Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8112ff-b216-406f-8f59-72a082cdb182/1/z0m2Ncz3s9xnAmpV9tTEhQllliU.roa
File:                     z0m2Ncz3s9xnAmpV9tTEhQllliU.roa (raw, json)
Hash identifier:          JKais3tmBOsB/vRcdofhaY5+lovQMJ1mvMRIbbOy2PE=
Subject key identifier:   CF:49:B6:35:CC:F7:B3:DC:67:02:6A:55:F6:D4:C4:85:09:65:96:25
Certificate issuer:       /CN=aace6725a0a0ddd1680480a83785d2cd57bf6ab0
Certificate serial:       018F8AD28B1B36444AF61BC823F1459DB912
Authority key identifier: AA:CE:67:25:A0:A0:DD:D1:68:04:80:A8:37:85:D2:CD:57:BF:6A:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qs5nJaCg3dFoBICoN4XSzVe_arA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8112ff-b216-406f-8f59-72a082cdb182/1/z0m2Ncz3s9xnAmpV9tTEhQllliU.roa
Signing time:             Sat 18 May 2024 08:30:04 +0000
ROA not before:           Sat 18 May 2024 08:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200443
IP address blocks:        2a13:5f40::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8112ff-b216-406f-8f59-72a082cdb182/1/qs5nJaCg3dFoBICoN4XSzVe_arA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8112ff-b216-406f-8f59-72a082cdb182/1/qs5nJaCg3dFoBICoN4XSzVe_arA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qs5nJaCg3dFoBICoN4XSzVe_arA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8a:d2:8b:1b:36:44:4a:f6:1b:c8:23:f1:45:9d:b9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aace6725a0a0ddd1680480a83785d2cd57bf6ab0
        Validity
            Not Before: May 18 08:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf49b635ccf7b3dc67026a55f6d4c48509659625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:50:e6:f2:42:40:83:40:9b:dc:58:68:22:2e:
                    c5:c7:2e:b1:37:87:37:17:71:01:55:52:14:d3:6d:
                    54:da:0d:73:69:29:4c:7c:1c:64:4f:e9:92:a8:2f:
                    65:85:4e:67:0c:19:f3:04:62:58:f1:f0:42:3c:26:
                    d0:f2:5f:b6:b0:7f:3f:9d:50:59:33:3b:37:fd:dd:
                    a6:01:d2:2a:6b:84:39:5b:84:51:15:4b:b3:15:2e:
                    2f:94:9d:fa:17:56:8f:1a:ec:35:97:e1:78:87:e6:
                    06:67:f3:57:75:be:52:e4:86:7c:92:97:a4:0c:0b:
                    a5:fd:c6:06:78:5e:ce:c1:4c:97:0b:71:19:ce:16:
                    e8:5c:87:c7:a7:26:39:b6:98:1a:c3:cc:1d:4d:a9:
                    c2:07:51:23:61:b2:1e:b1:9a:6f:38:a0:36:24:7e:
                    33:99:8a:0c:61:59:75:3f:9e:2c:8b:e2:9b:5d:53:
                    65:81:7f:10:bc:ab:30:ee:2b:9f:8e:bd:c1:c5:b2:
                    0e:2f:f3:41:61:4a:cb:2c:ef:c0:46:ac:9a:d1:22:
                    4d:b3:d6:eb:32:11:3f:61:ba:24:71:84:4c:1f:75:
                    9a:47:b5:c8:e5:72:2e:17:a3:10:60:88:ab:68:78:
                    d8:7c:1f:b9:f9:64:51:10:59:f8:62:04:16:89:90:
                    e1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:49:B6:35:CC:F7:B3:DC:67:02:6A:55:F6:D4:C4:85:09:65:96:25
            X509v3 Authority Key Identifier:
                keyid:AA:CE:67:25:A0:A0:DD:D1:68:04:80:A8:37:85:D2:CD:57:BF:6A:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qs5nJaCg3dFoBICoN4XSzVe_arA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8112ff-b216-406f-8f59-72a082cdb182/1/z0m2Ncz3s9xnAmpV9tTEhQllliU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8112ff-b216-406f-8f59-72a082cdb182/1/qs5nJaCg3dFoBICoN4XSzVe_arA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5f40::/30

    Signature Algorithm: sha256WithRSAEncryption
         aa:85:55:36:cd:95:d1:20:4d:f4:d1:6f:5d:48:44:2c:71:a8:
         ea:77:74:9e:4b:a4:39:0d:ff:88:f8:75:56:7a:b3:d1:89:5f:
         ff:c8:fb:23:b4:b1:63:57:57:81:d0:8f:63:34:a4:ca:b2:53:
         32:a4:45:eb:3a:79:e8:99:14:b4:cc:ea:67:ca:a8:3a:9d:ab:
         dc:2a:69:11:1f:81:39:98:77:74:6e:a2:62:d9:1b:23:be:34:
         ba:b4:a1:33:5f:c7:c0:c0:b6:86:33:ff:b7:e3:a5:47:f1:e7:
         50:0e:77:2d:ba:a6:a4:3e:da:d5:e6:5d:a0:a9:33:7b:40:97:
         93:d5:ac:f5:83:e1:38:8d:5c:ec:f2:80:70:7e:ee:5b:06:86:
         e4:08:25:12:74:c7:75:c3:e8:27:7f:7f:c1:69:c2:60:b1:28:
         c9:4f:a5:64:5a:dd:16:5e:2e:a2:3a:d9:d4:0a:f2:80:9f:cc:
         b3:c8:b8:be:18:48:fd:73:6a:76:e2:b8:c2:e8:29:20:6a:ed:
         e8:86:eb:66:1f:48:13:96:0b:5e:75:d3:63:7c:33:8b:4f:b6:
         56:d7:32:5d:6c:89:97:c9:3d:b9:5d:e0:df:1a:d9:19:97:76:
         bc:3c:b7:97:4e:5b:95:9d:83:ea:e0:17:1d:16:15:20:4c:d9:
         cf:0e:e8:a5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY+K0osbNkRK9hvII/FFnbkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhY2U2NzI1YTBhMGRkZDE2ODA0ODBhODM3ODVkMmNkNTdi
ZjZhYjAwHhcNMjQwNTE4MDgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQ5YjYzNWNjZjdiM2RjNjcwMjZhNTVmNmQ0YzQ4NTA5NjU5NjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1Dm8kJAg0Cb3FhoIi7Fxy6xN4c3
F3EBVVIU021U2g1zaSlMfBxkT+mSqC9lhU5nDBnzBGJY8fBCPCbQ8l+2sH8/nVBZ
Mzs3/d2mAdIqa4Q5W4RRFUuzFS4vlJ36F1aPGuw1l+F4h+YGZ/NXdb5S5IZ8kpek
DAul/cYGeF7OwUyXC3EZzhboXIfHpyY5tpgaw8wdTanCB1EjYbIesZpvOKA2JH4z
mYoMYVl1P54si+KbXVNlgX8QvKsw7iufjr3BxbIOL/NBYUrLLO/ARqya0SJNs9br
MhE/YbokcYRMH3WaR7XI5XIuF6MQYIiraHjYfB+5+WRREFn4YgQWiZDhnQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM9JtjXM97PcZwJqVfbUxIUJZZYlMB8GA1UdIwQY
MBaAFKrOZyWgoN3RaASAqDeF0s1Xv2qwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXM1bkphQ2czZEZvQklDb040WFN6VmVfYXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84MTEyZmYtYjIxNi00MDZmLThmNTkt
NzJhMDgyY2RiMTgyLzEvejBtMk5jejNzOXhuQW1wVjl0VEVoUWxsbGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84MTEyZmYtYjIxNi00MDZmLThmNTktNzJhMDgyY2RiMTgy
LzEvcXM1bkphQ2czZEZvQklDb040WFN6VmVfYXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhNfQDAN
BgkqhkiG9w0BAQsFAAOCAQEAqoVVNs2V0SBN9NFvXUhELHGo6nd0nkukOQ3/iPh1
Vnqz0Ylf/8j7I7SxY1dXgdCPYzSkyrJTMqRF6zp56JkUtMzqZ8qoOp2r3CppER+B
OZh3dG6iYtkbI740urShM1/HwMC2hjP/t+OlR/HnUA53LbqmpD7a1eZdoKkze0CX
k9Ws9YPhOI1c7PKAcH7uWwaG5AglEnTHdcPoJ39/wWnCYLEoyU+lZFrdFl4uojrZ
1ArygJ/Ms8i4vhhI/XNqduK4wugpIGrt6IbrZh9IE5YLXnXTY3wzi0+2VtcyXWyJ
l8k9uV3g3xrZGZd2vDy3l05blZ2D6uAXHRYVIEzZzw7opQ==
-----END CERTIFICATE-----