Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/bdzRLHw0V4R6ypzRjmIdyg__zzg.roa
File:                     bdzRLHw0V4R6ypzRjmIdyg__zzg.roa (raw, json)
Hash identifier:          MWtS0ZonjetnVfnwgAizYqcIwF4alOzcKV0tb0zFzcw=
Subject key identifier:   6D:DC:D1:2C:7C:34:57:84:7A:CA:9C:D1:8E:62:1D:CA:0F:FF:CF:38
Certificate issuer:       /CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
Certificate serial:       018CC56E0478BE907961BE929ED4D6116082
Authority key identifier: AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/bdzRLHw0V4R6ypzRjmIdyg__zzg.roa
Signing time:             Mon 01 Jan 2024 14:29:30 +0000
ROA not before:           Mon 01 Jan 2024 14:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34549
IP address blocks:        2a13:5681::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:04:78:be:90:79:61:be:92:9e:d4:d6:11:60:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
        Validity
            Not Before: Jan  1 14:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ddcd12c7c3457847aca9cd18e621dca0fffcf38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f2:97:73:a9:d0:59:56:13:87:c2:c3:e6:f7:
                    07:db:7f:7c:9c:89:e1:ad:71:93:14:46:50:29:f5:
                    20:47:98:14:ac:48:2a:63:9a:a6:8d:dd:ed:76:50:
                    a2:ed:dd:18:fa:41:85:a7:88:8b:32:1d:82:59:ca:
                    18:b5:9c:bb:11:ae:c8:89:10:d0:57:63:48:6a:0a:
                    d0:56:dd:65:dd:2d:4d:6d:01:b9:1b:93:b6:db:1c:
                    26:70:18:4d:91:c6:7e:98:3a:24:c0:62:75:bd:69:
                    01:91:5f:58:c1:75:87:67:42:2b:4f:91:c4:f0:c0:
                    a1:10:01:d2:b4:c2:3a:c8:c4:9d:07:58:81:71:bb:
                    f4:ef:d0:fe:1c:61:c2:bf:73:72:7f:7f:a4:eb:a5:
                    3e:fd:08:19:4a:7b:61:87:5f:9c:52:df:2c:fd:af:
                    a0:d2:0f:3f:94:5b:86:31:93:ae:89:07:24:f2:6f:
                    07:a1:30:2c:21:eb:8d:13:e2:3c:ba:ad:a2:7b:03:
                    f2:5a:18:a7:d3:51:06:e7:9d:ca:dd:43:a7:b4:27:
                    8e:d4:e8:b6:ff:44:9b:0c:46:65:bb:53:48:7a:c3:
                    5e:a9:9e:80:e1:15:12:92:62:d8:94:f2:21:b1:40:
                    a0:5b:90:15:29:a5:e3:65:16:fe:06:ea:2a:45:72:
                    94:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:DC:D1:2C:7C:34:57:84:7A:CA:9C:D1:8E:62:1D:CA:0F:FF:CF:38
            X509v3 Authority Key Identifier:
                keyid:AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/bdzRLHw0V4R6ypzRjmIdyg__zzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5681::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:ea:98:3f:1a:79:79:9b:bd:2e:be:b6:4a:94:21:84:5e:5b:
         85:34:24:d3:e8:c4:fb:8a:38:f5:dc:88:5b:8d:b0:4e:79:e0:
         1c:af:0d:c1:3a:78:fd:56:44:c3:04:2e:6a:ef:89:49:03:d3:
         69:94:49:ce:68:7f:5b:97:3b:cc:67:db:67:23:0c:ec:f2:cb:
         db:25:9a:cf:02:61:f9:e4:6a:44:7a:4e:b2:c8:42:a2:da:9d:
         72:93:3b:0e:8c:7d:91:35:9b:c5:6c:fa:89:1b:01:5a:98:5f:
         f7:22:0c:48:b3:65:b8:e1:58:3c:d5:0d:2f:6a:19:eb:fc:2d:
         20:a2:15:5a:59:7c:c1:27:02:4a:8c:0f:bf:7e:be:69:4a:d2:
         8a:b0:71:04:10:e7:7b:70:4e:58:e6:a5:7a:fa:7e:9f:cc:07:
         22:d0:a1:da:41:55:9c:9c:60:63:05:97:1e:27:cd:8e:ea:73:
         dc:ff:be:0e:db:58:0d:5a:02:24:fa:9c:6c:3a:6f:a5:48:27:
         4a:86:af:96:12:1f:74:24:a3:08:cd:1f:32:e1:9f:56:db:da:
         81:6c:16:0c:15:dd:ae:25:be:9d:dd:6b:80:55:92:5d:65:6c:
         5a:b2:02:0d:4a:5d:16:95:6e:a7:3a:4d:38:8d:61:34:1f:30:
         84:47:fd:08
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbgR4vpB5Yb6SntTWEWCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZDg3YmJlZjU5NDM1NDZiMmE4M2QzMWVjMmI5OWFkODgz
ZDUxZDcwHhcNMjQwMTAxMTQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGRjZDEyYzdjMzQ1Nzg0N2FjYTljZDE4ZTYyMWRjYTBmZmZjZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfKXc6nQWVYTh8LD5vcH2398nInh
rXGTFEZQKfUgR5gUrEgqY5qmjd3tdlCi7d0Y+kGFp4iLMh2CWcoYtZy7Ea7IiRDQ
V2NIagrQVt1l3S1NbQG5G5O22xwmcBhNkcZ+mDokwGJ1vWkBkV9YwXWHZ0IrT5HE
8MChEAHStMI6yMSdB1iBcbv079D+HGHCv3Nyf3+k66U+/QgZSnthh1+cUt8s/a+g
0g8/lFuGMZOuiQck8m8HoTAsIeuNE+I8uq2iewPyWhin01EG553K3UOntCeO1Oi2
/0SbDEZlu1NIesNeqZ6A4RUSkmLYlPIhsUCgW5AVKaXjZRb+BuoqRXKU4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG3c0Sx8NFeEesqc0Y5iHcoP/884MB8GA1UdIwQY
MBaAFKvYe771lDVGsqg9Mewrma2IPVHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYt
MmY1Yzc0YzY5YWUxLzEvYmR6UkxIdzBWNFI2eXB6UmptSWR5Z19fenpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYtMmY1Yzc0YzY5YWUx
LzEvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhNWgQAw
DQYJKoZIhvcNAQELBQADggEBAC7qmD8aeXmbvS6+tkqUIYReW4U0JNPoxPuKOPXc
iFuNsE554ByvDcE6eP1WRMMELmrviUkD02mUSc5of1uXO8xn22cjDOzyy9slms8C
YfnkakR6TrLIQqLanXKTOw6MfZE1m8Vs+okbAVqYX/ciDEizZbjhWDzVDS9qGev8
LSCiFVpZfMEnAkqMD79+vmlK0oqwcQQQ53twTljmpXr6fp/MByLQodpBVZycYGMF
lx4nzY7qc9z/vg7bWA1aAiT6nGw6b6VIJ0qGr5YSH3QkowjNHzLhn1bb2oFsFgwV
3a4lvp3da4BVkl1lbFqyAg1KXRaVbqc6TTiNYTQfMIRH/Qg=
-----END CERTIFICATE-----