Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/bZ-IPMKnqn2JjIKSzaRgBK9Ht5Q.roa
File:                     bZ-IPMKnqn2JjIKSzaRgBK9Ht5Q.roa (raw, json)
Hash identifier:          MmXbKvQVX5/1P3BgGMrIe7BI8lFoHL8uHL7LvAKk74w=
Subject key identifier:   6D:9F:88:3C:C2:A7:AA:7D:89:8C:82:92:CD:A4:60:04:AF:47:B7:94
Certificate issuer:       /CN=14bf39139b710c4f7237edfd88518655af39c323
Certificate serial:       018CC3B736BB7D644FE0A4DAEC44EF63D8E5
Authority key identifier: 14:BF:39:13:9B:71:0C:4F:72:37:ED:FD:88:51:86:55:AF:39:C3:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL85E5txDE9yN-39iFGGVa85wyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/bZ-IPMKnqn2JjIKSzaRgBK9Ht5Q.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        2a13:3d81::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FL85E5txDE9yN-39iFGGVa85wyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FL85E5txDE9yN-39iFGGVa85wyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL85E5txDE9yN-39iFGGVa85wyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:36:bb:7d:64:4f:e0:a4:da:ec:44:ef:63:d8:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bf39139b710c4f7237edfd88518655af39c323
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d9f883cc2a7aa7d898c8292cda46004af47b794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1f:3b:94:89:c7:cc:70:6b:c8:e6:ef:0b:f7:
                    e0:b7:da:09:40:14:d7:d5:02:03:65:9b:17:ff:05:
                    41:15:60:4c:55:62:41:ef:16:34:f7:7e:5f:0a:2d:
                    ab:a4:cc:c5:c5:f5:7c:41:fe:63:78:1c:eb:e6:39:
                    53:17:01:dd:56:e1:a9:ef:0c:fe:0b:b4:5b:07:28:
                    13:2a:60:42:38:22:35:e2:18:94:b3:92:3e:f5:81:
                    9d:bf:5b:ec:ab:82:6c:45:66:a7:01:3a:6f:a7:82:
                    f1:ac:33:27:01:db:66:5b:c4:36:26:a2:19:80:db:
                    f6:50:6e:ea:f6:00:d9:44:e0:e0:45:45:0b:2f:93:
                    7a:b4:1b:5d:0a:05:3c:3d:d8:ac:60:84:6d:84:db:
                    ec:f1:ee:92:91:1e:3a:35:71:16:9a:1c:8f:49:a1:
                    8d:41:a2:01:33:45:06:17:27:30:f8:55:00:e9:e9:
                    3e:fa:d0:31:4f:7f:cb:33:04:5c:55:47:e5:14:4b:
                    14:fd:7c:0c:7e:8c:3b:fb:14:05:b2:1d:8e:6e:53:
                    7a:f0:7e:7b:c6:24:19:95:35:b9:0e:fb:5b:9b:f1:
                    17:06:74:e0:95:6c:ee:f1:a7:63:ac:4b:6c:f9:bd:
                    5c:0d:15:ba:23:d0:01:c7:fd:9c:c2:1c:8a:c6:03:
                    2e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:9F:88:3C:C2:A7:AA:7D:89:8C:82:92:CD:A4:60:04:AF:47:B7:94
            X509v3 Authority Key Identifier:
