Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/38e6f7-4e35-4c2d-9977-097cb8df2a24/1/Vj0hnlVlqpllNasabMdw_r1DALg.roa
File:                     Vj0hnlVlqpllNasabMdw_r1DALg.roa (raw, json)
Hash identifier:          0Es0DKQLHL/5MROE579mQjjR9NUVTWu0DXcaeu4vQ9g=
Subject key identifier:   56:3D:21:9E:55:65:AA:99:65:35:AB:1A:6C:C7:70:FE:BD:43:00:B8
Certificate issuer:       /CN=8b9cc57ca84723aec2841145f6f7d301bdf35bac
Certificate serial:       0190396CDE3BF9F0ED2DDC27DF6BB549D8E2
Authority key identifier: 8B:9C:C5:7C:A8:47:23:AE:C2:84:11:45:F6:F7:D3:01:BD:F3:5B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5zFfKhHI67ChBFF9vfTAb3zW6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/38e6f7-4e35-4c2d-9977-097cb8df2a24/1/Vj0hnlVlqpllNasabMdw_r1DALg.roa
Signing time:             Fri 21 Jun 2024 06:12:34 +0000
ROA not before:           Fri 21 Jun 2024 06:12:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215329
IP address blocks:        2a13:c2c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/38e6f7-4e35-4c2d-9977-097cb8df2a24/1/i5zFfKhHI67ChBFF9vfTAb3zW6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/38e6f7-4e35-4c2d-9977-097cb8df2a24/1/i5zFfKhHI67ChBFF9vfTAb3zW6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5zFfKhHI67ChBFF9vfTAb3zW6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:39:6c:de:3b:f9:f0:ed:2d:dc:27:df:6b:b5:49:d8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9cc57ca84723aec2841145f6f7d301bdf35bac
        Validity
            Not Before: Jun 21 06:12:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=563d219e5565aa996535ab1a6cc770febd4300b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:35:9f:a7:92:13:ee:35:50:7d:e7:3a:cd:1a:
                    7c:cc:03:1f:e6:6c:7f:9a:ec:ca:e6:72:3d:d3:ca:
                    de:a1:f1:07:1d:e4:ce:50:64:99:e6:c7:98:b0:a4:
                    b1:31:99:14:bb:42:13:f1:6b:30:f3:1c:47:5e:76:
                    79:e9:c9:96:94:3a:4c:f6:b3:fc:f5:e5:33:d4:3a:
                    e1:ea:87:ce:95:bf:2d:16:1f:bf:18:99:93:d1:b0:
                    ce:00:a9:89:ab:f9:3d:2f:75:75:fc:e4:77:ba:2f:
                    4a:50:00:9b:a9:2a:5b:a4:28:7c:87:e3:2c:4b:4a:
                    47:20:a1:92:30:db:00:a3:29:0f:5d:4e:37:9c:ff:
                    a0:17:18:cb:e4:c2:30:38:11:99:f1:f6:54:9e:21:
                    e8:e1:59:41:d4:22:89:38:b1:70:c6:6d:0e:3d:f2:
                    d4:51:46:51:1a:11:16:f7:5c:7b:15:f4:92:0e:aa:
                    61:1f:f2:cf:42:d9:bf:ff:fb:dd:86:ae:9c:8d:55:
                    4c:34:bd:c0:03:a7:90:46:a5:c0:45:b4:9d:b8:15:
                    65:be:30:0d:db:fc:0f:cf:02:77:51:d9:cb:94:83:
                    e5:12:45:af:89:76:e0:45:13:1d:e9:59:ee:57:2b:
                    2a:e2:87:18:80:02:b6:d0:43:e3:5e:9a:80:c1:35:
                    2c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:3D:21:9E:55:65:AA:99:65:35:AB:1A:6C:C7:70:FE:BD:43:00:B8
            X509v3 Authority Key Identifier:
                keyid:8B:9C:C5:7C:A8:47:23:AE:C2:84:11:45:F6:F7:D3:01:BD:F3:5B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5zFfKhHI67ChBFF9vfTAb3zW6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/38e6f7-4e35-4c2d-9977-097cb8df2a24/1/Vj0hnlVlqpllNasabMdw_r1DALg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/38e6f7-4e35-4c2d-9977-097cb8df2a24/1/i5zFfKhHI67ChBFF9vfTAb3zW6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c2c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:db:c7:24:40:86:e4:b9:20:c9:7c:a2:09:e3:1b:75:81:dc:
         51:8c:0f:75:6d:3c:ce:1a:d4:72:7e:96:d8:58:93:0a:d5:96:
         b6:25:11:d6:82:3f:f1:f8:e6:4c:4f:03:d0:04:43:d5:2d:3d:
         62:4f:1b:45:70:b2:e9:91:05:ac:10:03:92:a9:dd:33:0c:25:
         d4:a1:29:9f:bd:56:9c:ce:d3:6d:ea:dd:d7:c2:84:87:41:f0:
         b3:b7:0c:37:77:eb:7a:78:dd:54:50:19:82:41:ae:15:2d:33:
         bb:77:aa:1e:2d:41:ae:4c:e2:b2:eb:72:cb:a4:72:13:3e:00:
         e5:8c:54:01:70:9d:f3:f6:27:78:6f:42:6b:c0:fe:b3:20:73:
         94:08:6b:84:fb:71:2f:ca:0e:4c:48:c0:c5:57:71:09:65:a8:
         96:c2:48:f8:f6:df:ef:d6:7a:b2:38:da:b4:e3:d9:05:b7:aa:
         de:93:50:49:90:af:0f:90:d7:09:ad:f0:f1:f5:b6:fa:9e:ff:
         87:e5:11:ef:b5:7c:d9:fd:27:12:7d:b1:50:3a:de:47:a4:10:
         04:11:2c:32:2c:8b:e2:53:dd:4e:19:c5:8c:9f:91:46:d0:b0:
         8e:0b:23:f8:77:10:8e:05:4d:b3:99:19:1d:f2:86:79:f9:a2:
         33:e2:12:ba
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZA5bN47+fDtLdwn32u1SdjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOWNjNTdjYTg0NzIzYWVjMjg0MTE0NWY2ZjdkMzAxYmRm
MzViYWMwHhcNMjQwNjIxMDYxMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjNkMjE5ZTU1NjVhYTk5NjUzNWFiMWE2Y2M3NzBmZWJkNDMwMGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTWfp5IT7jVQfec6zRp8zAMf5mx/
muzK5nI908reofEHHeTOUGSZ5seYsKSxMZkUu0IT8Wsw8xxHXnZ56cmWlDpM9rP8
9eUz1Drh6ofOlb8tFh+/GJmT0bDOAKmJq/k9L3V1/OR3ui9KUACbqSpbpCh8h+Ms
S0pHIKGSMNsAoykPXU43nP+gFxjL5MIwOBGZ8fZUniHo4VlB1CKJOLFwxm0OPfLU
UUZRGhEW91x7FfSSDqphH/LPQtm///vdhq6cjVVMNL3AA6eQRqXARbSduBVlvjAN
2/wPzwJ3UdnLlIPlEkWviXbgRRMd6VnuVysq4ocYgAK20EPjXpqAwTUsQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFY9IZ5VZaqZZTWrGmzHcP69QwC4MB8GA1UdIwQY
MBaAFIucxXyoRyOuwoQRRfb30wG981usMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTV6RmZLaEhJNjdDaEJGRjl2ZlRBYjN6VzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zOGU2ZjctNGUzNS00YzJkLTk5Nzct
MDk3Y2I4ZGYyYTI0LzEvVmowaG5sVmxxcGxsTmFzYWJNZHdfcjFEQUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zOGU2ZjctNGUzNS00YzJkLTk5NzctMDk3Y2I4ZGYyYTI0
LzEvaTV6RmZLaEhJNjdDaEJGRjl2ZlRBYjN6VzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPCwDAN
BgkqhkiG9w0BAQsFAAOCAQEAs9vHJECG5LkgyXyiCeMbdYHcUYwPdW08zhrUcn6W
2FiTCtWWtiUR1oI/8fjmTE8D0ARD1S09Yk8bRXCy6ZEFrBADkqndMwwl1KEpn71W
nM7Tberd18KEh0Hws7cMN3frenjdVFAZgkGuFS0zu3eqHi1Brkzisutyy6RyEz4A
5YxUAXCd8/YneG9Ca8D+syBzlAhrhPtxL8oOTEjAxVdxCWWolsJI+Pbf79Z6sjja
tOPZBbeq3pNQSZCvD5DXCa3w8fW2+p7/h+UR77V82f0nEn2xUDreR6QQBBEsMiyL
4lPdThnFjJ+RRtCwjgsj+HcQjgVNs5kZHfKGefmiM+ISug==
-----END CERTIFICATE-----