Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/EbnXqL3LPXy8tvB2Ymq5Y8XveJY.roa
File:                     EbnXqL3LPXy8tvB2Ymq5Y8XveJY.roa (raw, json)
Hash identifier:          CCmiIVz8L+sMr/jVqW23OVPVPA6qOrjKxAxUhj9wVbs=
Subject key identifier:   11:B9:D7:A8:BD:CB:3D:7C:BC:B6:F0:76:62:6A:B9:63:C5:EF:78:96
Certificate issuer:       /CN=a1eb60b29252ce185a41636a247b4c0273d374ae
Certificate serial:       018CC34946D43DFC00896A8EDB1040450421
Authority key identifier: A1:EB:60:B2:92:52:CE:18:5A:41:63:6A:24:7B:4C:02:73:D3:74:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oetgspJSzhhaQWNqJHtMAnPTdK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/EbnXqL3LPXy8tvB2Ymq5Y8XveJY.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62028
IP address blocks:        2a13:fcc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/oetgspJSzhhaQWNqJHtMAnPTdK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/oetgspJSzhhaQWNqJHtMAnPTdK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oetgspJSzhhaQWNqJHtMAnPTdK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:46:d4:3d:fc:00:89:6a:8e:db:10:40:45:04:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1eb60b29252ce185a41636a247b4c0273d374ae
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11b9d7a8bdcb3d7cbcb6f076626ab963c5ef7896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:69:9c:26:b5:5a:9f:b8:1d:2a:58:71:8a:9b:
                    d2:53:fd:7d:2d:56:73:4f:73:f4:2c:a5:a0:47:26:
                    00:bd:4a:0c:81:6b:be:6b:36:66:33:9b:04:06:72:
                    f7:40:f9:8f:c2:57:29:20:2a:ca:51:1e:a6:db:35:
                    66:c6:50:e7:e8:be:a3:c0:a2:73:78:13:c1:c3:ee:
                    ee:2a:af:a3:e0:4e:bc:07:58:be:d8:b7:32:ce:a0:
                    64:84:68:d5:45:8b:b6:11:10:8b:64:ab:57:6c:fe:
                    b1:5a:2a:bb:c7:1d:fc:4a:af:4c:c0:3b:1a:b7:dd:
                    c8:7c:a3:e4:52:39:f2:42:e5:d9:72:3a:45:56:29:
                    8f:64:d9:68:1c:b3:69:93:4f:e1:6c:d5:74:75:8d:
                    eb:2e:c7:05:14:57:c5:ee:3f:1a:23:7e:d7:a2:31:
                    fe:1b:36:ec:3e:b6:76:91:d6:ee:73:88:df:1f:a0:
                    18:6c:08:fc:66:b4:9e:83:5e:48:84:6c:c6:d3:e0:
                    59:81:d7:30:fe:18:e7:0b:bc:d5:98:a3:ca:03:c7:
                    fd:13:7a:93:f2:52:6a:7b:5e:a8:31:5b:dc:bf:48:
                    89:6e:92:7f:6f:35:03:f3:56:89:7e:3a:ae:b7:dd:
                    79:73:4a:47:df:e6:6b:5c:28:99:b5:45:f4:75:ec:
                    f0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B9:D7:A8:BD:CB:3D:7C:BC:B6:F0:76:62:6A:B9:63:C5:EF:78:96
            X509v3 Authority Key Identifier:
