/g8HDV2q4kvVF6X5FBkKWhc+tjs6iMlmsVH1KIRupI41S5L
VrNfftZXpgAGZKbERH30jVFzLQyhnfwwbLEm55j7yGOgiff4qdN2dPHy/VeT3XIk
yQ67fg5CHfTrhktbgZB6weO+7hoGOJBs2pRmi50dsT9hawahkLkBrFcK66Axi69V
QiLV924oO9rMTn5Fsv1lDf4DVk8kCoZzl9Un2OOe6b7lrD4OZOWVdsea3s5KznAN
FzPpx1PVpjgbdr4c1SDHt8pqL3oqok+8V8sTPwjX4lDRbfl2crPRCru+7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAcMJauhVv3IkkyG2Qcl2FWVNHMdMB8GA1UdIwQY
MBaAFOJjbgLxVU9w2XGmVoScAb3/E4zoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQt
MTJmOWY3MzNkYzRmLzEvQnd3bHE2RldfY2lTVEliWkJ5WFlWWlUwY3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQtMTJmOWY3MzNkYzRm
LzEvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOJwDAN
BgkqhkiG9w0BAQsFAAOCAQEAirtxYV8DMhNxuBOL3DI9AKa0NQcJpFv1zd2ytHJ2
OGc181/UzLDAAaY9HV7dynscQXoy1Ixpj1ZDBdJcIRymaiOXlHXkxWfYwGr7RiA3
ZBgkRuSizPdhXtrT6Vx5o8hIpwkvalT28aEtYy0MoKm/HsjoGvQZAGk6dtdrNVer
gRlZyAdHnNhDdQA4NukXCgmhHaDHtIgotar4y4h6OjiUb1jLIJwcbU55mg7TInuf
T+c5HKzf+AYzkU+zRbuKcEnJlqMhJJYnzljyy67rXlMfcNJ6JD0V+mtvg3BEVEuH
Nn3QId/MM1va1Ehj4UyTteHVSpdQ1w0mUdvPZX2YtqgiSQ==
-----END CERTIFICATE-----