Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/7-XRHhcfl-DmlmC_OuJxJU8f3Z0.roa
File:                     7-XRHhcfl-DmlmC_OuJxJU8f3Z0.roa (raw, json)
Hash identifier:          QF0FJk0X6+Q8j3fvOe2ZQoQSga7sR3h1gIbfi1KtMTQ=
Subject key identifier:   EF:E5:D1:1E:17:1F:97:E0:E6:96:60:BF:3A:E2:71:25:4F:1F:DD:9D
Certificate issuer:       /CN=54041941b1450d6b95b58ca3f077ce208dfdfb4b
Certificate serial:       018CC50120F1D984FF444ED2442CC7687FEC
Authority key identifier: 54:04:19:41:B1:45:0D:6B:95:B5:8C:A3:F0:77:CE:20:8D:FD:FB:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VAQZQbFFDWuVtYyj8HfOII39-0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/7-XRHhcfl-DmlmC_OuJxJU8f3Z0.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        2a13:b580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/VAQZQbFFDWuVtYyj8HfOII39-0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/VAQZQbFFDWuVtYyj8HfOII39-0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VAQZQbFFDWuVtYyj8HfOII39-0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:20:f1:d9:84:ff:44:4e:d2:44:2c:c7:68:7f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54041941b1450d6b95b58ca3f077ce208dfdfb4b
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efe5d11e171f97e0e69660bf3ae271254f1fdd9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a3:3e:91:7d:45:f3:55:ac:ad:90:e7:4d:99:
                    13:3d:aa:68:28:f7:a9:77:ad:fe:ee:04:fd:79:a4:
                    5f:86:ab:85:e8:e3:ae:e3:b8:fa:9d:95:1b:6e:6c:
                    10:c5:57:fb:dc:39:af:b7:09:39:45:6a:76:af:9a:
                    50:0f:92:c3:ea:97:88:f7:62:3e:65:ed:4c:22:c3:
                    b0:2c:23:f0:4d:33:b7:3f:f1:4a:f5:a2:13:64:e5:
                    41:91:6e:3e:69:07:ea:38:30:2b:99:71:1c:cd:4c:
                    ae:c2:36:d3:b7:9f:8b:ec:be:1f:e4:9d:62:84:73:
                    12:ae:eb:81:a3:de:2c:42:dc:e5:81:67:46:11:2d:
                    84:c1:d6:ae:df:f0:44:22:d8:3d:3a:e6:d7:73:3b:
                    58:c5:f4:75:42:54:45:91:e7:e2:1f:b2:dd:50:25:
                    3b:79:ab:15:89:ec:98:b3:69:05:3d:b8:3b:5d:d0:
                    59:be:95:ea:f7:f2:65:a0:b4:45:da:1a:97:e4:7b:
                    44:01:a8:80:76:c7:b2:42:9f:e3:39:33:b0:1c:67:
                    12:e5:90:5f:20:dd:eb:db:58:75:8c:23:e9:e6:38:
                    a1:d6:da:c7:d3:21:fe:4e:9b:6d:37:fa:df:06:3f:
                    4a:b0:38:cd:2b:86:f3:01:fb:eb:b5:39:25:95:2b:
                    96:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E5:D1:1E:17:1F:97:E0:E6:96:60:BF:3A:E2:71:25:4F:1F:DD:9D
            X509v3 Authority Key Identifier:
