Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/L8_vdNrxogloo1JF-u_969GHwcg.roa
File:                     L8_vdNrxogloo1JF-u_969GHwcg.roa (raw, json)
Hash identifier:          5IySxRkh0ozYNAWrVf5G9RkLiUoxM+olsO1gWg5eqic=
Subject key identifier:   2F:CF:EF:74:DA:F1:A2:09:68:A3:52:45:FA:EF:FD:EB:D1:87:C1:C8
Certificate issuer:       /CN=a55cf89ee562797e775aa4d1d1f7e45f466a73c3
Certificate serial:       018CEE6EB1407DC2C7AFEA3229663C14F28E
Authority key identifier: A5:5C:F8:9E:E5:62:79:7E:77:5A:A4:D1:D1:F7:E4:5F:46:6A:73:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pVz4nuVieX53WqTR0ffkX0Zqc8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/L8_vdNrxogloo1JF-u_969GHwcg.roa
Signing time:             Tue 09 Jan 2024 13:34:40 +0000
ROA not before:           Tue 09 Jan 2024 13:34:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:5a47::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/pVz4nuVieX53WqTR0ffkX0Zqc8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/pVz4nuVieX53WqTR0ffkX0Zqc8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pVz4nuVieX53WqTR0ffkX0Zqc8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:6e:b1:40:7d:c2:c7:af:ea:32:29:66:3c:14:f2:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a55cf89ee562797e775aa4d1d1f7e45f466a73c3
        Validity
            Not Before: Jan  9 13:34:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fcfef74daf1a20968a35245faeffdebd187c1c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:41:d2:bb:e5:d0:77:f3:c8:1c:e6:ce:4c:33:
                    4a:19:0f:da:81:ad:85:20:be:db:14:4d:51:83:17:
                    fa:88:1c:50:a1:ab:17:d3:a5:e9:70:24:c6:b8:e4:
                    61:28:bc:79:08:f0:ac:ad:47:e6:1e:36:67:c7:16:
                    75:f7:63:ef:ed:ed:19:04:5a:6c:11:b1:cd:5c:e3:
                    d9:85:7f:db:24:ff:14:8a:11:0e:09:d9:cb:a2:01:
                    51:a0:45:83:62:77:19:db:5e:39:c0:49:87:a6:6d:
                    82:dd:51:5d:aa:29:d8:5c:56:bf:a5:fe:3c:b8:be:
                    df:24:71:55:8c:8a:3c:25:26:c9:df:1c:12:47:86:
                    4b:5a:27:89:85:da:90:c4:fe:5f:4b:38:ad:d6:7c:
                    75:10:c1:3c:e9:d3:ad:1f:a2:f0:d9:a9:7b:68:c3:
                    68:14:42:7a:5f:3f:5e:cf:bb:6c:b5:86:ba:bc:05:
                    df:6d:c1:41:03:87:40:90:e4:b7:97:3b:98:13:e7:
                    a3:b2:cd:4a:49:db:97:98:c4:9c:fb:f7:45:28:bf:
                    10:2a:9c:a0:02:66:a5:e1:dc:66:fb:4b:e8:0d:54:
                    c3:e6:e3:67:47:e7:cf:e4:40:cb:8b:8c:f5:34:e1:
                    df:bb:9d:f0:2a:7a:3a:56:e3:af:f9:7e:4a:cc:db:
                    0f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:CF:EF:74:DA:F1:A2:09:68:A3:52:45:FA:EF:FD:EB:D1:87:C1:C8
            X509v3 Authority Key Identifier:
