Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/RUU40cDYq8Ti31jdK_PUhu3l2pg.roa
File:                     RUU40cDYq8Ti31jdK_PUhu3l2pg.roa (raw, json)
Hash identifier:          EbY1urJS1NyjiiExRPThkLUpQt08jwAlGmtdCSD3vgw=
Subject key identifier:   45:45:38:D1:C0:D8:AB:C4:E2:DF:58:DD:2B:F3:D4:86:ED:E5:DA:98
Certificate issuer:       /CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
Certificate serial:       018CC56E054775745A1CD726B0FA0E386091
Authority key identifier: AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/RUU40cDYq8Ti31jdK_PUhu3l2pg.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204333
IP address blocks:        2a13:5681::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:05:47:75:74:5a:1c:d7:26:b0:fa:0e:38:60:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=454538d1c0d8abc4e2df58dd2bf3d486ede5da98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d6:cc:bd:54:c2:46:3e:ac:78:50:a5:84:13:
                    0c:fc:48:cc:fa:cb:45:59:3d:86:23:30:22:a2:bb:
                    d3:9f:cd:f2:eb:e3:ca:10:5b:24:3d:64:29:79:d7:
                    c3:6a:01:e3:fa:df:73:b5:55:11:34:28:8b:84:d8:
                    56:d2:ac:35:4d:a9:61:17:5a:9a:b7:48:7d:39:94:
                    bc:8d:d6:ae:28:43:22:3e:10:64:7c:de:55:1e:d9:
                    d0:56:be:b7:d7:06:81:d0:58:9e:e6:03:6a:ec:2a:
                    f0:1a:55:6f:ce:e9:af:69:d2:87:f7:54:87:3e:5a:
                    7d:17:d4:b2:7d:c7:c5:cd:e6:6f:e9:7d:4d:32:a1:
                    08:ce:21:2c:ef:dd:e9:37:52:f2:32:e4:65:ff:30:
                    e4:56:3d:0a:ef:12:d4:2b:57:b0:a4:d2:00:e2:4e:
                    e0:01:e6:01:a8:77:2e:9b:43:ff:e8:f3:fd:b3:1d:
                    dc:c6:d8:be:d5:97:e5:0a:f7:8d:5d:ec:45:dc:72:
                    7b:c9:82:fb:17:dc:70:5f:03:b6:08:86:5a:fb:ed:
                    03:ae:66:a4:8d:86:e6:69:4e:ec:db:3b:e0:14:06:
                    7b:1d:8e:1a:4b:e5:85:b1:a8:77:f0:0a:a8:41:bf:
                    13:48:f7:30:6e:bd:6f:fc:07:62:02:9a:00:8f:8d:
                    7d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:45:38:D1:C0:D8:AB:C4:E2:DF:58:DD:2B:F3:D4:86:ED:E5:DA:98
            X509v3 Authority Key Identifier:
                keyid:AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/RUU40cDYq8Ti31jdK_PUhu3l2pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5681::/40

    Signature Algorithm: sha256WithRSAEncryption
         49:3c:dd:81:b6:61:db:df:25:af:46:38:67:09:2d:58:d2:72:
         61:18:fe:f3:6c:72:e9:e0:96:3a:b7:45:98:7c:ed:bb:d1:4b:
         c7:36:a5:77:09:47:f6:cd:94:5e:66:3d:37:7b:95:3b:01:45:
         c7:7f:af:91:c6:e4:48:cb:e4:45:0a:62:ac:bc:48:bb:50:7d:
         35:7a:73:71:31:47:cd:41:7b:bf:38:8e:d5:93:eb:04:a3:fc:
         91:22:ba:4a:c5:63:18:3f:dd:9b:6c:b3:e2:52:0d:0d:00:18:
         d8:b8:ef:48:2c:93:36:75:5c:57:20:9b:dc:c1:cb:e3:c3:52:
         94:ed:5e:34:3a:0e:f0:d8:79:4f:af:13:e8:f5:9e:f5:73:4b:
         be:c0:57:38:6a:d7:f2:7e:d0:bc:76:b0:78:7e:b7:48:85:e7:
         39:fd:0e:e8:d1:9c:68:3a:57:e4:76:d8:4b:4e:a3:fe:aa:c0:
         4d:aa:33:77:bc:dd:87:be:37:b3:84:3f:05:0f:23:29:07:d0:
         1c:06:73:a2:8e:a4:09:56:1e:1c:1b:22:46:03:e8:03:58:10:
         23:97:24:0b:20:9d:35:5b:b2:f1:d6:72:65:94:70:f1:96:75:
         ae:2c:74:2f:9f:05:89:a3:2f:11:67:9d:9d:e0:03:f9:63:e6:
         33:fa:61:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbgVHdXRaHNcmsPoOOGCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZDg3YmJlZjU5NDM1NDZiMmE4M2QzMWVjMmI5OWFkODgz
ZDUxZDcwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQ1MzhkMWMwZDhhYmM0ZTJkZjU4ZGQyYmYzZDQ4NmVkZTVkYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtbMvVTCRj6seFClhBMM/EjM+stF
WT2GIzAiorvTn83y6+PKEFskPWQpedfDagHj+t9ztVURNCiLhNhW0qw1TalhF1qa
t0h9OZS8jdauKEMiPhBkfN5VHtnQVr631waB0Fie5gNq7CrwGlVvzumvadKH91SH
Plp9F9SyfcfFzeZv6X1NMqEIziEs793pN1LyMuRl/zDkVj0K7xLUK1ewpNIA4k7g
AeYBqHcum0P/6PP9sx3cxti+1ZflCveNXexF3HJ7yYL7F9xwXwO2CIZa++0Drmak
jYbmaU7s2zvgFAZ7HY4aS+WFsah38AqoQb8TSPcwbr1v/AdiApoAj419xwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEVFONHA2KvE4t9Y3Svz1Ibt5dqYMB8GA1UdIwQY
MBaAFKvYe771lDVGsqg9Mewrma2IPVHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYt
MmY1Yzc0YzY5YWUxLzEvUlVVNDBjRFlxOFRpMzFqZEtfUFVodTNsMnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYtMmY1Yzc0YzY5YWUx
LzEvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhNWgQAw
DQYJKoZIhvcNAQELBQADggEBAEk83YG2YdvfJa9GOGcJLVjScmEY/vNscungljq3
RZh87bvRS8c2pXcJR/bNlF5mPTd7lTsBRcd/r5HG5EjL5EUKYqy8SLtQfTV6c3Ex
R81Be784jtWT6wSj/JEiukrFYxg/3Ztss+JSDQ0AGNi470gskzZ1XFcgm9zBy+PD
UpTtXjQ6DvDYeU+vE+j1nvVzS77AVzhq1/J+0Lx2sHh+t0iF5zn9DujRnGg6V+R2
2EtOo/6qwE2qM3e83Ye+N7OEPwUPIykH0BwGc6KOpAlWHhwbIkYD6ANYECOXJAsg
nTVbsvHWcmWUcPGWda4sdC+fBYmjLxFnnZ3gA/lj5jP6YeI=
-----END CERTIFICATE-----