Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/btjmbepI_w844jEd-2ULHOad4jA.roa
File:                     btjmbepI_w844jEd-2ULHOad4jA.roa (raw, json)
Hash identifier:          Q4YU1m+uv7smKY3VyZzNx1MNAHlgcuqBR8RzVtYNCUo=
Subject key identifier:   6E:D8:E6:6D:EA:48:FF:0F:38:E2:31:1D:FB:65:0B:1C:E6:9D:E2:30
Certificate issuer:       /CN=a55cf89ee562797e775aa4d1d1f7e45f466a73c3
Certificate serial:       018CEE6EB1D6704FA2BF298E911F5A8BB822
Authority key identifier: A5:5C:F8:9E:E5:62:79:7E:77:5A:A4:D1:D1:F7:E4:5F:46:6A:73:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pVz4nuVieX53WqTR0ffkX0Zqc8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/btjmbepI_w844jEd-2ULHOad4jA.roa
Signing time:             Tue 09 Jan 2024 13:34:41 +0000
ROA not before:           Tue 09 Jan 2024 13:34:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:5a47::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/pVz4nuVieX53WqTR0ffkX0Zqc8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/pVz4nuVieX53WqTR0ffkX0Zqc8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pVz4nuVieX53WqTR0ffkX0Zqc8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:6e:b1:d6:70:4f:a2:bf:29:8e:91:1f:5a:8b:b8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a55cf89ee562797e775aa4d1d1f7e45f466a73c3
        Validity
            Not Before: Jan  9 13:34:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ed8e66dea48ff0f38e2311dfb650b1ce69de230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9e:44:c4:d7:69:8e:55:1d:eb:2f:5f:5c:fb:
                    8a:ab:81:c3:bc:26:86:2b:7f:32:99:a5:ba:99:d1:
                    ed:41:b0:ed:4d:93:50:47:e5:df:1a:d7:12:fc:d8:
                    84:e9:08:3f:19:b4:d3:31:58:4d:94:53:04:97:2d:
                    9b:b6:54:24:44:c8:61:ac:46:c1:e7:3c:6b:8c:10:
                    7c:00:5e:09:13:45:58:43:9a:1a:8a:47:0d:f3:de:
                    4b:e1:6a:b2:8e:31:24:e3:bf:e5:77:0a:3b:97:1d:
                    77:70:0a:6d:0c:3a:e8:32:a7:39:35:f3:7a:b1:0c:
                    b7:b6:1f:8b:02:65:a0:f8:05:0c:df:4e:b4:75:76:
                    15:91:88:ea:eb:71:a2:2a:c5:36:f0:43:4d:9f:5d:
                    d1:32:2f:37:e3:d9:88:c0:9e:80:e7:3b:d3:5e:3d:
                    d8:40:af:e2:ec:57:3f:ca:38:0e:fa:8b:a8:98:ac:
                    9a:ac:f0:c9:81:11:92:bd:83:b1:be:ec:63:cc:97:
                    4d:ed:b7:b1:e1:d1:0a:01:30:7c:00:f7:5f:68:de:
                    23:12:ac:0a:42:10:d1:e6:a7:e7:da:f2:e8:cd:b3:
                    ac:72:d1:03:84:5b:f0:2b:3a:6d:d8:eb:ec:eb:20:
                    ab:7d:1b:81:61:ed:e5:2c:f3:54:39:c8:33:56:42:
                    c1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D8:E6:6D:EA:48:FF:0F:38:E2:31:1D:FB:65:0B:1C:E6:9D:E2:30
            X509v3 Authority Key Identifier:
