Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/eWX5ufeAL_W1niX8HTHidwRee2w.roa
File:                     eWX5ufeAL_W1niX8HTHidwRee2w.roa (raw, json)
Hash identifier:          5FMrkC1e3v7Q4VryxY70BJPiGlqUtyjNNZ/xK1YAgks=
Subject key identifier:   79:65:F9:B9:F7:80:2F:F5:B5:9E:25:FC:1D:31:E2:77:04:5E:7B:6C
Certificate issuer:       /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial:       018CC492E2C6C596A90D3125C33B75D8BCD5
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/eWX5ufeAL_W1niX8HTHidwRee2w.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        2001:2000:3000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e2:c6:c5:96:a9:0d:31:25:c3:3b:75:d8:bc:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7965f9b9f7802ff5b59e25fc1d31e277045e7b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9c:de:e3:cd:5f:c1:76:de:4f:36:c0:fb:03:
                    b3:72:6f:e5:be:f3:a4:b7:a6:15:fb:53:ca:e5:e5:
                    8e:f4:53:83:0d:e3:39:7f:b1:5d:be:b8:df:19:60:
                    f9:8d:16:89:38:6f:7d:25:ae:ce:16:d7:5f:79:c3:
                    e0:f4:70:a2:df:ab:26:00:5c:0e:f1:a8:1d:a9:75:
                    c2:ab:e2:ea:cf:09:b0:9f:74:06:5f:76:ba:f7:6c:
                    47:d0:a8:ab:5b:64:cb:d2:7b:a6:eb:71:62:1e:26:
                    20:1c:5d:e0:88:5b:aa:76:e0:1e:33:73:f0:73:d6:
                    13:94:f3:b8:6b:47:0f:35:32:d2:3d:72:13:5e:0a:
                    b2:97:a2:a5:c9:ec:16:ae:c5:b1:0d:d7:c8:88:53:
                    67:4a:69:fb:65:4d:a6:f2:cb:d1:ee:c0:8c:7d:15:
                    c7:5e:2b:6f:1d:20:e7:db:f2:35:60:0c:5e:02:5c:
                    ed:1e:a0:15:ce:ef:4f:3e:97:fd:97:54:1c:b1:34:
                    aa:51:06:af:bd:58:6d:6a:4c:fe:65:5e:43:fd:a6:
                    ff:a5:70:2b:64:9c:d4:e5:44:06:e4:f7:cf:d5:cd:
                    f7:c0:75:fb:17:75:f4:db:cc:f4:fb:4e:40:65:12:
                    1f:10:69:c9:06:fe:c0:a4:48:31:ac:aa:5a:b1:42:
                    6c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:65:F9:B9:F7:80:2F:F5:B5:9E:25:FC:1D:31:E2:77:04:5E:7B:6C
            X509v3 Authority Key Identifier:
                keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/eWX5ufeAL_W1niX8HTHidwRee2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:2000:3000::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:6e:97:e7:36:20:32:80:1f:b5:7e:65:1f:79:68:bb:53:8d:
         d6:5a:e6:d3:16:f1:a1:7f:91:c7:a7:33:c5:b9:ab:e3:e9:12:
         e7:de:03:6c:48:49:f9:93:78:8a:f3:6e:04:70:74:e3:28:27:
         ab:39:54:78:87:04:20:98:2f:e9:a6:ca:07:05:8f:49:a8:1f:
         ed:87:df:96:54:a3:48:8c:d1:2b:97:00:83:63:f0:e8:24:6d:
         89:f4:08:8d:c9:90:e0:f7:dc:ff:e9:8d:50:78:b9:d4:de:0e:
         5a:67:ea:7f:ed:64:77:2d:17:b1:a5:9e:21:40:06:5c:6a:50:
         16:b0:11:41:e7:bd:b9:0d:5e:aa:7f:33:9d:ae:fc:93:72:8b:
         1a:84:80:78:33:49:a8:b8:29:75:4f:c6:50:eb:18:6e:bc:d7:
         18:8f:ec:02:8e:1d:2b:65:61:20:cd:cb:39:d8:9b:3b:20:73:
         19:3b:88:b9:26:f1:38:45:7a:1c:68:b5:21:2a:74:fc:05:bf:
         d3:09:4a:1e:61:17:98:1d:16:30:c3:c3:d5:31:b0:e0:55:23:
         f0:83:54:6b:82:c8:06:4d:07:2a:3e:e8:52:ce:e3:eb:e9:8e:
         66:fa:23:eb:e9:f4:e7:c9:b4:ee:89:0c:8e:e6:ea:60:8f:73:
         f4:f2:74:2b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEkuLGxZapDTElwzt12LzVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTY1ZjliOWY3ODAyZmY1YjU5ZTI1ZmMxZDMxZTI3NzA0NWU3YjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZze481fwXbeTzbA+wOzcm/lvvOk
t6YV+1PK5eWO9FODDeM5f7FdvrjfGWD5jRaJOG99Ja7OFtdfecPg9HCi36smAFwO
8agdqXXCq+Lqzwmwn3QGX3a692xH0KirW2TL0num63FiHiYgHF3giFuqduAeM3Pw
c9YTlPO4a0cPNTLSPXITXgqyl6KlyewWrsWxDdfIiFNnSmn7ZU2m8svR7sCMfRXH
XitvHSDn2/I1YAxeAlztHqAVzu9PPpf9l1QcsTSqUQavvVhtakz+ZV5D/ab/pXAr
ZJzU5UQG5PfP1c33wHX7F3X028z0+05AZRIfEGnJBv7ApEgxrKpasUJs4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHll+bn3gC/1tZ4l/B0x4ncEXntsMB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvZVdYNXVmZUFMX1cxbmlYOEhUSGlkd1JlZTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAIAEgADAw
DQYJKoZIhvcNAQELBQADggEBADJul+c2IDKAH7V+ZR95aLtTjdZa5tMW8aF/kcen
M8W5q+PpEufeA2xISfmTeIrzbgRwdOMoJ6s5VHiHBCCYL+mmygcFj0moH+2H35ZU
o0iM0SuXAINj8OgkbYn0CI3JkOD33P/pjVB4udTeDlpn6n/tZHctF7GlniFABlxq
UBawEUHnvbkNXqp/M52u/JNyixqEgHgzSai4KXVPxlDrGG681xiP7AKOHStlYSDN
yznYmzsgcxk7iLkm8ThFehxotSEqdPwFv9MJSh5hF5gdFjDDw9UxsOBVI/CDVGuC
yAZNByo+6FLO4+vpjmb6I+vp9OfJtO6JDI7m6mCPc/TydCs=
-----END CERTIFICATE-----