Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FsXQvMW39VrICgQXUTRnijnE4Ms.roa
File:                     FsXQvMW39VrICgQXUTRnijnE4Ms.roa (raw, json)
Hash identifier:          kQunhym5SBeXk4S/rNARlfY6YsFXbt5xVRKl0EWl2KU=
Subject key identifier:   16:C5:D0:BC:C5:B7:F5:5A:C8:0A:04:17:51:34:67:8A:39:C4:E0:CB
Certificate issuer:       /CN=153f24183d6c95185919349e6e92533736437b94
Certificate serial:       018CC7275715901B4D399EBC697FDC55025B
Authority key identifier: 15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FsXQvMW39VrICgQXUTRnijnE4Ms.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        2a13:e940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:15:90:1b:4d:39:9e:bc:69:7f:dc:55:02:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=153f24183d6c95185919349e6e92533736437b94
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16c5d0bcc5b7f55ac80a04175134678a39c4e0cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d7:36:7a:71:e8:09:f5:11:de:a2:9c:d7:c8:
                    b7:e6:82:86:6e:e6:30:1d:29:a9:b5:cb:e7:21:62:
                    11:95:31:5c:af:f4:bf:3d:51:08:b2:21:08:d2:e6:
                    2e:05:65:4c:1c:73:68:56:c3:71:de:93:3a:50:08:
                    2a:d5:89:74:1e:ff:e3:af:4b:81:3f:6d:22:f1:f9:
                    e9:99:03:24:a5:20:76:d3:13:0a:c6:74:ae:15:1d:
                    c1:76:e5:5c:07:52:bc:94:99:6b:b9:9f:c9:f6:f8:
                    2b:6a:33:2a:d8:eb:30:18:8c:c4:ba:f5:a2:ca:90:
                    c6:01:02:ed:94:aa:93:1e:ae:84:91:cd:43:a0:a8:
                    bb:02:c5:36:e1:25:43:58:ab:68:39:56:f9:a9:02:
                    9d:43:59:89:01:0c:7b:f9:ca:3a:88:c4:1b:87:39:
                    57:ba:b9:13:21:07:95:88:49:15:b8:29:a3:e9:84:
                    db:4f:0e:d2:f1:23:9b:54:0b:59:ec:ed:dc:d9:2f:
                    58:21:7d:51:1b:f7:1b:36:7f:1d:dd:f2:92:16:20:
                    db:1b:aa:6a:4c:42:4a:4c:e6:4f:4d:ef:fe:18:84:
                    e8:3d:81:90:c8:49:53:32:a8:f6:37:79:78:84:cb:
                    92:9f:87:62:ae:c0:da:92:71:0e:8f:36:62:5a:88:
                    54:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C5:D0:BC:C5:B7:F5:5A:C8:0A:04:17:51:34:67:8A:39:C4:E0:CB
            X509v3 Authority Key Identifier:
                keyid:15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FsXQvMW39VrICgQXUTRnijnE4Ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         bf:74:4c:1a:0f:ca:20:6d:b8:10:90:4f:ac:83:57:6f:e3:7b:
         06:18:92:3d:f3:a6:6f:2a:cd:7c:a7:8d:23:ed:27:c6:0c:ba:
         e2:ea:04:1d:23:cc:48:ff:51:f4:3e:a7:eb:64:36:f2:94:83:
         b9:df:d8:2b:89:a3:15:e6:ae:ac:a8:2f:e4:b9:b2:da:6e:96:
         7c:06:1c:40:5a:b5:08:4e:38:46:a9:97:05:59:e8:e6:91:f8:
         d4:11:e6:b1:b9:9d:c9:f7:87:d6:92:3e:e5:74:6a:a1:37:17:
         65:d4:07:6b:ee:ec:54:dc:13:22:4f:18:1d:55:a1:5c:6e:a5:
         88:91:96:ae:97:9f:8f:4b:cb:27:fd:31:17:75:28:6f:f8:05:
         25:b6:5a:5e:05:95:4b:96:bd:16:7e:5c:d4:ee:ba:af:4d:cb:
         18:2b:1d:cf:4b:3a:11:e5:3b:45:38:87:f2:8b:29:2c:ad:e5:
         01:73:f2:4c:b1:a0:16:21:01:b3:18:82:8a:3f:4d:76:40:64:
         fc:20:c5:78:42:89:3c:6b:e3:57:3c:1b:0a:9f:28:d9:c5:56:
         be:f8:36:43:d0:ac:ba:ad:a4:95:49:55:2c:55:27:56:02:13:
         b1:96:c3:92:1d:ee:4d:5c:35:da:c4:0b:50:11:34:3f:7f:eb:
         94:6c:bd:46
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ1cVkBtNOZ68aX/cVQJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1M2YyNDE4M2Q2Yzk1MTg1OTE5MzQ5ZTZlOTI1MzM3MzY0
MzdiOTQwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmM1ZDBiY2M1YjdmNTVhYzgwYTA0MTc1MTM0Njc4YTM5YzRlMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNc2enHoCfUR3qKc18i35oKGbuYw
HSmptcvnIWIRlTFcr/S/PVEIsiEI0uYuBWVMHHNoVsNx3pM6UAgq1Yl0Hv/jr0uB
P20i8fnpmQMkpSB20xMKxnSuFR3BduVcB1K8lJlruZ/J9vgrajMq2OswGIzEuvWi
ypDGAQLtlKqTHq6Ekc1DoKi7AsU24SVDWKtoOVb5qQKdQ1mJAQx7+co6iMQbhzlX
urkTIQeViEkVuCmj6YTbTw7S8SObVAtZ7O3c2S9YIX1RG/cbNn8d3fKSFiDbG6pq
TEJKTOZPTe/+GIToPYGQyElTMqj2N3l4hMuSn4dirsDaknEOjzZiWohUKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBbF0LzFt/VayAoEF1E0Z4o5xODLMB8GA1UdIwQY
MBaAFBU/JBg9bJUYWRk0nm6SUzc2Q3uUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAt
NTgwNWQzZjNkYmIyLzEvRnNYUXZNVzM5VnJJQ2dRWFVUUm5pam5FNE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAtNTgwNWQzZjNkYmIy
LzEvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPpQDAN
BgkqhkiG9w0BAQsFAAOCAQEAv3RMGg/KIG24EJBPrINXb+N7BhiSPfOmbyrNfKeN
I+0nxgy64uoEHSPMSP9R9D6n62Q28pSDud/YK4mjFeaurKgv5Lmy2m6WfAYcQFq1
CE44RqmXBVno5pH41BHmsbmdyfeH1pI+5XRqoTcXZdQHa+7sVNwTIk8YHVWhXG6l
iJGWrpefj0vLJ/0xF3Uob/gFJbZaXgWVS5a9Fn5c1O66r03LGCsdz0s6EeU7RTiH
8ospLK3lAXPyTLGgFiEBsxiCij9NdkBk/CDFeEKJPGvjVzwbCp8o2cVWvvg2Q9Cs
uq2klUlVLFUnVgITsZbDkh3uTVw12sQLUBE0P3/rlGy9Rg==
-----END CERTIFICATE-----