Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/Y_ZrWJfMtLuj35yUNnc8YzqS9Do.roa
File:                     Y_ZrWJfMtLuj35yUNnc8YzqS9Do.roa (raw, json)
Hash identifier:          VxTxgE/nCBiDRb4AHpA8IkKdZIHaQIsUs3xuzh1MB4g=
Subject key identifier:   63:F6:6B:58:97:CC:B4:BB:A3:DF:9C:94:36:77:3C:63:3A:92:F4:3A
Certificate issuer:       /CN=a15237c39a325aa309b69e66fe09237da1ad0d2b
Certificate serial:       019062CF28E2A7A49F5520192C38F15F0A02
Authority key identifier: A1:52:37:C3:9A:32:5A:A3:09:B6:9E:66:FE:09:23:7D:A1:AD:0D:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oVI3w5oyWqMJtp5m_gkjfaGtDSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/Y_ZrWJfMtLuj35yUNnc8YzqS9Do.roa
Signing time:             Sat 29 Jun 2024 07:04:21 +0000
ROA not before:           Sat 29 Jun 2024 07:04:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215002
IP address blocks:        2a13:75c1:201::/48 maxlen: 48
                          2a13:75c1:400::/40 maxlen: 48
                          2a13:75c1:4b0::/44 maxlen: 48
                          2a13:75c1:4b3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/oVI3w5oyWqMJtp5m_gkjfaGtDSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/oVI3w5oyWqMJtp5m_gkjfaGtDSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oVI3w5oyWqMJtp5m_gkjfaGtDSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:62:cf:28:e2:a7:a4:9f:55:20:19:2c:38:f1:5f:0a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15237c39a325aa309b69e66fe09237da1ad0d2b
        Validity
            Not Before: Jun 29 07:04:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63f66b5897ccb4bba3df9c9436773c633a92f43a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:56:a0:53:c8:51:f1:6d:27:dc:a5:d6:ff:7a:
                    21:68:d6:43:11:b2:95:57:c3:26:ba:7a:9f:7b:9b:
                    f7:b0:63:69:a1:ff:1c:fc:46:df:a3:a1:ef:64:63:
                    ad:91:1f:04:a4:15:d7:e7:66:d9:35:7a:d6:18:fc:
                    67:0b:4e:e9:0e:de:8b:36:09:18:07:72:bb:e4:a3:
                    3d:92:40:02:a1:aa:ad:c6:51:49:85:9d:58:85:21:
                    4a:6e:6c:66:d1:9a:7e:71:79:5e:52:87:61:ac:f4:
                    6e:61:8a:60:c7:98:5e:09:02:34:df:b0:cd:66:1b:
                    a8:9f:1e:10:b3:54:b9:36:8e:8e:44:97:0f:e0:6c:
                    16:e5:69:c7:ba:5c:07:a1:25:df:05:50:55:4d:a3:
                    15:24:14:17:06:cd:66:c0:d2:f1:07:67:20:ae:ba:
                    86:33:29:31:1f:64:4d:4e:a0:25:d1:3d:b0:f0:a7:
                    dd:1a:47:ee:ee:2c:d2:35:fc:5b:cc:a9:ce:71:de:
                    7d:10:b3:be:22:d9:9f:10:1b:d6:be:84:4a:0f:72:
                    e3:49:b8:90:b8:b2:90:6c:e3:74:27:af:38:5a:fa:
                    3c:00:91:5b:aa:59:fd:a0:0d:23:42:ae:60:b4:1f:
                    1a:42:c8:bf:bf:8b:7e:12:00:b5:ab:80:64:74:75:
                    58:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F6:6B:58:97:CC:B4:BB:A3:DF:9C:94:36:77:3C:63:3A:92:F4:3A
            X509v3 Authority Key Identifier:
