Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/b59a8b-8753-4094-bba7-eccc2c1b1c23/1/7UeBLWb2Js8qrltDOVRfMkp7E4Y.roa
File:                     7UeBLWb2Js8qrltDOVRfMkp7E4Y.roa (raw, json)
Hash identifier:          cEBlubxqEad4B/ptR5e6bX6D8G7cBeoE0qTkcZkgXas=
Subject key identifier:   ED:47:81:2D:66:F6:26:CF:2A:AE:5B:43:39:54:5F:32:4A:7B:13:86
Certificate issuer:       /CN=b78150f04c3234dbf9f11e11079932802d268fb1
Certificate serial:       018E50DA4314D1F36EE045434F7517BB9D0F
Authority key identifier: B7:81:50:F0:4C:32:34:DB:F9:F1:1E:11:07:99:32:80:2D:26:8F:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t4FQ8EwyNNv58R4RB5kygC0mj7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/b59a8b-8753-4094-bba7-eccc2c1b1c23/1/7UeBLWb2Js8qrltDOVRfMkp7E4Y.roa
Signing time:             Mon 18 Mar 2024 09:17:45 +0000
ROA not before:           Mon 18 Mar 2024 09:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47951
IP address blocks:        2a13:9740::/29 maxlen: 29
                          2a13:9740::/30 maxlen: 30
                          2a13:9744::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/b59a8b-8753-4094-bba7-eccc2c1b1c23/1/t4FQ8EwyNNv58R4RB5kygC0mj7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/b59a8b-8753-4094-bba7-eccc2c1b1c23/1/t4FQ8EwyNNv58R4RB5kygC0mj7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t4FQ8EwyNNv58R4RB5kygC0mj7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:50:da:43:14:d1:f3:6e:e0:45:43:4f:75:17:bb:9d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b78150f04c3234dbf9f11e11079932802d268fb1
        Validity
            Not Before: Mar 18 09:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed47812d66f626cf2aae5b4339545f324a7b1386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e6:12:d8:73:c1:29:e6:3e:34:d2:90:a0:f9:
                    19:fa:a3:b5:48:53:78:a6:41:b4:d5:8b:23:8a:35:
                    bc:e3:e3:78:ee:55:13:6f:07:01:e6:71:c1:1c:ee:
                    c7:68:d6:9a:30:96:57:2c:a3:24:c9:7a:44:e2:b4:
                    25:f1:ba:3a:25:ba:9f:39:c8:e2:27:0e:f5:67:3e:
                    b2:5b:5e:44:e0:37:0a:21:d7:ef:41:e3:be:08:99:
                    de:86:44:a6:14:aa:f7:61:5e:d4:7f:5d:92:1f:55:
                    81:61:bf:06:62:39:bc:72:41:41:ea:09:13:9c:27:
                    20:f1:f4:53:35:15:0d:76:a4:7a:33:fa:3a:e0:eb:
                    0e:93:65:df:75:46:8b:8e:16:7a:ff:25:41:ab:63:
                    df:30:b6:e6:19:8b:a6:1f:b0:ec:5f:a9:3f:96:3d:
                    d6:34:20:98:33:f0:6a:43:87:4d:40:1d:a4:30:51:
                    1f:06:c9:38:ca:c3:77:30:ae:3f:02:f1:a4:b9:90:
                    db:ba:31:34:a2:62:a6:87:d7:9f:96:4a:8a:b6:71:
                    84:ba:31:9f:93:63:ba:02:55:75:dd:90:b7:96:18:
                    e8:d6:c9:1a:7c:69:b4:a4:84:af:68:9e:f7:ef:d5:
                    39:c7:23:b1:01:1c:a0:ac:06:dc:d5:7c:1f:bc:2c:
                    37:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:47:81:2D:66:F6:26:CF:2A:AE:5B:43:39:54:5F:32:4A:7B:13:86
            X509v3 Authority Key Identifier:
                keyid:B7:81:50:F0:4C:32:34:DB:F9:F1:1E:11:07:99:32:80:2D:26:8F:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4FQ8EwyNNv58R4RB5kygC0mj7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/b59a8b-8753-4094-bba7-eccc2c1b1c23/1/7UeBLWb2Js8qrltDOVRfMkp7E4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/b59a8b-8753-4094-bba7-eccc2c1b1c23/1/t4FQ8EwyNNv58R4RB5kygC0mj7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9740::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:c4:0f:5d:8e:2b:ed:2d:7b:87:fa:4a:06:fc:e1:0e:de:1d:
         7b:22:5c:cc:74:ab:4d:e5:9b:cd:f0:6f:a5:88:05:f6:d1:f2:
         0e:24:e1:78:44:67:de:a4:2b:72:e6:83:20:df:ce:e7:21:92:
         38:ed:cc:40:cb:04:34:b5:51:8e:3f:95:af:92:d4:3b:e9:5d:
         12:90:39:f2:b5:23:49:3d:ea:b0:e3:c0:4b:5a:7b:01:6e:3e:
         35:d7:07:32:75:18:8c:1b:41:1b:00:a8:25:bd:85:c2:6a:9b:
         27:0b:cb:5f:10:93:8d:75:81:9d:74:b3:e5:6a:dc:8d:0c:96:
         e9:de:6c:78:f8:33:49:d2:8c:fd:ee:ac:df:e0:26:9d:22:83:
         48:ce:8f:13:6e:a2:a0:d7:8d:cf:5a:a2:0a:35:86:52:f4:f0:
         38:d4:52:01:0b:58:ff:d1:00:28:d3:ed:1d:90:7b:25:e8:e6:
         6c:53:7f:16:b0:75:ce:81:55:33:78:4f:25:57:cd:8c:40:59:
         b3:1d:3d:7c:e0:a2:2f:e6:43:a0:a1:1a:7b:55:67:a9:6d:a4:
         91:a7:d8:55:70:8b:65:e6:5d:2e:d2:95:12:99:5b:b0:72:fa:
         49:77:5e:28:ff:9c:d7:74:ac:84:4e:98:38:4b:76:11:92:91:
         8c:24:d2:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY5Q2kMU0fNu4EVDT3UXu50PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODE1MGYwNGMzMjM0ZGJmOWYxMWUxMTA3OTkzMjgwMmQy
NjhmYjEwHhcNMjQwMzE4MDkxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQ3ODEyZDY2ZjYyNmNmMmFhZTViNDMzOTU0NWYzMjRhN2IxMzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteYS2HPBKeY+NNKQoPkZ+qO1SFN4
pkG01YsjijW84+N47lUTbwcB5nHBHO7HaNaaMJZXLKMkyXpE4rQl8bo6JbqfOcji
Jw71Zz6yW15E4DcKIdfvQeO+CJnehkSmFKr3YV7Uf12SH1WBYb8GYjm8ckFB6gkT
nCcg8fRTNRUNdqR6M/o64OsOk2XfdUaLjhZ6/yVBq2PfMLbmGYumH7DsX6k/lj3W
NCCYM/BqQ4dNQB2kMFEfBsk4ysN3MK4/AvGkuZDbujE0omKmh9eflkqKtnGEujGf
k2O6AlV13ZC3lhjo1skafGm0pISvaJ7379U5xyOxARygrAbc1XwfvCw3bQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO1HgS1m9ibPKq5bQzlUXzJKexOGMB8GA1UdIwQY
MBaAFLeBUPBMMjTb+fEeEQeZMoAtJo+xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRGUThFd3lOTnY1OFI0UkI1a3lnQzBtajdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9iNTlhOGItODc1My00MDk0LWJiYTct
ZWNjYzJjMWIxYzIzLzEvN1VlQkxXYjJKczhxcmx0RE9WUmZNa3A3RTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9iNTlhOGItODc1My00MDk0LWJiYTctZWNjYzJjMWIxYzIz
LzEvdDRGUThFd3lOTnY1OFI0UkI1a3lnQzBtajdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOXQDAN
BgkqhkiG9w0BAQsFAAOCAQEAlcQPXY4r7S17h/pKBvzhDt4deyJczHSrTeWbzfBv
pYgF9tHyDiTheERn3qQrcuaDIN/O5yGSOO3MQMsENLVRjj+Vr5LUO+ldEpA58rUj
ST3qsOPAS1p7AW4+NdcHMnUYjBtBGwCoJb2FwmqbJwvLXxCTjXWBnXSz5WrcjQyW
6d5sePgzSdKM/e6s3+AmnSKDSM6PE26ioNeNz1qiCjWGUvTwONRSAQtY/9EAKNPt
HZB7JejmbFN/FrB1zoFVM3hPJVfNjEBZsx09fOCiL+ZDoKEae1VnqW2kkafYVXCL
ZeZdLtKVEplbsHL6SXdeKP+c13SshE6YOEt2EZKRjCTShw==
-----END CERTIFICATE-----