                keyid:A1:EB:60:B2:92:52:CE:18:5A:41:63:6A:24:7B:4C:02:73:D3:74:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oetgspJSzhhaQWNqJHtMAnPTdK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/EbnXqL3LPXy8tvB2Ymq5Y8XveJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/oetgspJSzhhaQWNqJHtMAnPTdK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:fcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:62:31:85:b7:35:c2:6e:27:d0:a3:44:c1:bd:b8:fd:0e:3e:
         e3:39:6d:3d:b6:67:dd:63:0a:8f:da:f8:09:37:06:0b:f1:22:
         01:dd:94:32:f6:3d:05:f8:e1:f6:09:8c:32:3a:e9:fa:be:78:
         cd:6c:43:e8:02:24:13:cb:75:13:2b:2d:4e:99:3a:54:98:d6:
         26:9e:96:7c:4b:ea:7d:58:34:78:69:68:7a:44:b1:85:44:bc:
         8b:ee:e0:2e:95:81:ee:ab:d7:a4:8b:9a:25:f5:07:d7:87:3b:
         53:7f:24:02:c0:61:dc:f9:e7:62:d4:67:b7:de:f4:76:86:da:
         00:18:c9:ab:28:84:d5:75:b5:2b:c9:d2:f8:af:46:77:f6:5f:
         ad:d9:69:30:4f:ef:c6:dc:31:66:7a:1a:8e:7a:4b:3a:39:c3:
         9e:24:1f:67:52:a8:b5:57:c5:92:23:a4:8f:9d:f4:1c:de:75:
         19:aa:fd:42:e7:97:d7:8c:5c:83:e2:40:f3:2e:40:b7:23:be:
         b9:5b:90:1b:04:01:5b:94:fd:d5:2e:2c:d5:86:f3:3f:59:1a:
         dc:a7:bc:2b:93:9d:08:b2:7a:48:ce:44:5b:bc:14:0c:68:6e:
         b9:7a:30:1a:56:1b:0e:f1:ad:fe:d6:10:cb:6e:fc:38:33:3b:
         ac:9f:45:f6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSUbUPfwAiWqO2xBARQQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZWI2MGIyOTI1MmNlMTg1YTQxNjM2YTI0N2I0YzAyNzNk
Mzc0YWUwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI5ZDdhOGJkY2IzZDdjYmNiNmYwNzY2MjZhYjk2M2M1ZWY3ODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWmcJrVan7gdKlhxipvSU/19LVZz
T3P0LKWgRyYAvUoMgWu+azZmM5sEBnL3QPmPwlcpICrKUR6m2zVmxlDn6L6jwKJz
eBPBw+7uKq+j4E68B1i+2LcyzqBkhGjVRYu2ERCLZKtXbP6xWiq7xx38Sq9MwDsa
t93IfKPkUjnyQuXZcjpFVimPZNloHLNpk0/hbNV0dY3rLscFFFfF7j8aI37XojH+
GzbsPrZ2kdbuc4jfH6AYbAj8ZrSeg15IhGzG0+BZgdcw/hjnC7zVmKPKA8f9E3qT
8lJqe16oMVvcv0iJbpJ/bzUD81aJfjqut915c0pH3+ZrXCiZtUX0dezwBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBG516i9yz18vLbwdmJquWPF73iWMB8GA1UdIwQY
MBaAFKHrYLKSUs4YWkFjaiR7TAJz03SuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2V0Z3NwSlN6aGhhUVdOcUpIdE1BblBUZEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8yNmIyODYtZDk2Ny00Y2E2LThmMTAt
ZDhiMDc1NmQ4MmE1LzEvRWJuWHFMM0xQWHk4dHZCMlltcTVZOFh2ZUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8yNmIyODYtZDk2Ny00Y2E2LThmMTAtZDhiMDc1NmQ4MmE1
LzEvb2V0Z3NwSlN6aGhhUVdOcUpIdE1BblBUZEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhP8wDAN
BgkqhkiG9w0BAQsFAAOCAQEAVWIxhbc1wm4n0KNEwb24/Q4+4zltPbZn3WMKj9r4
CTcGC/EiAd2UMvY9Bfjh9gmMMjrp+r54zWxD6AIkE8t1EystTpk6VJjWJp6WfEvq
fVg0eGloekSxhUS8i+7gLpWB7qvXpIuaJfUH14c7U38kAsBh3PnnYtRnt970doba
ABjJqyiE1XW1K8nS+K9Gd/ZfrdlpME/vxtwxZnoajnpLOjnDniQfZ1KotVfFkiOk
j530HN51Gar9QueX14xcg+JA8y5AtyO+uVuQGwQBW5T91S4s1YbzP1ka3Ke8K5Od
CLJ6SM5EW7wUDGhuuXowGlYbDvGt/tYQy278ODM7rJ9F9g==
-----END CERTIFICATE-----