                keyid:A5:5C:F8:9E:E5:62:79:7E:77:5A:A4:D1:D1:F7:E4:5F:46:6A:73:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pVz4nuVieX53WqTR0ffkX0Zqc8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/btjmbepI_w844jEd-2ULHOad4jA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b72cb0-0e57-468c-89f0-abcb1e7582b3/1/pVz4nuVieX53WqTR0ffkX0Zqc8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5a47::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:b0:4c:93:66:67:93:e4:d3:fa:f3:93:1d:96:35:a4:6e:11:
         bf:5a:bb:01:b8:1a:57:72:f4:70:7f:1a:65:a3:c1:38:3d:2a:
         89:58:58:6b:da:54:47:df:fd:33:43:d1:65:f9:de:38:01:dc:
         34:24:12:25:b0:fb:9e:ed:ae:df:bc:2a:79:00:18:70:e0:07:
         39:35:06:bd:05:cc:15:b5:65:7f:02:c5:be:b3:1a:4c:76:ab:
         aa:f6:d0:23:8c:88:be:cd:e6:24:c8:f3:dd:14:a1:eb:42:8e:
         dc:52:4e:58:ee:cf:f8:a5:ac:bc:fa:de:30:32:98:45:d3:3a:
         d1:87:e8:f9:4a:d4:28:94:cc:1a:26:4a:94:ab:a8:b1:66:3f:
         d4:80:f8:f4:8f:26:c6:59:cd:4b:f5:93:fc:ef:11:60:5b:a5:
         68:94:6a:bd:01:28:d8:31:be:49:22:2b:7b:97:a0:e0:d8:81:
         3d:0e:51:52:51:cb:0a:bc:10:a4:c3:27:12:26:a2:ae:18:d9:
         b5:e0:02:03:2a:0d:5a:a1:0a:12:fb:ef:39:fe:9f:1c:fc:82:
         d7:fd:fb:76:2a:f0:8f:97:b9:34:d9:b6:fd:b1:63:31:f1:4e:
         de:91:5d:5f:f3:12:15:31:28:69:ba:f4:96:53:91:d5:b2:0e:
         48:81:e9:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzubrHWcE+ivymOkR9ai7giMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NWNmODllZTU2Mjc5N2U3NzVhYTRkMWQxZjdlNDVmNDY2
YTczYzMwHhcNMjQwMTA5MTMzNDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ4ZTY2ZGVhNDhmZjBmMzhlMjMxMWRmYjY1MGIxY2U2OWRlMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj55ExNdpjlUd6y9fXPuKq4HDvCaG
K38ymaW6mdHtQbDtTZNQR+XfGtcS/NiE6Qg/GbTTMVhNlFMEly2btlQkRMhhrEbB
5zxrjBB8AF4JE0VYQ5oaikcN895L4WqyjjEk47/ldwo7lx13cAptDDroMqc5NfN6
sQy3th+LAmWg+AUM3060dXYVkYjq63GiKsU28ENNn13RMi8349mIwJ6A5zvTXj3Y
QK/i7Fc/yjgO+ouomKyarPDJgRGSvYOxvuxjzJdN7bex4dEKATB8APdfaN4jEqwK
QhDR5qfn2vLozbOsctEDhFvwKzpt2Ovs6yCrfRuBYe3lLPNUOcgzVkLBCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG7Y5m3qSP8POOIxHftlCxzmneIwMB8GA1UdIwQY
MBaAFKVc+J7lYnl+d1qk0dH35F9GanPDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFZ6NG51VmllWDUzV3FUUjBmZmtYMFpxYzhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iNzJjYjAtMGU1Ny00NjhjLTg5ZjAt
YWJjYjFlNzU4MmIzLzEvYnRqbWJlcElfdzg0NGpFZC0yVUxIT2FkNGpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iNzJjYjAtMGU1Ny00NjhjLTg5ZjAtYWJjYjFlNzU4MmIz
LzEvcFZ6NG51VmllWDUzV3FUUjBmZmtYMFpxYzhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhNaRzAN
BgkqhkiG9w0BAQsFAAOCAQEAa7BMk2Znk+TT+vOTHZY1pG4Rv1q7AbgaV3L0cH8a
ZaPBOD0qiVhYa9pUR9/9M0PRZfneOAHcNCQSJbD7nu2u37wqeQAYcOAHOTUGvQXM
FbVlfwLFvrMaTHarqvbQI4yIvs3mJMjz3RSh60KO3FJOWO7P+KWsvPreMDKYRdM6
0Yfo+UrUKJTMGiZKlKuosWY/1ID49I8mxlnNS/WT/O8RYFulaJRqvQEo2DG+SSIr
e5eg4NiBPQ5RUlHLCrwQpMMnEiairhjZteACAyoNWqEKEvvvOf6fHPyC1/37dirw
j5e5NNm2/bFjMfFO3pFdX/MSFTEoabr0llOR1bIOSIHp7g==
-----END CERTIFICATE-----