Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/lu2j8WJKK7unAOxMlXtz3P0QTZ8.roa
File:                     lu2j8WJKK7unAOxMlXtz3P0QTZ8.roa (raw, json)
Hash identifier:          9OhdLnimw4j99HTOMOMbO6d5w/4GRRR5/u5UAZykHqE=
Subject key identifier:   96:ED:A3:F1:62:4A:2B:BB:A7:00:EC:4C:95:7B:73:DC:FD:10:4D:9F
Certificate issuer:       /CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
Certificate serial:       018CC501481D4C88C86D88E2ADA619AFB998
Authority key identifier: EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/lu2j8WJKK7unAOxMlXtz3P0QTZ8.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:5941::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:48:1d:4c:88:c8:6d:88:e2:ad:a6:19:af:b9:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96eda3f1624a2bbba700ec4c957b73dcfd104d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:49:bf:b4:0a:63:1c:20:26:a2:b9:2d:9f:5e:
                    55:0b:11:38:c5:6e:a4:f7:0b:7c:51:5f:5d:15:c4:
                    90:02:1e:74:94:1c:a4:9e:28:02:51:7e:38:89:04:
                    80:06:ca:36:bc:cd:b0:21:d7:0f:d7:13:4a:bf:9a:
                    50:54:77:53:ab:51:bb:7e:a3:6a:7e:4c:8e:7b:8a:
                    9b:fd:0c:77:cf:db:a6:34:91:d8:10:47:3f:21:85:
                    3e:f8:0c:48:79:a1:44:48:f9:1d:23:cc:4c:5c:3e:
                    c4:ae:23:13:e0:5a:9b:d1:aa:91:cd:43:5e:57:98:
                    1f:d8:b8:f5:69:68:94:93:a9:63:84:f0:0d:ec:9f:
                    f5:46:09:7a:b5:c7:ef:ae:7b:bd:ee:2e:de:4a:b2:
                    f1:6c:00:c5:23:77:b7:e3:21:46:f0:4b:f3:2a:5e:
                    85:54:a0:de:53:68:bf:53:36:a0:95:6d:ab:15:0b:
                    51:6d:38:ec:29:04:73:76:8f:43:fc:00:89:82:27:
                    e0:1d:7e:e4:37:20:18:26:09:ab:8c:d8:86:ec:de:
                    7d:09:f0:4e:71:c1:e0:23:a2:bd:f4:d4:18:5f:66:
                    31:7a:1c:d0:0c:63:93:4b:fb:1e:76:e4:67:15:22:
                    36:9a:84:53:8b:6e:f2:d1:10:5e:89:93:0f:8f:5a:
                    81:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:ED:A3:F1:62:4A:2B:BB:A7:00:EC:4C:95:7B:73:DC:FD:10:4D:9F
            X509v3 Authority Key Identifier:
                keyid:EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/lu2j8WJKK7unAOxMlXtz3P0QTZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5941::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:ef:d1:53:81:4b:e1:48:e9:0c:88:58:b4:84:bf:64:d8:5d:
         5c:de:a4:42:ef:0c:eb:7a:ae:65:31:2b:26:9b:4a:30:aa:9f:
         99:65:52:71:26:86:d7:f5:aa:b2:c1:be:fa:11:37:7e:45:71:
         02:18:c6:5b:39:d2:45:c8:09:1b:c5:23:7e:88:ae:00:94:d8:
         bb:8c:a0:85:c0:86:5c:05:5a:74:94:40:e0:3a:d8:ac:3d:2b:
         06:5f:02:ab:7e:38:32:fe:d4:31:9c:29:98:4f:85:b0:ea:61:
         83:5b:fe:9d:80:e3:ff:66:3c:8e:72:63:7e:b0:b2:5f:e2:4e:
         a4:d1:8e:59:93:03:14:41:37:84:cb:7b:19:ad:e9:ca:35:62:
         86:ec:38:c9:3a:bb:c9:1d:51:e3:f0:2f:0e:b0:fb:57:87:68:
         05:b9:b7:09:cf:dc:5d:28:b5:ca:60:c4:06:0a:f0:2f:91:a5:
         f8:c2:bd:6d:68:92:a1:6b:30:b5:bf:9b:f3:b2:1e:1b:f5:5a:
         28:67:57:15:b2:e8:a1:6b:9c:ad:52:c7:26:6e:50:8c:dd:7f:
         aa:31:d2:6c:56:43:7b:09:3c:ac:ce:dc:82:65:c0:bc:b7:d4:
         74:61:8c:13:3d:39:e2:d9:3a:4c:81:61:d5:57:cd:6b:fe:bb:
         b7:56:e1:62
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAUgdTIjIbYjiraYZr7mYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZTI2NTMxNzljYWZlNWZmNjY1MWM2MDU4YjY3YWQyZDJj
ODQ4NWUwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmVkYTNmMTYyNGEyYmJiYTcwMGVjNGM5NTdiNzNkY2ZkMTA0ZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkm/tApjHCAmorktn15VCxE4xW6k
9wt8UV9dFcSQAh50lByknigCUX44iQSABso2vM2wIdcP1xNKv5pQVHdTq1G7fqNq
fkyOe4qb/Qx3z9umNJHYEEc/IYU++AxIeaFESPkdI8xMXD7EriMT4Fqb0aqRzUNe
V5gf2Lj1aWiUk6ljhPAN7J/1Rgl6tcfvrnu97i7eSrLxbADFI3e34yFG8EvzKl6F
VKDeU2i/UzaglW2rFQtRbTjsKQRzdo9D/ACJgifgHX7kNyAYJgmrjNiG7N59CfBO
ccHgI6K99NQYX2YxehzQDGOTS/seduRnFSI2moRTi27y0RBeiZMPj1qBewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJbto/FiSiu7pwDsTJV7c9z9EE2fMB8GA1UdIwQY
MBaAFOriZTF5yv5f9mUcYFi2etLSyEheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTkt
OTkyZDc5N2Y0YmJiLzEvbHUyajhXSktLN3VuQU94TWxYdHozUDBRVFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTktOTkyZDc5N2Y0YmJi
LzEvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhNZQTAN
BgkqhkiG9w0BAQsFAAOCAQEAUu/RU4FL4UjpDIhYtIS/ZNhdXN6kQu8M63quZTEr
JptKMKqfmWVScSaG1/WqssG++hE3fkVxAhjGWznSRcgJG8UjfoiuAJTYu4yghcCG
XAVadJRA4DrYrD0rBl8Cq344Mv7UMZwpmE+FsOphg1v+nYDj/2Y8jnJjfrCyX+JO
pNGOWZMDFEE3hMt7Ga3pyjVihuw4yTq7yR1R4/AvDrD7V4doBbm3Cc/cXSi1ymDE
BgrwL5Gl+MK9bWiSoWswtb+b87IeG/VaKGdXFbLooWucrVLHJm5QjN1/qjHSbFZD
ewk8rM7cgmXAvLfUdGGMEz054tk6TIFh1VfNa/67t1bhYg==
-----END CERTIFICATE-----