                keyid:14:BF:39:13:9B:71:0C:4F:72:37:ED:FD:88:51:86:55:AF:39:C3:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL85E5txDE9yN-39iFGGVa85wyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/bZ-IPMKnqn2JjIKSzaRgBK9Ht5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FL85E5txDE9yN-39iFGGVa85wyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3d81::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:7a:71:eb:51:99:6a:98:5f:41:aa:8c:7e:d0:f8:72:ac:f7:
         12:af:74:c9:10:59:0a:9c:85:56:7f:ab:7a:96:d9:77:15:73:
         fa:82:13:00:78:8e:04:72:62:74:a1:97:e9:f5:49:a2:79:5a:
         e9:b0:d9:0d:6f:61:cd:88:d7:bf:0a:aa:b4:07:7e:93:32:f9:
         9b:e5:d5:17:ee:3a:b2:5e:c1:41:7f:72:c6:b5:8d:d3:6a:49:
         b4:f6:a4:54:89:f4:b8:2a:f0:b5:b6:1d:8a:cb:12:81:d4:4d:
         90:68:9e:3f:68:68:68:ad:9f:5b:ca:a8:a1:eb:7c:3a:58:0f:
         e9:5c:57:d3:d8:18:c1:7f:99:e5:70:21:25:71:26:0a:19:03:
         eb:c7:6a:93:dc:a5:f7:8c:83:79:91:a3:9c:d3:1f:be:e8:8b:
         4a:f5:25:b2:4c:9d:79:ab:ae:a1:e4:3d:9e:79:c3:73:99:89:
         f5:dd:42:68:e5:65:37:b8:6d:67:9e:ad:b0:1c:66:8a:7b:03:
         2d:eb:82:b7:70:26:30:dd:3b:f5:45:65:b3:a8:96:bd:a4:3c:
         80:26:df:10:b0:3b:3b:73:56:53:40:81:d4:af:b0:43:8e:94:
         c8:76:ef:e4:a8:cf:5d:fa:89:22:bb:5f:59:42:b9:da:39:3b:
         c6:7e:4d:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtza7fWRP4KTa7ETvY9jlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmYzOTEzOWI3MTBjNGY3MjM3ZWRmZDg4NTE4NjU1YWYz
OWMzMjMwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDlmODgzY2MyYTdhYTdkODk4YzgyOTJjZGE0NjAwNGFmNDdiNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArx87lInHzHBryObvC/fgt9oJQBTX
1QIDZZsX/wVBFWBMVWJB7xY0935fCi2rpMzFxfV8Qf5jeBzr5jlTFwHdVuGp7wz+
C7RbBygTKmBCOCI14hiUs5I+9YGdv1vsq4JsRWanATpvp4LxrDMnAdtmW8Q2JqIZ
gNv2UG7q9gDZRODgRUULL5N6tBtdCgU8PdisYIRthNvs8e6SkR46NXEWmhyPSaGN
QaIBM0UGFycw+FUA6ek++tAxT3/LMwRcVUflFEsU/XwMfow7+xQFsh2OblN68H57
xiQZlTW5Dvtbm/EXBnTglWzu8adjrEts+b1cDRW6I9ABx/2cwhyKxgMupQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG2fiDzCp6p9iYyCks2kYASvR7eUMB8GA1UdIwQY
MBaAFBS/ORObcQxPcjft/YhRhlWvOcMjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw4NUU1dHhERTl5Ti0zOWlGR0dWYTg1d3lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iOTYyNTktMzNiOC00NTRhLThjNWYt
YTg2MmI4ODU5M2EwLzEvYlotSVBNS25xbjJKaklLU3phUmdCSzlIdDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iOTYyNTktMzNiOC00NTRhLThjNWYtYTg2MmI4ODU5M2Ew
LzEvRkw4NUU1dHhERTl5Ti0zOWlGR0dWYTg1d3lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhM9gQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBKenHrUZlqmF9Bqox+0PhyrPcSr3TJEFkKnIVW
f6t6ltl3FXP6ghMAeI4EcmJ0oZfp9UmieVrpsNkNb2HNiNe/Cqq0B36TMvmb5dUX
7jqyXsFBf3LGtY3Takm09qRUifS4KvC1th2KyxKB1E2QaJ4/aGhorZ9byqih63w6
WA/pXFfT2BjBf5nlcCElcSYKGQPrx2qT3KX3jIN5kaOc0x++6ItK9SWyTJ15q66h
5D2eecNzmYn13UJo5WU3uG1nnq2wHGaKewMt64K3cCYw3Tv1RWWzqJa9pDyAJt8Q
sDs7c1ZTQIHUr7BDjpTIdu/kqM9d+okiu19ZQrnaOTvGfk1Q
-----END CERTIFICATE-----