Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/45a9c8-a257-47c3-be6f-677f51ebbd85/1/pL7kbAHTJ-qylm9GBEeK3iMJHDQ.roa
File:                     pL7kbAHTJ-qylm9GBEeK3iMJHDQ.roa (raw, json)
Hash identifier:          g5kybJ7gw1VGpR6efGKki01yMfk9gg5e+4pGpzJHOlA=
Subject key identifier:   A4:BE:E4:6C:01:D3:27:EA:B2:96:6F:46:04:47:8A:DE:23:09:1C:34
Certificate issuer:       /CN=459478e9f1f30b24fd17198d1cac835bc1e4dfaf
Certificate serial:       018CC94E328AFF54CE0175F4FE0EE05DD344
Authority key identifier: 45:94:78:E9:F1:F3:0B:24:FD:17:19:8D:1C:AC:83:5B:C1:E4:DF:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RZR46fHzCyT9FxmNHKyDW8Hk368.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/45a9c8-a257-47c3-be6f-677f51ebbd85/1/pL7kbAHTJ-qylm9GBEeK3iMJHDQ.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20677
IP address blocks:        2a13:fbc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/45a9c8-a257-47c3-be6f-677f51ebbd85/1/RZR46fHzCyT9FxmNHKyDW8Hk368.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/45a9c8-a257-47c3-be6f-677f51ebbd85/1/RZR46fHzCyT9FxmNHKyDW8Hk368.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RZR46fHzCyT9FxmNHKyDW8Hk368.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:32:8a:ff:54:ce:01:75:f4:fe:0e:e0:5d:d3:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=459478e9f1f30b24fd17198d1cac835bc1e4dfaf
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4bee46c01d327eab2966f4604478ade23091c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:21:71:b4:a1:d3:6a:6f:28:6b:ad:dc:2f:13:
                    cb:3d:45:23:23:cc:26:2b:bf:99:92:24:fd:5b:ec:
                    30:61:11:ae:aa:b5:99:86:9e:ba:35:0a:cb:cd:06:
                    a4:7d:fb:c8:23:fd:ad:33:82:42:6b:86:41:0f:94:
                    eb:bb:16:16:77:06:3c:02:bd:69:d3:7d:da:03:76:
                    34:34:22:09:37:77:62:a6:41:88:aa:b5:89:20:40:
                    71:c6:ec:eb:a8:e3:fe:0f:af:82:3e:c6:2b:8f:c0:
                    d2:e8:c8:a5:d1:aa:c7:07:c1:c8:da:cd:c2:ea:49:
                    02:21:de:61:3c:d8:4a:c4:c0:5c:3e:d7:09:b6:f0:
                    99:53:f6:92:21:98:09:f8:72:c4:b2:de:1e:2a:08:
                    2d:98:82:f2:ef:2e:4d:cd:18:db:4c:0a:bb:ca:95:
                    27:51:d0:4a:ea:42:11:59:07:aa:dc:44:da:f5:bc:
                    92:fc:f5:85:30:29:71:47:b1:0d:8a:7d:e8:4a:6a:
                    fe:f2:06:aa:17:5d:dd:b2:ab:80:8b:80:35:d0:90:
                    b0:9b:93:45:5d:21:66:7b:15:0f:7f:4c:90:9f:e7:
                    47:2b:91:ff:b1:6a:2e:b6:54:53:d1:0f:43:c3:a3:
                    ce:5c:b9:d5:c2:e2:94:fb:98:7f:2b:b4:af:b9:4c:
                    48:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BE:E4:6C:01:D3:27:EA:B2:96:6F:46:04:47:8A:DE:23:09:1C:34
            X509v3 Authority Key Identifier:
