Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/7_s_4WU23SErvaEB9NNty6BmGW8.roa
File:                     7_s_4WU23SErvaEB9NNty6BmGW8.roa (raw, json)
Hash identifier:          78+IGsgZApAjBiFEo+/WIRrpRX/WGoHRHZ5WPThJF1A=
Subject key identifier:   EF:FB:3F:E1:65:36:DD:21:2B:BD:A1:01:F4:D3:6D:CB:A0:66:19:6F
Certificate issuer:       /CN=5688b42175d6214a31a5407db8b6c95f1ec60d4e
Certificate serial:       0192B944588681AE66D15E543EF2CB86E7AB
Authority key identifier: 56:88:B4:21:75:D6:21:4A:31:A5:40:7D:B8:B6:C9:5F:1E:C6:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/7_s_4WU23SErvaEB9NNty6BmGW8.roa
Signing time:             Wed 23 Oct 2024 12:05:17 +0000
ROA not before:           Wed 23 Oct 2024 12:05:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215419
IP address blocks:        2a13:7b40:40::/48 maxlen: 48
                          2a13:7b40:51::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:44:58:86:81:ae:66:d1:5e:54:3e:f2:cb:86:e7:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5688b42175d6214a31a5407db8b6c95f1ec60d4e
        Validity
            Not Before: Oct 23 12:05:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=effb3fe16536dd212bbda101f4d36dcba066196f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:50:90:99:48:0f:3f:da:28:8c:17:a5:2e:03:
                    53:61:01:8b:d0:19:fc:17:3f:90:5f:29:ab:6c:3e:
                    cb:8f:25:84:ab:e6:11:59:df:9b:92:b7:58:fc:78:
                    63:f5:dc:a6:09:88:2e:82:b4:13:fa:70:74:67:c0:
                    e1:39:10:06:f3:29:73:a8:67:28:9d:41:8a:ff:fe:
                    42:00:1d:4d:35:9e:60:12:95:68:fc:bb:4a:20:3f:
                    e3:f9:d6:db:a9:aa:a7:af:bc:b4:a1:78:dd:d9:1e:
                    81:60:1b:ed:5e:1f:61:59:8d:3a:6a:c9:92:33:38:
                    41:d5:da:8d:f4:cc:ca:95:51:b0:ac:67:29:7d:a4:
                    cf:d0:65:1e:b9:57:b9:89:50:53:98:2e:1c:1c:8e:
                    a8:47:12:ca:0e:90:34:00:43:d9:a9:21:72:10:a2:
                    1f:ea:46:3f:3d:c0:4c:6a:1e:a0:83:30:41:89:90:
                    42:f0:46:1e:ac:54:7a:94:55:ac:00:38:df:fd:2d:
                    b2:36:a0:10:d9:93:8d:6a:01:ca:3f:c8:3a:82:28:
                    87:ce:84:a0:4d:14:f4:19:2e:70:3e:b1:6f:31:0d:
                    2c:03:2e:f3:54:ab:4c:8e:f1:99:3c:f1:aa:37:00:
                    cf:f4:60:f8:e3:96:cd:c0:72:be:58:6b:c4:95:f6:
                    7a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FB:3F:E1:65:36:DD:21:2B:BD:A1:01:F4:D3:6D:CB:A0:66:19:6F
            X509v3 Authority Key Identifier:
                keyid:56:88:B4:21:75:D6:21:4A:31:A5:40:7D:B8:B6:C9:5F:1E:C6:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/7_s_4WU23SErvaEB9NNty6BmGW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7b40:40::/48