                keyid:A1:52:37:C3:9A:32:5A:A3:09:B6:9E:66:FE:09:23:7D:A1:AD:0D:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oVI3w5oyWqMJtp5m_gkjfaGtDSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/Y_ZrWJfMtLuj35yUNnc8YzqS9Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/oVI3w5oyWqMJtp5m_gkjfaGtDSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:75c1:201::/48
                  2a13:75c1:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         6c:cb:16:f3:4c:23:7e:a1:d4:a9:f3:32:80:7c:54:4e:a6:f9:
         85:cd:26:44:b8:63:d8:3c:95:9e:dd:66:5b:ed:cb:c7:dd:04:
         31:05:12:23:af:55:ef:2a:e1:d3:20:00:af:c3:72:77:27:a6:
         e8:1c:b1:30:ab:85:05:68:6d:35:7d:bc:79:2b:36:d5:43:72:
         da:34:f1:99:cc:d9:74:c1:af:23:23:3c:01:3f:fe:33:45:4e:
         7a:1f:41:8e:02:68:e7:21:78:ad:47:f4:74:03:1b:e6:e6:6a:
         21:2a:3c:41:b8:e1:c4:90:30:0b:5b:a6:be:24:4c:ca:3c:cb:
         04:db:d9:b5:11:ce:c9:06:53:b0:81:eb:ad:f2:42:6c:3a:d0:
         ba:c9:c2:39:84:b2:0c:d9:37:bd:13:60:71:83:03:8f:8d:57:
         9e:25:33:87:e6:25:7f:fe:53:d4:52:93:98:c9:d2:93:0a:f0:
         f7:a5:78:30:24:12:e7:42:87:21:5c:eb:d8:0b:80:b7:af:d5:
         09:37:5a:cb:52:37:99:b7:ac:42:18:a8:5b:21:ef:71:a3:a3:
         43:68:23:d6:c9:7d:a7:84:35:1d:49:87:08:ef:43:ce:7a:4e:
         7b:11:12:8f:6b:27:56:4b:ef:fb:99:57:d7:b4:9a:30:74:b8:
         12:0e:2f:cf
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZBizyjip6SfVSAZLDjxXwoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNTIzN2MzOWEzMjVhYTMwOWI2OWU2NmZlMDkyMzdkYTFh
ZDBkMmIwHhcNMjQwNjI5MDcwNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Y2NmI1ODk3Y2NiNGJiYTNkZjljOTQzNjc3M2M2MzNhOTJmNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFagU8hR8W0n3KXW/3ohaNZDEbKV
V8Mmunqfe5v3sGNpof8c/Ebfo6HvZGOtkR8EpBXX52bZNXrWGPxnC07pDt6LNgkY
B3K75KM9kkACoaqtxlFJhZ1YhSFKbmxm0Zp+cXleUodhrPRuYYpgx5heCQI037DN
Zhuonx4Qs1S5No6ORJcP4GwW5WnHulwHoSXfBVBVTaMVJBQXBs1mwNLxB2cgrrqG
MykxH2RNTqAl0T2w8KfdGkfu7izSNfxbzKnOcd59ELO+ItmfEBvWvoRKD3LjSbiQ
uLKQbON0J684Wvo8AJFbqln9oA0jQq5gtB8aQsi/v4t+EgC1q4BkdHVYXQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFGP2a1iXzLS7o9+clDZ3PGM6kvQ6MB8GA1UdIwQY
MBaAFKFSN8OaMlqjCbaeZv4JI32hrQ0rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1ZJM3c1b3lXcU1KdHA1bV9na2pmYUd0RFNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9mMzMyMjktY2EyZC00MTA4LTg5MmQt
NGM5MTBhZTM3MzVkLzEvWV9acldKZk10THVqMzV5VU5uYzhZenFTOURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9mMzMyMjktY2EyZC00MTA4LTg5MmQtNGM5MTBhZTM3MzVk
LzEvb1ZJM3c1b3lXcU1KdHA1bV9na2pmYUd0RFNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhN1wQIB
AwYAKhN1wQQwDQYJKoZIhvcNAQELBQADggEBAGzLFvNMI36h1KnzMoB8VE6m+YXN
JkS4Y9g8lZ7dZlvty8fdBDEFEiOvVe8q4dMgAK/DcncnpugcsTCrhQVobTV9vHkr
NtVDcto08ZnM2XTBryMjPAE//jNFTnofQY4CaOcheK1H9HQDG+bmaiEqPEG44cSQ
MAtbpr4kTMo8ywTb2bURzskGU7CB663yQmw60LrJwjmEsgzZN70TYHGDA4+NV54l
M4fmJX/+U9RSk5jJ0pMK8PeleDAkEudChyFc69gLgLev1Qk3WstSN5m3rEIYqFsh
73Gjo0NoI9bJfaeENR1JhwjvQ856TnsREo9rJ1ZL7/uZV9e0mjB0uBIOL88=
-----END CERTIFICATE-----