                keyid:45:94:78:E9:F1:F3:0B:24:FD:17:19:8D:1C:AC:83:5B:C1:E4:DF:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZR46fHzCyT9FxmNHKyDW8Hk368.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/45a9c8-a257-47c3-be6f-677f51ebbd85/1/pL7kbAHTJ-qylm9GBEeK3iMJHDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/45a9c8-a257-47c3-be6f-677f51ebbd85/1/RZR46fHzCyT9FxmNHKyDW8Hk368.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:fbc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:20:48:62:a7:b2:01:15:ac:fc:db:28:dd:cf:21:01:90:33:
         7f:26:13:8d:84:a0:44:20:73:ea:52:55:2d:24:a5:37:bb:bc:
         35:1e:c1:b8:eb:9e:0d:85:21:aa:f1:e0:d3:28:e9:45:64:1a:
         66:d2:ba:67:a3:bc:58:19:c9:27:55:ec:2c:bd:33:b4:3e:75:
         98:83:25:0b:4b:74:45:76:a4:24:a4:93:d9:45:14:83:68:61:
         73:d5:88:17:20:4a:e9:61:83:b4:4b:e4:82:45:07:be:18:59:
         77:cd:78:7e:01:f0:ea:4f:27:55:b0:04:3e:2d:bc:99:8f:6a:
         ea:1a:47:aa:9d:cf:a4:1a:b0:21:7c:1e:ff:dc:a5:b3:4a:a5:
         a7:fa:63:9d:aa:32:b0:78:a3:a5:33:70:5f:80:04:ae:83:dc:
         ef:6c:0f:53:ca:f7:11:2e:86:39:83:2d:1b:ec:e7:83:9c:b6:
         6a:33:b1:86:a4:fd:b3:9d:ca:97:d9:17:00:d9:04:86:d8:ba:
         b5:ff:85:c0:db:28:58:ed:fc:3e:7b:92:76:da:6d:af:f6:14:
         90:72:f4:60:ae:96:43:be:f2:c4:2e:ae:c0:19:90:6f:c4:15:
         46:98:26:ee:c3:48:29:d3:45:b4:4c:d1:f8:d2:bc:38:77:82:
         0e:55:1d:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTjKK/1TOAXX0/g7gXdNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OTQ3OGU5ZjFmMzBiMjRmZDE3MTk4ZDFjYWM4MzViYzFl
NGRmYWYwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJlZTQ2YzAxZDMyN2VhYjI5NjZmNDYwNDQ3OGFkZTIzMDkxYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviFxtKHTam8oa63cLxPLPUUjI8wm
K7+ZkiT9W+wwYRGuqrWZhp66NQrLzQakffvII/2tM4JCa4ZBD5TruxYWdwY8Ar1p
033aA3Y0NCIJN3dipkGIqrWJIEBxxuzrqOP+D6+CPsYrj8DS6Mil0arHB8HI2s3C
6kkCId5hPNhKxMBcPtcJtvCZU/aSIZgJ+HLEst4eKggtmILy7y5NzRjbTAq7ypUn
UdBK6kIRWQeq3ETa9byS/PWFMClxR7ENin3oSmr+8gaqF13dsquAi4A10JCwm5NF
XSFmexUPf0yQn+dHK5H/sWoutlRT0Q9Dw6POXLnVwuKU+5h/K7SvuUxIJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKS+5GwB0yfqspZvRgRHit4jCRw0MB8GA1UdIwQY
MBaAFEWUeOnx8wsk/RcZjRysg1vB5N+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpSNDZmSHpDeVQ5RnhtTkhLeURXOEhrMzY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC80NWE5YzgtYTI1Ny00N2MzLWJlNmYt
Njc3ZjUxZWJiZDg1LzEvcEw3a2JBSFRKLXF5bG05R0JFZUszaU1KSERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC80NWE5YzgtYTI1Ny00N2MzLWJlNmYtNjc3ZjUxZWJiZDg1
LzEvUlpSNDZmSHpDeVQ5RnhtTkhLeURXOEhrMzY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhP7wAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB/IEhip7IBFaz82yjdzyEBkDN/JhONhKBEIHPq
UlUtJKU3u7w1HsG4654NhSGq8eDTKOlFZBpm0rpno7xYGcknVewsvTO0PnWYgyUL
S3RFdqQkpJPZRRSDaGFz1YgXIErpYYO0S+SCRQe+GFl3zXh+AfDqTydVsAQ+LbyZ
j2rqGkeqnc+kGrAhfB7/3KWzSqWn+mOdqjKweKOlM3BfgASug9zvbA9TyvcRLoY5
gy0b7OeDnLZqM7GGpP2zncqX2RcA2QSG2Lq1/4XA2yhY7fw+e5J22m2v9hSQcvRg
rpZDvvLELq7AGZBvxBVGmCbuw0gp00W0TNH40rw4d4IOVR2P
-----END CERTIFICATE-----