                  2a13:7b40:51::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:f9:31:b5:8e:d9:25:d4:9e:c5:89:ed:21:7a:e4:cf:fd:14:
         35:83:71:3b:03:8f:7e:fb:97:fe:95:bf:5f:51:cf:2c:5c:cf:
         be:1d:82:b8:bf:fb:d2:18:86:32:2f:15:e0:5e:ef:e9:7b:bf:
         d4:65:ee:32:e2:df:3d:89:44:6e:55:c0:5e:98:5e:7a:37:f2:
         cd:81:4d:14:5f:e6:7f:0f:01:8c:49:65:9b:57:4a:78:fc:b2:
         0d:09:ef:9c:de:e4:98:2a:46:a5:79:ea:4c:8f:18:48:2c:55:
         89:4d:91:e8:88:6d:b4:77:25:d9:c5:47:54:3f:83:16:02:cd:
         02:72:a0:0e:03:54:29:f1:d7:b1:42:d1:1f:1a:83:7f:29:f9:
         da:a8:d7:44:ae:30:12:d5:02:da:67:6c:a3:1a:5b:b2:36:e9:
         bd:eb:12:ac:ba:00:f6:86:00:0d:c4:0f:d3:94:80:03:cd:de:
         80:c0:2f:0b:e5:16:14:f3:49:43:7a:1d:c0:da:a5:e7:4f:da:
         67:c0:2e:6a:87:79:6c:ab:f0:d5:ac:4b:c6:c1:51:c3:ff:49:
         7c:6d:6e:da:f5:06:f4:01:5e:2e:fc:55:1f:f4:04:a7:ae:45:
         1e:88:eb:24:16:51:db:c8:a8:7a:79:31:de:60:80:69:2e:9e:
         17:71:f2:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZK5RFiGga5m0V5UPvLLhuerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ODhiNDIxNzVkNjIxNGEzMWE1NDA3ZGI4YjZjOTVmMWVj
NjBkNGUwHhcNMjQxMDIzMTIwNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZiM2ZlMTY1MzZkZDIxMmJiZGExMDFmNGQzNmRjYmEwNjYxOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVCQmUgPP9oojBelLgNTYQGL0Bn8
Fz+QXymrbD7LjyWEq+YRWd+bkrdY/Hhj9dymCYgugrQT+nB0Z8DhORAG8ylzqGco
nUGK//5CAB1NNZ5gEpVo/LtKID/j+dbbqaqnr7y0oXjd2R6BYBvtXh9hWY06asmS
MzhB1dqN9MzKlVGwrGcpfaTP0GUeuVe5iVBTmC4cHI6oRxLKDpA0AEPZqSFyEKIf
6kY/PcBMah6ggzBBiZBC8EYerFR6lFWsADjf/S2yNqAQ2ZONagHKP8g6giiHzoSg
TRT0GS5wPrFvMQ0sAy7zVKtMjvGZPPGqNwDP9GD445bNwHK+WGvElfZ6LwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO/7P+FlNt0hK72hAfTTbcugZhlvMB8GA1UdIwQY
MBaAFFaItCF11iFKMaVAfbi2yV8exg1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9pMElYWFdJVW94cFVCOXVMYkpYeDdHRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84M2Q2ZmEtNDYxZC00YTU2LWE4NDQt
OWY5NDJiYzEyYTdlLzEvN19zXzRXVTIzU0VydmFFQjlOTnR5NkJtR1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84M2Q2ZmEtNDYxZC00YTU2LWE4NDQtOWY5NDJiYzEyYTdl
LzEvVm9pMElYWFdJVW94cFVCOXVMYkpYeDdHRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhN7QABA
AwcAKhN7QABRMA0GCSqGSIb3DQEBCwUAA4IBAQCD+TG1jtkl1J7Fie0heuTP/RQ1
g3E7A49++5f+lb9fUc8sXM++HYK4v/vSGIYyLxXgXu/pe7/UZe4y4t89iURuVcBe
mF56N/LNgU0UX+Z/DwGMSWWbV0p4/LINCe+c3uSYKkaleepMjxhILFWJTZHoiG20
dyXZxUdUP4MWAs0CcqAOA1Qp8dexQtEfGoN/KfnaqNdErjAS1QLaZ2yjGluyNum9
6xKsugD2hgANxA/TlIADzd6AwC8L5RYU80lDeh3A2qXnT9pnwC5qh3lsq/DVrEvG
wVHD/0l8bW7a9Qb0AV4u/FUf9ASnrkUeiOskFlHbyKh6eTHeYIBpLp4XcfJw
-----END CERTIFICATE-----