Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/acBvTtRLi_O3jwzDHrXkimr1ha4.roa
File:                     acBvTtRLi_O3jwzDHrXkimr1ha4.roa (raw, json)
Hash identifier:          R6qEPYfKhVLNJZTprjc/U5bH+GZ31u97KyuY6UB7HrM=
Subject key identifier:   69:C0:6F:4E:D4:4B:8B:F3:B7:8F:0C:C3:1E:B5:E4:8A:6A:F5:85:AE
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018FEECB8BDED85A513CD99CE4439592341D
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/acBvTtRLi_O3jwzDHrXkimr1ha4.roa
Signing time:             Thu 06 Jun 2024 18:24:27 +0000
ROA not before:           Thu 06 Jun 2024 18:24:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215427
IP address blocks:        2a13:d0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ee:cb:8b:de:d8:5a:51:3c:d9:9c:e4:43:95:92:34:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun  6 18:24:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c06f4ed44b8bf3b78f0cc31eb5e48a6af585ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:10:9b:16:7e:85:54:3e:7e:42:48:4e:2b:9b:
                    99:25:7a:7c:cc:76:eb:32:5b:21:9d:ed:a2:26:fc:
                    c9:d6:9b:79:59:b3:60:59:3a:a0:f7:37:17:ce:bc:
                    6a:e5:be:36:34:6d:36:85:40:06:d0:02:1f:28:0f:
                    f0:4b:74:e3:62:ea:33:b4:8b:d9:d9:89:e5:d1:fd:
                    4b:9d:36:bf:9c:91:60:68:cd:83:a7:fd:1f:24:b5:
                    3f:7b:d6:c4:30:15:5f:0b:82:79:da:95:2a:41:c1:
                    e6:d0:98:f9:2f:a1:a0:23:d7:41:19:b6:49:1e:98:
                    f7:28:7e:ca:92:9c:08:55:86:b7:17:da:7d:d8:85:
                    e6:70:1d:d9:a8:c3:da:c4:5a:1f:8a:92:8b:bc:7f:
                    56:ca:f8:44:65:e9:37:61:2e:4f:fa:92:b3:d5:f3:
                    3c:3e:75:cb:8d:3b:b4:3a:96:5d:bc:2f:8b:25:23:
                    af:7a:72:d6:c2:60:09:51:59:20:dc:a2:11:a5:2f:
                    43:9c:ca:3c:d8:a1:93:51:89:52:c9:41:47:9a:d6:
                    20:6b:51:05:80:86:0d:c6:f2:51:af:bf:0b:d0:fb:
                    a4:5e:79:ea:7f:88:35:3b:d2:29:8d:a6:de:c3:98:
                    3a:2d:47:c0:62:83:81:24:fe:76:0b:94:91:e3:93:
                    1f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C0:6F:4E:D4:4B:8B:F3:B7:8F:0C:C3:1E:B5:E4:8A:6A:F5:85:AE
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/acBvTtRLi_O3jwzDHrXkimr1ha4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:ea:b3:6e:e7:51:7b:7f:9f:e4:2f:4c:9b:f6:c9:0a:a4:aa:
         c9:87:f3:8a:96:60:a1:d6:c8:2b:58:92:fa:0b:1f:b7:74:e4:
         a6:32:3a:58:70:49:dc:c2:55:77:d3:bf:35:46:ce:10:07:49:
         a0:7b:94:33:35:1e:4d:62:8b:86:15:b8:e2:13:7c:b0:b6:8d:
         1f:a4:17:96:f2:0c:70:ad:51:de:d9:13:a5:b6:af:65:19:fd:
         e3:33:d9:b2:46:4f:ee:b9:45:5d:02:a3:7d:11:da:9d:d5:cd:
         b9:fd:c1:0b:0e:92:d8:ac:25:b8:ab:1c:18:ed:fb:1f:c4:25:
         3b:0d:68:ad:ef:dc:8d:42:b2:35:c8:00:91:65:e9:73:e3:e6:
         c5:2c:90:a2:6d:ce:f3:fb:56:ec:62:43:a6:ba:41:57:13:69:
         ee:1e:4c:40:c8:15:a9:7a:29:a8:dc:e7:32:42:bb:a7:b9:73:
         5a:01:af:d4:84:c7:bc:16:24:c1:4b:5d:1f:a5:b6:7b:2d:6e:
         be:0a:df:a1:aa:3c:c7:9b:2b:62:a7:18:4b:c5:3d:ed:d3:35:
         7e:52:ff:42:6f:5f:df:72:48:20:b3:92:ac:13:2f:bf:4d:97:
         33:f8:01:96:d5:15:f0:71:86:d6:bb:c1:ef:d9:1e:ee:30:9a:
         dd:0a:73:f5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/uy4ve2FpRPNmc5EOVkjQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNjA2MTgyNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWMwNmY0ZWQ0NGI4YmYzYjc4ZjBjYzMxZWI1ZTQ4YTZhZjU4NWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBCbFn6FVD5+QkhOK5uZJXp8zHbr
Mlshne2iJvzJ1pt5WbNgWTqg9zcXzrxq5b42NG02hUAG0AIfKA/wS3TjYuoztIvZ
2Ynl0f1LnTa/nJFgaM2Dp/0fJLU/e9bEMBVfC4J52pUqQcHm0Jj5L6GgI9dBGbZJ
Hpj3KH7KkpwIVYa3F9p92IXmcB3ZqMPaxFofipKLvH9WyvhEZek3YS5P+pKz1fM8
PnXLjTu0OpZdvC+LJSOvenLWwmAJUVkg3KIRpS9DnMo82KGTUYlSyUFHmtYga1EF
gIYNxvJRr78L0PukXnnqf4g1O9Ipjabew5g6LUfAYoOBJP52C5SR45MfxwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGnAb07US4vzt48Mwx615Ipq9YWuMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvYWNCdlR0UkxpX08zand6REhyWGtpbXIxaGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPQwDAN
BgkqhkiG9w0BAQsFAAOCAQEAWOqzbudRe3+f5C9Mm/bJCqSqyYfzipZgodbIK1iS
+gsft3TkpjI6WHBJ3MJVd9O/NUbOEAdJoHuUMzUeTWKLhhW44hN8sLaNH6QXlvIM
cK1R3tkTpbavZRn94zPZskZP7rlFXQKjfRHandXNuf3BCw6S2KwluKscGO37H8Ql
Ow1ore/cjUKyNcgAkWXpc+PmxSyQom3O8/tW7GJDprpBVxNp7h5MQMgVqXopqNzn
MkK7p7lzWgGv1ITHvBYkwUtdH6W2ey1uvgrfoao8x5srYqcYS8U97dM1flL/Qm9f
33JIILOSrBMvv02XM/gBltUV8HGG1rvB79ke7jCa3Qpz9Q==
-----END CERTIFICATE-----