                keyid:A5:5C:F8:9E:E5:62:79:7E:77:5A:A4:D1:D1:F7:E4:5F:46:6A:73:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pVz4nuVieX53WqTR0ffkX0Zqc8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/L8_vdNrxogloo1JF-u_969GHwcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/pVz4nuVieX53WqTR0ffkX0Zqc8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5a47::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:e1:54:47:4e:09:16:3e:4a:72:e5:95:48:32:a5:e5:8a:1b:
         35:41:d4:6d:51:8b:2e:7a:d6:49:ab:89:f9:ce:29:93:f4:f0:
         85:11:d5:f9:58:b6:db:35:75:8f:eb:d6:21:fb:ca:c7:1d:07:
         59:c8:d3:ec:38:6a:2a:c5:2d:76:ed:e3:c0:5f:8a:13:f8:88:
         cd:41:8a:9c:4a:63:da:57:2c:25:7c:db:71:f2:d3:df:ce:14:
         39:ac:90:7a:85:a3:b0:96:1c:98:6e:b0:45:61:5e:4b:e9:95:
         fd:70:16:06:93:5b:bb:c6:63:c9:ba:4e:8d:f9:b2:7a:a1:fa:
         5b:c2:a1:52:6e:d2:ac:8d:db:9b:4c:b3:06:51:8b:44:d5:19:
         5e:1d:df:ba:a8:d8:3f:0d:98:ea:29:bd:35:2c:a0:bd:52:71:
         9d:b7:cf:83:d5:71:1b:fd:50:7e:c9:ff:db:82:ef:d1:7b:57:
         9b:31:2e:a9:89:1b:c6:50:65:e2:c9:5e:12:75:00:cf:5f:b0:
         12:5b:de:02:25:fd:b7:88:a5:8c:9b:eb:d7:c7:0e:4e:43:a1:
         13:02:1b:29:d9:fe:2e:ea:c2:d4:c9:23:ec:0c:12:a4:ad:d4:
         74:dd:18:4f:5b:a5:d7:93:5b:7d:ed:4c:c2:6a:cc:8b:df:13:
         8d:e7:71:6c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzubrFAfcLHr+oyKWY8FPKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NWNmODllZTU2Mjc5N2U3NzVhYTRkMWQxZjdlNDVmNDY2
YTczYzMwHhcNMjQwMTA5MTMzNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmNmZWY3NGRhZjFhMjA5NjhhMzUyNDVmYWVmZmRlYmQxODdjMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEHSu+XQd/PIHObOTDNKGQ/aga2F
IL7bFE1Rgxf6iBxQoasX06XpcCTGuORhKLx5CPCsrUfmHjZnxxZ192Pv7e0ZBFps
EbHNXOPZhX/bJP8UihEOCdnLogFRoEWDYncZ2145wEmHpm2C3VFdqinYXFa/pf48
uL7fJHFVjIo8JSbJ3xwSR4ZLWieJhdqQxP5fSzit1nx1EME86dOtH6Lw2al7aMNo
FEJ6Xz9ez7tstYa6vAXfbcFBA4dAkOS3lzuYE+ejss1KSduXmMSc+/dFKL8QKpyg
Amal4dxm+0voDVTD5uNnR+fP5EDLi4z1NOHfu53wKno6VuOv+X5KzNsPiQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC/P73Ta8aIJaKNSRfrv/evRh8HIMB8GA1UdIwQY
MBaAFKVc+J7lYnl+d1qk0dH35F9GanPDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFZ6NG51VmllWDUzV3FUUjBmZmtYMFpxYzhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iNzJjYjAtMGU1Ny00NjhjLTg5ZjAt
YWJjYjFlNzU4MmIzLzEvTDhfdmROcnhvZ2xvbzFKRi11Xzk2OUdId2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iNzJjYjAtMGU1Ny00NjhjLTg5ZjAtYWJjYjFlNzU4MmIz
LzEvcFZ6NG51VmllWDUzV3FUUjBmZmtYMFpxYzhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhNaRzAN
BgkqhkiG9w0BAQsFAAOCAQEAp+FUR04JFj5KcuWVSDKl5YobNUHUbVGLLnrWSauJ
+c4pk/TwhRHV+Vi22zV1j+vWIfvKxx0HWcjT7DhqKsUtdu3jwF+KE/iIzUGKnEpj
2lcsJXzbcfLT384UOayQeoWjsJYcmG6wRWFeS+mV/XAWBpNbu8ZjybpOjfmyeqH6
W8KhUm7SrI3bm0yzBlGLRNUZXh3fuqjYPw2Y6im9NSygvVJxnbfPg9VxG/1Qfsn/
24Lv0XtXmzEuqYkbxlBl4sleEnUAz1+wElveAiX9t4iljJvr18cOTkOhEwIbKdn+
LurC1Mkj7AwSpK3UdN0YT1ul15Nbfe1MwmrMi98TjedxbA==
-----END CERTIFICATE-----