Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/_eiihQa_YMk-2tkX7khBP4mQeIg.roa
File:                     _eiihQa_YMk-2tkX7khBP4mQeIg.roa (raw, json)
Hash identifier:          SwWFtPUMPbDGz3nhjXsC1EdE8kfAvv0MrwjnW6W9/TE=
Subject key identifier:   FD:E8:A2:85:06:BF:60:C9:3E:DA:D9:17:EE:48:41:3F:89:90:78:88
Certificate issuer:       /CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
Certificate serial:       018CC50147AD2376A8A6D2D851BB8D0F5EF4
Authority key identifier: EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/_eiihQa_YMk-2tkX7khBP4mQeIg.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:5941::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:47:ad:23:76:a8:a6:d2:d8:51:bb:8d:0f:5e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fde8a28506bf60c93edad917ee48413f89907888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:36:f5:3e:54:1a:c0:83:80:70:11:1c:73:31:
                    c9:c4:f8:19:40:ec:8c:ce:1f:9f:74:3a:6b:41:d1:
                    40:27:67:21:fd:e5:cd:d7:a5:57:c4:0c:8d:cb:6c:
                    42:97:59:c0:af:77:79:9f:22:1d:f6:11:08:ec:86:
                    a5:ef:c5:81:6c:19:4c:0a:d3:ca:bf:f8:e2:91:4e:
                    83:76:4d:31:e3:d9:83:6c:71:4b:d5:61:17:1d:00:
                    b3:e4:22:0d:11:f6:ff:2e:1b:bb:73:24:78:c1:f4:
                    1a:1c:3e:38:1f:bb:fa:00:62:c4:cd:32:99:23:1b:
                    92:a2:7d:b5:5d:f7:07:03:f0:c0:53:9d:5b:99:e6:
                    e8:22:e6:96:fe:67:9f:96:2a:6c:b9:3f:0d:81:2b:
                    97:fd:d8:77:af:ad:32:4c:89:e7:6c:e0:c4:ad:32:
                    f7:9e:1a:da:f9:da:3a:b8:e6:e9:81:c8:19:4b:22:
                    ab:47:56:e6:c9:25:1a:ab:22:b2:74:ee:a3:b9:0b:
                    48:cb:9c:96:9c:44:e7:37:30:d5:81:6a:71:73:a2:
                    dd:c4:06:89:9f:d3:d0:64:4a:62:0f:cd:71:d7:97:
                    76:49:a2:aa:ef:ca:dd:9f:67:ea:5b:4d:b6:92:7a:
                    ca:fb:79:b3:f3:73:76:40:c0:d1:24:f4:f1:86:6f:
                    ba:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E8:A2:85:06:BF:60:C9:3E:DA:D9:17:EE:48:41:3F:89:90:78:88
            X509v3 Authority Key Identifier:
                keyid:EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/_eiihQa_YMk-2tkX7khBP4mQeIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5941::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:01:ae:c4:56:74:09:fc:fc:45:08:6c:9b:4f:28:c4:b5:e3:
         7d:c9:b3:c3:f7:83:d6:f7:14:9e:f9:c0:63:4b:26:4f:ff:55:
         78:6a:80:08:75:a4:47:d9:88:b3:5e:f9:aa:78:a9:b4:eb:2e:
         83:56:ab:4a:a8:02:62:b1:4b:c6:92:96:c3:47:c1:28:63:a1:
         13:43:f8:cc:ac:7b:6c:6f:e8:77:aa:79:f0:53:41:a7:80:18:
         1d:86:b8:b2:b3:97:67:23:db:13:e7:cc:5b:55:81:c3:c0:10:
         d3:7d:e7:3e:7a:45:a4:85:52:b9:82:8d:8c:9f:0f:f4:12:5e:
         f4:74:60:87:6a:f3:fb:3e:61:db:24:42:7a:e9:48:b5:80:d9:
         19:38:a2:c4:4e:bc:12:66:8c:5e:f9:92:62:73:d3:8e:b1:a6:
         96:0d:ae:a6:76:3b:ab:e2:42:a8:c5:da:73:a9:29:f7:71:99:
         85:82:a4:ea:11:a2:95:7f:87:9d:17:fd:fc:06:38:b7:d2:5c:
         3a:4f:fe:a1:81:01:26:cf:bf:ec:fb:cd:af:5c:52:2d:0a:7b:
         74:0f:25:ad:5a:5a:4e:c3:7a:3f:7e:0c:10:bc:a8:a5:7b:4b:
         16:bc:9a:cb:17:48:84:b0:e4:45:71:e0:0b:db:7d:da:b8:0c:
         73:45:f4:cc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAUetI3aoptLYUbuND170MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZTI2NTMxNzljYWZlNWZmNjY1MWM2MDU4YjY3YWQyZDJj
ODQ4NWUwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGU4YTI4NTA2YmY2MGM5M2VkYWQ5MTdlZTQ4NDEzZjg5OTA3ODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDb1PlQawIOAcBEcczHJxPgZQOyM
zh+fdDprQdFAJ2ch/eXN16VXxAyNy2xCl1nAr3d5nyId9hEI7Ial78WBbBlMCtPK
v/jikU6Ddk0x49mDbHFL1WEXHQCz5CINEfb/Lhu7cyR4wfQaHD44H7v6AGLEzTKZ
IxuSon21XfcHA/DAU51bmeboIuaW/meflipsuT8NgSuX/dh3r60yTInnbODErTL3
nhra+do6uObpgcgZSyKrR1bmySUaqyKydO6juQtIy5yWnETnNzDVgWpxc6LdxAaJ
n9PQZEpiD81x15d2SaKq78rdn2fqW022knrK+3mz83N2QMDRJPTxhm+6CQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP3oooUGv2DJPtrZF+5IQT+JkHiIMB8GA1UdIwQY
MBaAFOriZTF5yv5f9mUcYFi2etLSyEheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTkt
OTkyZDc5N2Y0YmJiLzEvX2VpaWhRYV9ZTWstMnRrWDdraEJQNG1RZUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTktOTkyZDc5N2Y0YmJi
LzEvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhNZQTAN
BgkqhkiG9w0BAQsFAAOCAQEALQGuxFZ0Cfz8RQhsm08oxLXjfcmzw/eD1vcUnvnA
Y0smT/9VeGqACHWkR9mIs175qniptOsug1arSqgCYrFLxpKWw0fBKGOhE0P4zKx7
bG/od6p58FNBp4AYHYa4srOXZyPbE+fMW1WBw8AQ033nPnpFpIVSuYKNjJ8P9BJe
9HRgh2rz+z5h2yRCeulItYDZGTiixE68EmaMXvmSYnPTjrGmlg2upnY7q+JCqMXa
c6kp93GZhYKk6hGilX+HnRf9/AY4t9JcOk/+oYEBJs+/7PvNr1xSLQp7dA8lrVpa
TsN6P34MELyopXtLFryayxdIhLDkRXHgC9t92rgMc0X0zA==
-----END CERTIFICATE-----