Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/lyVPhxZT8mZH_cj2782h7qC5Efc.roa
File:                     lyVPhxZT8mZH_cj2782h7qC5Efc.roa (raw, json)
Hash identifier:          FQSR7JKCTTSThDU3S3cdEwBqacfk2gXJszybapDg3Qc=
Subject key identifier:   97:25:4F:87:16:53:F2:66:47:FD:C8:F6:EF:CD:A1:EE:A0:B9:11:F7
Certificate issuer:       /CN=5688b42175d6214a31a5407db8b6c95f1ec60d4e
Certificate serial:       018CC49322D229DC362AD7344D3B03F92C3B
Authority key identifier: 56:88:B4:21:75:D6:21:4A:31:A5:40:7D:B8:B6:C9:5F:1E:C6:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/lyVPhxZT8mZH_cj2782h7qC5Efc.roa
Signing time:             Mon 01 Jan 2024 10:30:26 +0000
ROA not before:           Mon 01 Jan 2024 10:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212077
IP address blocks:        2a13:7b40:1::/48 maxlen: 48
                          2a13:7b40:a1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:22:d2:29:dc:36:2a:d7:34:4d:3b:03:f9:2c:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5688b42175d6214a31a5407db8b6c95f1ec60d4e
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97254f871653f26647fdc8f6efcda1eea0b911f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:61:de:a9:79:16:23:84:76:7c:51:cc:7d:06:
                    73:8e:db:fa:d2:9e:76:b9:c6:81:b1:56:d6:ed:0b:
                    ca:6b:10:f4:56:4b:7d:34:b1:ac:5b:5a:59:3f:0f:
                    de:0c:e8:17:c7:46:77:4e:f6:41:59:a4:5d:62:92:
                    08:62:3d:e8:5f:8c:21:15:77:32:b5:b3:02:aa:7c:
                    8d:e9:e8:88:85:f0:bd:55:6e:43:b4:4b:c4:93:ec:
                    23:9b:65:98:24:ec:87:86:60:58:41:f1:34:3a:a0:
                    18:4b:11:1f:c5:57:e8:40:b6:26:3c:31:f0:af:5c:
                    d0:b8:cb:0c:19:c6:cb:af:d1:a8:8e:b6:b5:b7:55:
                    1b:dc:04:03:1e:b8:fd:7b:22:81:ae:4a:9f:5c:23:
                    58:7c:be:3e:78:ba:2e:61:31:4f:f6:5a:c0:70:d7:
                    58:2f:7e:01:a3:03:cc:bf:a5:7c:a7:84:ca:53:c2:
                    8b:76:03:f3:be:60:a5:ee:44:55:44:4a:cd:78:98:
                    e6:5d:2f:33:bf:8e:80:be:f4:48:56:bb:6f:51:61:
                    88:d0:c6:06:79:3e:99:c2:af:36:b5:17:11:ad:24:
                    15:60:2c:7a:28:83:e3:3b:4d:de:b7:05:c1:58:71:
                    91:64:d6:20:19:d3:95:ac:67:a8:78:4a:b6:99:bb:
                    34:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:25:4F:87:16:53:F2:66:47:FD:C8:F6:EF:CD:A1:EE:A0:B9:11:F7
            X509v3 Authority Key Identifier:
                keyid:56:88:B4:21:75:D6:21:4A:31:A5:40:7D:B8:B6:C9:5F:1E:C6:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/lyVPhxZT8mZH_cj2782h7qC5Efc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7b40:1::/48
