Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/DVwTkrk_WqZKzjQozaLhpaSO6Q8.roa
File:                     DVwTkrk_WqZKzjQozaLhpaSO6Q8.roa (raw, json)
Hash identifier:          yCqnlu+N0ghb3IrBZlFqA6Cj/UwVETFEr/P4xxmEfG0=
Subject key identifier:   0D:5C:13:92:B9:3F:5A:A6:4A:CE:34:28:CD:A2:E1:A5:A4:8E:E9:0F
Certificate issuer:       /CN=d83713fd7b4cdfa6cba016a87eaf8b31c891beb0
Certificate serial:       018CC8700EA91BC6AAE6D2A70A6E65892AA5
Authority key identifier: D8:37:13:FD:7B:4C:DF:A6:CB:A0:16:A8:7E:AF:8B:31:C8:91:BE:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2DcT_XtM36bLoBaofq-LMciRvrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/DVwTkrk_WqZKzjQozaLhpaSO6Q8.roa
Signing time:             Tue 02 Jan 2024 04:30:36 +0000
ROA not before:           Tue 02 Jan 2024 04:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51126
IP address blocks:        2a13:3fc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/2DcT_XtM36bLoBaofq-LMciRvrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/2DcT_XtM36bLoBaofq-LMciRvrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2DcT_XtM36bLoBaofq-LMciRvrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:0e:a9:1b:c6:aa:e6:d2:a7:0a:6e:65:89:2a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d83713fd7b4cdfa6cba016a87eaf8b31c891beb0
        Validity
            Not Before: Jan  2 04:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d5c1392b93f5aa64ace3428cda2e1a5a48ee90f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:82:cc:be:1c:37:37:f0:a4:11:0b:2d:00:9c:
                    41:e9:c6:5c:ff:3e:67:1c:3a:12:32:52:32:e7:25:
                    28:8e:0a:b1:e9:c9:b8:80:7e:8d:fd:6d:09:73:06:
                    e5:3e:a5:de:37:8b:a4:b1:93:00:ec:b0:f5:11:35:
                    78:25:78:2e:c1:df:33:73:eb:df:2a:42:cb:e2:79:
                    51:a0:96:60:32:5b:85:c7:64:af:30:a4:0d:7b:bb:
                    57:8f:f5:28:bc:60:82:16:e4:85:fa:eb:67:f2:23:
                    3c:9c:fc:04:51:20:c7:67:88:3f:20:a6:5b:6b:39:
                    dc:be:6a:d5:90:97:5d:e4:cd:27:c8:09:d8:7d:ca:
                    bf:6a:68:a6:1e:41:a9:37:b3:a5:62:a1:98:bc:35:
                    b6:26:a8:41:1d:50:b1:96:ca:4e:cd:d8:f3:c9:77:
                    52:14:e1:84:8a:64:b3:d1:3e:3b:e5:30:c6:2c:1f:
                    c9:ab:a6:c3:df:a8:95:e1:ed:40:87:b4:cc:1f:ae:
                    13:8b:4c:26:61:79:50:0f:b4:68:8d:ef:3e:0f:57:
                    a8:42:c7:07:91:32:ad:45:8a:23:20:38:0a:84:9a:
                    20:85:5c:a0:95:bd:5c:63:3a:0f:b2:32:76:5d:f1:
                    9e:c2:22:83:0e:35:08:70:2c:13:6e:3c:0d:6a:b5:
                    1d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:5C:13:92:B9:3F:5A:A6:4A:CE:34:28:CD:A2:E1:A5:A4:8E:E9:0F
            X509v3 Authority Key Identifier:
                keyid:D8:37:13:FD:7B:4C:DF:A6:CB:A0:16:A8:7E:AF:8B:31:C8:91:BE:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2DcT_XtM36bLoBaofq-LMciRvrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/DVwTkrk_WqZKzjQozaLhpaSO6Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/2DcT_XtM36bLoBaofq-LMciRvrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:b3:f1:81:c7:75:47:75:9c:83:02:07:9b:42:eb:4b:f4:31:
         cc:cd:b0:f9:24:1e:7d:37:2a:76:a0:d6:6d:25:41:8f:ef:75:
         1f:88:9c:dd:bd:c4:19:d7:57:2c:cb:21:5d:81:62:46:90:43:
         f4:d1:71:cd:f3:f0:6c:42:a9:c4:ad:0c:52:31:ad:cf:52:93:
         8e:36:7d:e0:4a:7b:58:72:37:ee:38:2a:d8:12:6b:8b:60:70:
         db:96:35:e5:b0:62:79:ef:b7:8c:84:77:d0:bd:0a:65:cb:e9:
         a9:34:47:08:e5:67:65:ac:19:b4:70:3b:e8:1d:aa:fe:9d:23:
         4f:9f:96:1c:eb:1d:73:69:1a:4c:e9:66:8d:6e:b5:76:42:8c:
         16:b3:95:3a:e6:45:46:36:03:7c:29:3e:fa:37:ec:45:1f:5e:
         3d:a0:d4:3c:9c:d1:86:73:64:7d:a9:e7:22:92:97:4c:58:ae:
         c8:57:43:d0:df:07:36:98:d7:d8:af:99:83:3d:9b:76:65:2a:
         db:3c:dc:df:6e:99:61:70:16:1a:05:00:7d:8c:05:6a:55:11:
         66:1f:76:04:9d:3a:c4:cc:94:f7:9b:04:42:0b:9d:8b:c1:d3:
         d3:fb:db:bc:7e:08:85:e5:36:3a:2b:f8:a3:f3:d9:ad:af:c2:
         3e:73:8f:3d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIcA6pG8aq5tKnCm5liSqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MzcxM2ZkN2I0Y2RmYTZjYmEwMTZhODdlYWY4YjMxYzg5
MWJlYjAwHhcNMjQwMTAyMDQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDVjMTM5MmI5M2Y1YWE2NGFjZTM0MjhjZGEyZTFhNWE0OGVlOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44LMvhw3N/CkEQstAJxB6cZc/z5n
HDoSMlIy5yUojgqx6cm4gH6N/W0JcwblPqXeN4uksZMA7LD1ETV4JXguwd8zc+vf
KkLL4nlRoJZgMluFx2SvMKQNe7tXj/UovGCCFuSF+utn8iM8nPwEUSDHZ4g/IKZb
azncvmrVkJdd5M0nyAnYfcq/amimHkGpN7OlYqGYvDW2JqhBHVCxlspOzdjzyXdS
FOGEimSz0T475TDGLB/Jq6bD36iV4e1Ah7TMH64Ti0wmYXlQD7Roje8+D1eoQscH
kTKtRYojIDgKhJoghVyglb1cYzoPsjJ2XfGewiKDDjUIcCwTbjwNarUdJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA1cE5K5P1qmSs40KM2i4aWkjukPMB8GA1UdIwQY
MBaAFNg3E/17TN+my6AWqH6vizHIkb6wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkRjVF9YdE0zNmJMb0Jhb2ZxLUxNY2lSdnJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8yZDIxMDktY2ZiOC00MzI1LWEwZTMt
MDU4Nzg1YjRhOTZlLzEvRFZ3VGtya19XcVpLempRb3phTGhwYVNPNlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8yZDIxMDktY2ZiOC00MzI1LWEwZTMtMDU4Nzg1YjRhOTZl
LzEvMkRjVF9YdE0zNmJMb0Jhb2ZxLUxNY2lSdnJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhM/wDAN
BgkqhkiG9w0BAQsFAAOCAQEAabPxgcd1R3WcgwIHm0LrS/QxzM2w+SQefTcqdqDW
bSVBj+91H4ic3b3EGddXLMshXYFiRpBD9NFxzfPwbEKpxK0MUjGtz1KTjjZ94Ep7
WHI37jgq2BJri2Bw25Y15bBiee+3jIR30L0KZcvpqTRHCOVnZawZtHA76B2q/p0j
T5+WHOsdc2kaTOlmjW61dkKMFrOVOuZFRjYDfCk++jfsRR9ePaDUPJzRhnNkfann
IpKXTFiuyFdD0N8HNpjX2K+Zgz2bdmUq2zzc326ZYXAWGgUAfYwFalURZh92BJ06
xMyU95sEQgudi8HT0/vbvH4IheU2Oiv4o/PZra/CPnOPPQ==
-----END CERTIFICATE-----