Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/aMyatW8ijHQLIxlxVn2fZgMpzTI.roa
File:                     aMyatW8ijHQLIxlxVn2fZgMpzTI.roa (raw, json)
Hash identifier:          J/LENkfq82htB6tvEMf6u4QE3Ek6E/+jDRNcvCKXUwo=
Subject key identifier:   68:CC:9A:B5:6F:22:8C:74:0B:23:19:71:56:7D:9F:66:03:29:CD:32
Certificate issuer:       /CN=9076f77da841b7b94215b6fac2d41a71c2151601
Certificate serial:       018CC7953A596AA1CEBE8EC92774B8C1B6EE
Authority key identifier: 90:76:F7:7D:A8:41:B7:B9:42:15:B6:FA:C2:D4:1A:71:C2:15:16:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kHb3fahBt7lCFbb6wtQaccIVFgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/aMyatW8ijHQLIxlxVn2fZgMpzTI.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210776
IP address blocks:        2a13:1200:20::/44 maxlen: 44
                          2a13:1200::/44 maxlen: 44
                          2a13:1200:10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/kHb3fahBt7lCFbb6wtQaccIVFgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/kHb3fahBt7lCFbb6wtQaccIVFgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kHb3fahBt7lCFbb6wtQaccIVFgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 06:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3a:59:6a:a1:ce:be:8e:c9:27:74:b8:c1:b6:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9076f77da841b7b94215b6fac2d41a71c2151601
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68cc9ab56f228c740b231971567d9f660329cd32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:3f:ab:55:ea:a9:b9:58:b9:af:36:59:b5:
                    b5:d8:6e:0f:39:08:9a:e6:1f:06:c8:37:d7:bd:46:
                    58:7c:b5:3b:da:4d:84:74:57:45:12:81:50:ab:ea:
                    d6:98:8c:9a:e0:69:e2:33:a0:53:04:9c:ef:cf:ba:
                    ee:cf:ee:71:32:2a:2d:c1:09:a0:63:dc:d3:6c:ca:
                    b2:60:2c:6b:bf:46:48:fa:3b:75:8d:d2:7c:eb:72:
                    63:3f:05:c5:d4:ad:30:d3:d5:f3:60:ec:bf:5f:48:
                    da:b2:5d:ed:c8:97:b0:57:6d:77:59:b8:42:5e:5b:
                    c7:33:30:4b:ed:53:e0:1b:e4:c3:7a:54:d7:0c:f6:
                    cc:29:96:8a:6c:b4:cd:9e:e5:c5:75:39:c3:fb:a3:
                    c2:16:b2:a0:37:fe:cb:ef:f6:35:ff:e7:f1:3e:13:
                    b6:43:23:6c:9d:68:f3:70:11:d4:fb:40:4a:f7:18:
                    e3:d9:fa:4b:bb:3a:36:e3:fd:b3:d9:cb:16:b5:b6:
                    6c:e7:f3:93:8b:ab:a2:6f:b1:8c:71:4d:b7:a1:de:
                    00:ed:a7:dd:c1:69:78:f9:8e:06:af:b1:c8:f0:b1:
                    19:30:45:cd:01:b2:52:7f:3b:1b:e4:40:bc:66:9f:
                    45:0f:80:c2:13:4b:41:ff:3a:5d:ff:54:50:7c:47:
                    da:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:CC:9A:B5:6F:22:8C:74:0B:23:19:71:56:7D:9F:66:03:29:CD:32
            X509v3 Authority Key Identifier:
                keyid:90:76:F7:7D:A8:41:B7:B9:42:15:B6:FA:C2:D4:1A:71:C2:15:16:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kHb3fahBt7lCFbb6wtQaccIVFgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/aMyatW8ijHQLIxlxVn2fZgMpzTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/kHb3fahBt7lCFbb6wtQaccIVFgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1200::-2a13:1200:2f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         69:f7:08:1f:4f:69:3d:4c:4d:96:aa:d9:99:aa:86:21:85:47:
         10:60:ed:5c:5b:fb:32:52:34:59:37:8d:db:7e:78:aa:89:13:
         51:09:b5:0d:b1:a7:f5:06:4c:b4:8a:14:1f:57:4a:7d:61:1d:
         cb:13:f8:38:1f:b3:f1:31:6d:fc:56:7c:58:7d:d7:79:ec:dd:
         77:78:91:2b:2b:f2:29:e3:59:09:88:b0:91:1d:9a:a6:22:20:
         6a:db:76:09:25:b8:dd:ef:e1:99:cc:10:c1:2e:ca:b7:1b:d1:
         cb:57:52:b6:c0:f7:d5:3c:6e:f0:de:70:b0:03:8b:8d:9d:eb:
         0b:95:73:14:a7:2d:75:dd:c6:d0:35:7f:e2:b0:ef:b7:74:46:
         8b:4d:b2:bf:0e:a2:dc:2d:c7:5c:37:69:3f:96:93:9b:5e:d8:
         7a:8f:9c:fe:4c:f1:d2:df:51:26:e7:85:ee:a1:a2:f2:49:1f:
         c4:0f:d4:95:ed:c8:79:ce:ec:75:cb:79:2e:1c:28:0f:5d:8c:
         ef:a7:d3:32:c6:d5:b2:67:1c:78:92:4c:69:35:9a:9b:e4:20:
         f4:b8:9d:62:a0:c8:8c:e0:4a:1f:5f:6f:86:a0:73:ae:71:12:
         78:09:54:34:c7:a9:42:2b:61:85:2e:ce:b0:e0:c0:79:fe:c3:
         04:90:04:a3
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzHlTpZaqHOvo7JJ3S4wbbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNzZmNzdkYTg0MWI3Yjk0MjE1YjZmYWMyZDQxYTcxYzIx
NTE2MDEwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGNjOWFiNTZmMjI4Yzc0MGIyMzE5NzE1NjdkOWY2NjAzMjljZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/g/q1XqqblYua82WbW12G4POQia
5h8GyDfXvUZYfLU72k2EdFdFEoFQq+rWmIya4GniM6BTBJzvz7ruz+5xMiotwQmg
Y9zTbMqyYCxrv0ZI+jt1jdJ863JjPwXF1K0w09XzYOy/X0jasl3tyJewV213WbhC
XlvHMzBL7VPgG+TDelTXDPbMKZaKbLTNnuXFdTnD+6PCFrKgN/7L7/Y1/+fxPhO2
QyNsnWjzcBHU+0BK9xjj2fpLuzo24/2z2csWtbZs5/OTi6uib7GMcU23od4A7afd
wWl4+Y4Gr7HI8LEZMEXNAbJSfzsb5EC8Zp9FD4DCE0tB/zpd/1RQfEfaeQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFGjMmrVvIox0CyMZcVZ9n2YDKc0yMB8GA1UdIwQY
MBaAFJB2932oQbe5QhW2+sLUGnHCFRYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0hiM2ZhaEJ0N2xDRmJiNnd0UWFjY0lWRmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9lMWQ2YjctNTU1Yy00ZDliLWFmZTEt
ZTYzY2U1NTM3MGViLzEvYU15YXRXOGlqSFFMSXhseFZuMmZaZ01welRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9lMWQ2YjctNTU1Yy00ZDliLWFmZTEtZTYzY2U1NTM3MGVi
LzEva0hiM2ZhaEJ0N2xDRmJiNnd0UWFjY0lWRmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARMA8DBAEqExID
BwQqExIAACAwDQYJKoZIhvcNAQELBQADggEBAGn3CB9PaT1MTZaq2ZmqhiGFRxBg
7Vxb+zJSNFk3jdt+eKqJE1EJtQ2xp/UGTLSKFB9XSn1hHcsT+Dgfs/ExbfxWfFh9
13ns3Xd4kSsr8injWQmIsJEdmqYiIGrbdgkluN3v4ZnMEMEuyrcb0ctXUrbA99U8
bvDecLADi42d6wuVcxSnLXXdxtA1f+Kw77d0RotNsr8Ootwtx1w3aT+Wk5te2HqP
nP5M8dLfUSbnhe6hovJJH8QP1JXtyHnO7HXLeS4cKA9djO+n0zLG1bJnHHiSTGk1
mpvkIPS4nWKgyIzgSh9fb4agc65xEngJVDTHqUIrYYUuzrDgwHn+wwSQBKM=
-----END CERTIFICATE-----