                  2a13:7b40:a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:c4:d2:a7:62:5a:9e:80:14:30:2d:b9:4f:72:12:7e:a7:7b:
         d8:04:54:e1:63:65:6d:ea:6b:08:b1:cd:ac:2a:93:06:39:66:
         d6:f4:8d:12:c6:77:27:d2:72:db:5d:9a:e9:d6:f4:8a:49:75:
         42:41:4c:ca:80:6c:df:58:53:d3:df:f4:6f:3b:72:6e:6d:7f:
         6a:90:6f:c1:07:59:5c:f1:8a:a5:0d:cb:da:c6:ef:04:02:b3:
         12:60:0f:b8:a6:78:d6:fc:6e:59:86:81:c8:2d:6e:df:de:c2:
         21:8f:bb:78:da:9b:22:f7:50:fd:af:8f:b6:5a:0d:b0:a0:88:
         00:6b:bf:54:28:99:a4:e0:34:0c:1f:9e:24:39:8f:a6:60:e0:
         10:76:3c:42:df:9e:0f:aa:09:a2:94:8d:fe:7d:38:80:50:05:
         db:7c:b6:32:8f:04:6c:e4:a3:af:cd:93:06:96:80:24:35:86:
         0c:85:3d:31:b2:53:29:f4:25:9e:ef:40:45:69:b4:6b:4c:04:
         04:62:4f:04:bd:3e:7c:00:f2:3a:01:3f:39:a3:1e:66:80:1d:
         20:03:d0:1e:ec:f9:4f:dd:12:8c:3c:50:3c:24:f8:3c:65:84:
         b4:aa:15:36:f9:01:ec:33:4a:3a:d7:ab:d4:43:f8:92:46:fa:
         fd:4e:fc:c1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkyLSKdw2Ktc0TTsD+Sw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ODhiNDIxNzVkNjIxNGEzMWE1NDA3ZGI4YjZjOTVmMWVj
NjBkNGUwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzI1NGY4NzE2NTNmMjY2NDdmZGM4ZjZlZmNkYTFlZWEwYjkxMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGHeqXkWI4R2fFHMfQZzjtv60p52
ucaBsVbW7QvKaxD0Vkt9NLGsW1pZPw/eDOgXx0Z3TvZBWaRdYpIIYj3oX4whFXcy
tbMCqnyN6eiIhfC9VW5DtEvEk+wjm2WYJOyHhmBYQfE0OqAYSxEfxVfoQLYmPDHw
r1zQuMsMGcbLr9Gojra1t1Ub3AQDHrj9eyKBrkqfXCNYfL4+eLouYTFP9lrAcNdY
L34BowPMv6V8p4TKU8KLdgPzvmCl7kRVRErNeJjmXS8zv46AvvRIVrtvUWGI0MYG
eT6Zwq82tRcRrSQVYCx6KIPjO03etwXBWHGRZNYgGdOVrGeoeEq2mbs0JQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJclT4cWU/JmR/3I9u/Noe6guRH3MB8GA1UdIwQY
MBaAFFaItCF11iFKMaVAfbi2yV8exg1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9pMElYWFdJVW94cFVCOXVMYkpYeDdHRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84M2Q2ZmEtNDYxZC00YTU2LWE4NDQt
OWY5NDJiYzEyYTdlLzEvbHlWUGh4WlQ4bVpIX2NqMjc4Mmg3cUM1RWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84M2Q2ZmEtNDYxZC00YTU2LWE4NDQtOWY5NDJiYzEyYTdl
LzEvVm9pMElYWFdJVW94cFVCOXVMYkpYeDdHRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhN7QAAB
AwcAKhN7QAChMA0GCSqGSIb3DQEBCwUAA4IBAQBSxNKnYlqegBQwLblPchJ+p3vY
BFThY2Vt6msIsc2sKpMGOWbW9I0Sxncn0nLbXZrp1vSKSXVCQUzKgGzfWFPT3/Rv
O3JubX9qkG/BB1lc8YqlDcvaxu8EArMSYA+4pnjW/G5ZhoHILW7f3sIhj7t42psi
91D9r4+2Wg2woIgAa79UKJmk4DQMH54kOY+mYOAQdjxC354PqgmilI3+fTiAUAXb
fLYyjwRs5KOvzZMGloAkNYYMhT0xslMp9CWe70BFabRrTAQEYk8EvT58API6AT85
ox5mgB0gA9Ae7PlP3RKMPFA8JPg8ZYS0qhU2+QHsM0o616vUQ/iSRvr9TvzB
-----END CERTIFICATE-----