Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Urjg02cWnXdIID-cPVFc7Sl_3WM.roa
File:                     Urjg02cWnXdIID-cPVFc7Sl_3WM.roa (raw, json)
Hash identifier:          L5RoRkzac83wL4jzdVt51sAfdHLnRpVU8iv3HRE1gs8=
Subject key identifier:   52:B8:E0:D3:67:16:9D:77:48:20:3F:9C:3D:51:5C:ED:29:7F:DD:63
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0191AF1D0FAC376C8E2923081BAA8EB0BC83
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Urjg02cWnXdIID-cPVFc7Sl_3WM.roa
Signing time:             Sun 01 Sep 2024 19:43:22 +0000
ROA not before:           Sun 01 Sep 2024 19:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215567
IP address blocks:        2a13:a440:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:af:1d:0f:ac:37:6c:8e:29:23:08:1b:aa:8e:b0:bc:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Sep  1 19:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52b8e0d367169d7748203f9c3d515ced297fdd63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:31:cd:dc:2c:97:7f:64:3e:35:07:f6:34:8f:
                    6c:bd:80:d7:08:70:dd:e5:fa:98:e1:99:bb:fb:e0:
                    6c:45:5f:42:ca:a5:95:b2:48:6f:2a:a6:79:51:bb:
                    d7:b4:0c:a2:1e:f6:e5:37:7b:e4:e2:43:5c:0a:13:
                    04:42:9e:3e:3b:76:a3:4e:a8:37:01:43:fd:b4:47:
                    86:74:a7:e3:2c:95:ba:1b:8b:9b:cf:26:4d:e9:76:
                    c0:90:43:4d:a0:4c:12:22:b8:5e:3a:17:7f:cd:77:
                    66:5f:ce:d0:ab:2b:09:79:3f:2b:40:1c:a3:a5:a1:
                    40:d4:c9:45:b3:14:6a:a0:e4:fe:3a:be:21:86:05:
                    f8:c9:74:c8:f3:c2:f0:42:f4:02:83:0e:05:72:0b:
                    b3:fd:31:d2:54:bd:17:28:4f:04:2c:5e:86:9e:fd:
                    05:33:d9:84:fb:3f:ec:f2:8c:8a:c7:bf:5f:c9:81:
                    c8:14:7f:b7:54:dd:31:0b:ea:bf:66:e9:ee:f6:1c:
                    96:8f:5c:45:b9:f6:36:8f:cc:2f:8b:44:e6:f0:31:
                    d2:5a:9f:3e:56:1b:ae:a9:ad:9d:35:08:85:a6:49:
                    72:b5:b7:d9:f6:05:45:ed:25:4c:e5:ea:46:10:3d:
                    61:b7:9c:04:74:ab:d0:64:de:15:9d:51:13:c6:3a:
                    ed:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B8:E0:D3:67:16:9D:77:48:20:3F:9C:3D:51:5C:ED:29:7F:DD:63
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Urjg02cWnXdIID-cPVFc7Sl_3WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a440:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:62:e5:3b:01:44:cd:a8:0a:2a:75:00:87:19:39:a2:1e:00:
         dc:28:7e:ec:fd:5b:ea:3a:3d:d6:d8:91:f3:b2:87:82:b2:cc:
         2d:d5:8d:31:09:8d:4c:c7:7b:36:b1:1a:32:ff:8a:a4:8e:d0:
         ba:64:88:ca:0f:c9:47:4b:99:64:88:88:e0:34:d8:0f:4c:29:
         27:e0:54:be:04:2d:51:1e:4c:64:6d:e5:a3:8c:39:e3:e9:4e:
         13:48:1e:36:f0:a1:8e:83:b8:5c:5f:3f:04:63:ed:45:14:c4:
         3f:ca:4b:9a:02:5a:8d:50:31:d8:9a:e7:1a:55:ec:6c:63:2e:
         27:b1:57:f0:c2:f8:de:89:34:b6:19:da:88:ab:86:93:a0:55:
         6b:e0:8e:03:9b:7d:cf:65:6c:e9:3a:6f:1d:73:fb:49:1d:8c:
         18:c3:df:b3:32:81:e5:9a:d7:6b:18:34:98:ca:5c:36:ea:23:
         4a:4d:c2:b2:95:f4:05:13:5b:fa:48:3f:da:43:41:a2:37:1b:
         0d:ae:2f:4d:b3:94:f8:12:e0:d3:87:f2:33:52:93:48:4c:95:
         d4:cf:c0:ea:5b:85:9a:3e:d3:89:de:fd:5e:3f:ee:ef:dc:0a:
         90:97:02:ff:68:5b:0e:0a:17:0c:8e:ba:e0:a7:7b:fe:78:0f:
         b3:1f:93:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGvHQ+sN2yOKSMIG6qOsLyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjQwOTAxMTk0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmI4ZTBkMzY3MTY5ZDc3NDgyMDNmOWMzZDUxNWNlZDI5N2ZkZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzHN3CyXf2Q+NQf2NI9svYDXCHDd
5fqY4Zm7++BsRV9CyqWVskhvKqZ5UbvXtAyiHvblN3vk4kNcChMEQp4+O3ajTqg3
AUP9tEeGdKfjLJW6G4ubzyZN6XbAkENNoEwSIrheOhd/zXdmX87QqysJeT8rQByj
paFA1MlFsxRqoOT+Or4hhgX4yXTI88LwQvQCgw4Fcguz/THSVL0XKE8ELF6Gnv0F
M9mE+z/s8oyKx79fyYHIFH+3VN0xC+q/Zunu9hyWj1xFufY2j8wvi0Tm8DHSWp8+
Vhuuqa2dNQiFpklytbfZ9gVF7SVM5epGED1ht5wEdKvQZN4VnVETxjrtnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFK44NNnFp13SCA/nD1RXO0pf91jMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvVXJqZzAyY1duWGRJSUQtY1BWRmM3U2xfM1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOkQAAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCKYuU7AUTNqAoqdQCHGTmiHgDcKH7s/VvqOj3W
2JHzsoeCsswt1Y0xCY1Mx3s2sRoy/4qkjtC6ZIjKD8lHS5lkiIjgNNgPTCkn4FS+
BC1RHkxkbeWjjDnj6U4TSB428KGOg7hcXz8EY+1FFMQ/ykuaAlqNUDHYmucaVexs
Yy4nsVfwwvjeiTS2GdqIq4aToFVr4I4Dm33PZWzpOm8dc/tJHYwYw9+zMoHlmtdr
GDSYylw26iNKTcKylfQFE1v6SD/aQ0GiNxsNri9Ns5T4EuDTh/IzUpNITJXUz8Dq
W4WaPtOJ3v1eP+7v3AqQlwL/aFsOChcMjrrgp3v+eA+zH5Mk
-----END CERTIFICATE-----