                keyid:54:04:19:41:B1:45:0D:6B:95:B5:8C:A3:F0:77:CE:20:8D:FD:FB:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VAQZQbFFDWuVtYyj8HfOII39-0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/7-XRHhcfl-DmlmC_OuJxJU8f3Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/VAQZQbFFDWuVtYyj8HfOII39-0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b580::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:d2:0a:6f:25:a5:1d:2e:81:87:4d:cb:9d:ae:48:13:bc:25:
         bd:c4:f9:d7:42:d0:04:f6:97:e2:1f:2d:6e:d7:e2:a9:63:54:
         b6:fd:02:fa:da:3c:9c:75:6e:5e:d4:2f:12:37:45:3b:7c:22:
         df:85:10:cb:62:f4:e7:8c:db:3e:8d:61:a9:c1:12:62:26:3c:
         db:4f:70:cb:b3:5c:a8:78:4f:c9:90:08:6c:ac:11:d5:94:57:
         2c:c5:78:3f:d2:71:5a:e8:bd:ba:64:cc:1d:b8:7d:ed:a4:26:
         57:29:cc:13:87:15:dd:bf:62:f0:fc:bd:23:8b:dd:b9:c5:2f:
         dd:24:48:30:bd:d9:ea:4b:8e:64:5f:01:aa:3d:9e:58:13:4a:
         7b:8b:7e:31:b2:ac:fc:c7:58:00:2e:d7:68:b4:3f:11:08:42:
         7f:6c:f2:66:49:6b:6f:13:df:d9:39:44:2b:c9:a9:e3:1a:8f:
         16:39:32:27:0c:b3:43:0c:9d:34:03:bb:e4:ab:54:e6:08:9d:
         66:ec:08:c3:c0:46:c1:e1:dc:4e:51:22:a6:16:6f:1f:de:1a:
         b2:b7:91:96:dd:17:42:98:6b:e0:83:50:66:78:b4:cd:86:9b:
         aa:8a:3c:04:4d:23:4b:5f:93:4f:f7:8a:31:dd:44:d7:89:ad:
         7a:1a:6d:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFASDx2YT/RE7SRCzHaH/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MDQxOTQxYjE0NTBkNmI5NWI1OGNhM2YwNzdjZTIwOGRm
ZGZiNGIwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmU1ZDExZTE3MWY5N2UwZTY5NjYwYmYzYWUyNzEyNTRmMWZkZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqM+kX1F81WsrZDnTZkTPapoKPep
d63+7gT9eaRfhquF6OOu47j6nZUbbmwQxVf73Dmvtwk5RWp2r5pQD5LD6peI92I+
Ze1MIsOwLCPwTTO3P/FK9aITZOVBkW4+aQfqODArmXEczUyuwjbTt5+L7L4f5J1i
hHMSruuBo94sQtzlgWdGES2Ewdau3/BEItg9OubXcztYxfR1QlRFkefiH7LdUCU7
easVieyYs2kFPbg7XdBZvpXq9/JloLRF2hqX5HtEAaiAdseyQp/jOTOwHGcS5ZBf
IN3r21h1jCPp5jih1trH0yH+TpttN/rfBj9KsDjNK4bzAfvrtTkllSuWdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO/l0R4XH5fg5pZgvzricSVPH92dMB8GA1UdIwQY
MBaAFFQEGUGxRQ1rlbWMo/B3ziCN/ftLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkFRWlFiRkZEV3VWdFl5ajhIZk9JSTM5LTBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi85Mzk4YjAtMmZiYi00YmQzLWI5YmMt
MWU4OWY5Njk1ZDFiLzEvNy1YUkhoY2ZsLURtbG1DX091SnhKVThmM1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi85Mzk4YjAtMmZiYi00YmQzLWI5YmMtMWU4OWY5Njk1ZDFi
LzEvVkFRWlFiRkZEV3VWdFl5ajhIZk9JSTM5LTBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO1gDAN
BgkqhkiG9w0BAQsFAAOCAQEAEdIKbyWlHS6Bh03Lna5IE7wlvcT510LQBPaX4h8t
btfiqWNUtv0C+to8nHVuXtQvEjdFO3wi34UQy2L054zbPo1hqcESYiY8209wy7Nc
qHhPyZAIbKwR1ZRXLMV4P9JxWui9umTMHbh97aQmVynME4cV3b9i8Py9I4vducUv
3SRIML3Z6kuOZF8Bqj2eWBNKe4t+MbKs/MdYAC7XaLQ/EQhCf2zyZklrbxPf2TlE
K8mp4xqPFjkyJwyzQwydNAO75KtU5gidZuwIw8BGweHcTlEiphZvH94asreRlt0X
Qphr4INQZni0zYabqoo8BE0jS1+TT/eKMd1E14mtehpt3w==
-----END CERTIFICATE-----