Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/43cd98-6f8a-44cf-95bd-420f9c8eafa4/1/V-ZQEl7nU3aR0ZrZ7_2A532hJGk.roa
File:                     V-ZQEl7nU3aR0ZrZ7_2A532hJGk.roa (raw, json)
Hash identifier:          HlRJs0fKl2mgnr9KVRqTgq3ofvBxwx4PrBod0y/Qn3E=
Subject key identifier:   57:E6:50:12:5E:E7:53:76:91:D1:9A:D9:EF:FD:80:E7:7D:A1:24:69
Certificate issuer:       /CN=0268b930beeca51fbf3543fe79f9b19345cf13d5
Certificate serial:       018CC49311827F13A3D69CEFC860CFAFB7D8
Authority key identifier: 02:68:B9:30:BE:EC:A5:1F:BF:35:43:FE:79:F9:B1:93:45:CF:13:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ami5ML7spR-_NUP-efmxk0XPE9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/43cd98-6f8a-44cf-95bd-420f9c8eafa4/1/V-ZQEl7nU3aR0ZrZ7_2A532hJGk.roa
Signing time:             Mon 01 Jan 2024 10:30:21 +0000
ROA not before:           Mon 01 Jan 2024 10:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204091
IP address blocks:        2a13:3700:30::/44 maxlen: 44
                          2a13:3700:20::/44 maxlen: 44
                          2a13:3700:10::/44 maxlen: 44
                          2a13:3700::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/43cd98-6f8a-44cf-95bd-420f9c8eafa4/1/Ami5ML7spR-_NUP-efmxk0XPE9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/43cd98-6f8a-44cf-95bd-420f9c8eafa4/1/Ami5ML7spR-_NUP-efmxk0XPE9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ami5ML7spR-_NUP-efmxk0XPE9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:11:82:7f:13:a3:d6:9c:ef:c8:60:cf:af:b7:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0268b930beeca51fbf3543fe79f9b19345cf13d5
        Validity
            Not Before: Jan  1 10:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57e650125ee7537691d19ad9effd80e77da12469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:62:3e:bc:a1:b9:15:6f:c4:a8:40:82:44:ec:
                    76:ad:e6:6b:d4:33:35:37:e0:e6:c5:83:a7:77:0b:
                    3d:db:c6:a8:70:39:13:db:04:fe:b1:31:0e:90:21:
                    b1:23:06:b5:c0:18:38:7b:43:1a:61:82:37:f8:4a:
                    94:37:7e:5e:29:d1:2f:ef:cf:d9:41:1e:16:5f:99:
                    19:86:7c:32:d0:03:0c:8a:d9:17:49:38:4a:d2:16:
                    d4:b0:ab:4d:a8:e4:32:cd:f5:1e:01:60:f1:f4:cd:
                    00:15:09:5b:bf:ad:ae:b1:e8:cc:5f:86:13:4b:2a:
                    31:1d:ad:fc:96:91:ec:15:e8:61:42:bc:8e:4b:5b:
                    1b:20:32:00:2b:1f:32:0a:59:c6:3e:76:f2:9e:ef:
                    66:9f:f1:40:6c:6e:cb:ea:e1:2d:7f:36:dc:de:28:
                    6a:cc:7e:ee:b4:62:1c:58:2d:32:53:8b:ae:ee:96:
                    c2:06:8f:81:d0:c3:92:7a:29:02:b8:9f:4b:98:9b:
                    74:fc:2c:49:a0:95:7d:9d:55:4e:e1:1d:d8:11:df:
                    4c:ab:ba:80:97:5d:24:61:90:01:3c:0a:ea:11:91:
                    7e:89:74:37:7f:ac:a0:9c:aa:fb:2e:dc:40:90:a5:
                    b5:43:5c:83:7b:3d:91:57:f7:56:e5:75:32:27:0b:
                    e9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E6:50:12:5E:E7:53:76:91:D1:9A:D9:EF:FD:80:E7:7D:A1:24:69
            X509v3 Authority Key Identifier:
                keyid:02:68:B9:30:BE:EC:A5:1F:BF:35:43:FE:79:F9:B1:93:45:CF:13:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ami5ML7spR-_NUP-efmxk0XPE9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/43cd98-6f8a-44cf-95bd-420f9c8eafa4/1/V-ZQEl7nU3aR0ZrZ7_2A532hJGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/43cd98-6f8a-44cf-95bd-420f9c8eafa4/1/Ami5ML7spR-_NUP-efmxk0XPE9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3700::/42

    Signature Algorithm: sha256WithRSAEncryption
         87:3f:b7:1f:6a:09:33:24:50:ac:14:5b:0d:3d:35:75:8b:a7:
         ec:73:d3:a0:ea:4b:21:69:a8:5f:8e:01:94:5d:df:89:62:62:
         3d:9c:bd:52:c6:1f:bd:61:eb:e5:33:a9:99:a9:a2:de:3a:2c:
         37:bc:c7:1c:bb:d5:42:44:34:f7:16:fa:c2:6c:32:59:9b:11:
         f2:d6:3a:b8:77:88:8b:4e:f4:c2:aa:31:ee:32:b9:6b:ff:1f:
         04:4b:78:3c:ee:2d:39:8f:77:d9:5c:34:19:79:e8:3e:e4:b2:
         0d:17:c2:78:89:5c:2d:cf:ae:e7:ce:e9:80:c1:0a:33:88:fc:
         c6:28:87:4e:f3:4a:f9:7a:83:f6:c0:87:58:86:59:c7:97:9a:
         18:65:f1:1c:b1:e7:ab:85:42:55:b6:a4:22:c5:1c:b5:0c:20:
         76:6d:7a:bc:d9:36:8c:16:ee:f5:9c:b2:13:0d:11:28:dc:28:
         4b:7e:34:04:6c:a3:9a:46:1f:e3:35:84:3d:11:d4:f4:c4:8d:
         7a:72:1d:4d:cf:cd:4d:f0:bb:3e:9d:cd:b1:ac:8e:23:74:b1:
         d5:bc:c6:bc:1e:d6:ba:8f:9c:b1:e6:75:b9:08:25:cc:b9:37:
         76:d6:b8:46:ad:a2:09:a2:fa:5d:88:6a:40:c4:1f:30:dd:ea:
         77:49:3c:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkxGCfxOj1pzvyGDPr7fYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNjhiOTMwYmVlY2E1MWZiZjM1NDNmZTc5ZjliMTkzNDVj
ZjEzZDUwHhcNMjQwMTAxMTAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2U2NTAxMjVlZTc1Mzc2OTFkMTlhZDllZmZkODBlNzdkYTEyNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWI+vKG5FW/EqECCROx2reZr1DM1
N+DmxYOndws928aocDkT2wT+sTEOkCGxIwa1wBg4e0MaYYI3+EqUN35eKdEv78/Z
QR4WX5kZhnwy0AMMitkXSThK0hbUsKtNqOQyzfUeAWDx9M0AFQlbv62usejMX4YT
SyoxHa38lpHsFehhQryOS1sbIDIAKx8yClnGPnbynu9mn/FAbG7L6uEtfzbc3ihq
zH7utGIcWC0yU4uu7pbCBo+B0MOSeikCuJ9LmJt0/CxJoJV9nVVO4R3YEd9Mq7qA
l10kYZABPArqEZF+iXQ3f6ygnKr7LtxAkKW1Q1yDez2RV/dW5XUyJwvpQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFfmUBJe51N2kdGa2e/9gOd9oSRpMB8GA1UdIwQY
MBaAFAJouTC+7KUfvzVD/nn5sZNFzxPVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW1pNU1MN3NwUi1fTlVQLWVmbXhrMFhQRTlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi80M2NkOTgtNmY4YS00NGNmLTk1YmQt
NDIwZjljOGVhZmE0LzEvVi1aUUVsN25VM2FSMFpyWjdfMkE1MzJoSkdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi80M2NkOTgtNmY4YS00NGNmLTk1YmQtNDIwZjljOGVhZmE0
LzEvQW1pNU1MN3NwUi1fTlVQLWVmbXhrMFhQRTlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKhM3AAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCHP7cfagkzJFCsFFsNPTV1i6fsc9Og6kshaahf
jgGUXd+JYmI9nL1Sxh+9YevlM6mZqaLeOiw3vMccu9VCRDT3FvrCbDJZmxHy1jq4
d4iLTvTCqjHuMrlr/x8ES3g87i05j3fZXDQZeeg+5LINF8J4iVwtz67nzumAwQoz
iPzGKIdO80r5eoP2wIdYhlnHl5oYZfEcseerhUJVtqQixRy1DCB2bXq82TaMFu71
nLITDREo3ChLfjQEbKOaRh/jNYQ9EdT0xI16ch1Nz81N8Ls+nc2xrI4jdLHVvMa8
Hta6j5yx5nW5CCXMuTd21rhGraIJovpdiGpAxB8w3ep3STwN
-----END CERTIFICATE-----