Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/1-df6Xltt3IIwh-BNtFHOzeAKA2Y.roa
File:                     1-df6Xltt3IIwh-BNtFHOzeAKA2Y.roa (raw, json)
Hash identifier:          pTts1mH90ktfyl5CdpGc8ObTujkV38UQBL/pvBDiUUc=
Subject key identifier:   F9:D7:FA:5E:5B:6D:DC:82:30:87:E0:4D:B4:51:CE:CD:E0:0A:03:66
Certificate issuer:       /CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
Certificate serial:       018CCA29F9D1F53FFE6CF8A8E58486358033
Authority key identifier: 7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/1-df6Xltt3IIwh-BNtFHOzeAKA2Y.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207175
IP address blocks:        2a13:79c0:ff00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f9:d1:f5:3f:fe:6c:f8:a8:e5:84:86:35:80:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9d7fa5e5b6ddc823087e04db451cecde00a0366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6e:6f:be:17:b2:51:6a:97:30:89:02:ef:c5:
                    bc:cf:07:bc:a9:96:e3:d3:77:da:2d:7c:aa:b7:80:
                    f0:6f:0d:1e:27:c7:95:e7:e4:41:c1:ba:46:f7:4a:
                    b6:62:c6:aa:d1:da:fc:fd:df:f1:9d:0e:36:42:c1:
                    1d:bb:f8:63:96:c5:80:a9:db:50:d9:33:22:86:00:
                    7c:f4:99:c9:72:b1:de:51:f8:44:e0:78:64:8b:ae:
                    ab:fe:26:aa:f4:61:57:54:49:88:90:96:84:e8:92:
                    8f:c4:0d:c6:50:27:ee:66:ed:04:bd:82:55:46:41:
                    91:4d:5c:ed:e5:df:fd:a6:74:2f:de:40:4d:d8:87:
                    f9:e1:da:8b:68:f8:37:1e:8a:04:b5:6e:27:e4:41:
                    ca:eb:51:27:ce:73:eb:29:bb:e3:69:c7:e8:12:0a:
                    ce:81:cc:93:3c:1b:f6:e2:86:d7:82:a5:df:d7:c5:
                    d8:5d:d6:df:39:95:b0:5d:31:b8:84:d9:e5:3d:fa:
                    bb:da:9f:05:45:21:5d:82:a6:11:d1:af:3b:b1:2d:
                    4a:98:d4:c2:2f:63:01:4d:32:48:d2:51:ac:5b:38:
                    62:72:eb:e0:7e:94:9f:1b:17:6b:b1:c2:be:e8:76:
                    d6:83:b1:19:5b:7e:55:3a:70:69:0e:85:3e:1b:ad:
                    cf:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:D7:FA:5E:5B:6D:DC:82:30:87:E0:4D:B4:51:CE:CD:E0:0A:03:66
            X509v3 Authority Key Identifier:
                keyid:7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/1-df6Xltt3IIwh-BNtFHOzeAKA2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:79c0:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:31:1b:33:5d:8b:d4:fe:74:5f:6d:11:7f:0a:ae:43:00:e1:
         61:5c:c9:c6:35:46:e3:e0:bb:36:11:16:68:a5:72:39:21:38:
         7e:6e:ed:3c:16:f0:ff:ef:c3:5e:2d:77:3d:d1:9b:fe:16:d5:
         0b:a7:24:82:4c:8b:31:6f:a0:3e:f1:a3:ac:4a:08:9c:2c:9f:
         86:60:ee:76:42:0c:7d:06:0d:a7:05:cd:e8:6e:38:49:0d:a6:
         46:ae:29:ce:48:5c:45:63:50:9f:b8:cb:c3:82:0d:d2:67:59:
         de:63:de:c4:fb:b1:82:20:80:84:bf:f5:e8:0c:a3:94:e6:4f:
         27:66:3c:7c:c2:11:93:ea:dc:27:56:5c:0d:c5:87:ae:25:64:
         cf:0e:84:36:5a:f8:5d:6a:30:7b:d5:87:c3:f1:67:f9:e6:3e:
         48:9f:75:8f:38:43:81:86:cd:ca:06:00:f2:f6:72:ea:0d:54:
         a4:8c:b4:e7:74:26:d3:00:d8:f7:f1:f4:1d:56:5f:77:d5:f5:
         7b:fc:88:4f:a7:3d:c4:d6:64:89:a2:dc:9f:37:03:68:7d:b7:
         20:cb:ed:b4:05:c8:b2:2e:40:54:bd:e2:aa:1a:99:77:82:c6:
         dc:54:b7:c2:77:27:42:fc:8c:e6:e7:0f:96:74:86:91:9a:4b:
         70:38:b8:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKfnR9T/+bPio5YSGNYAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOTY1ZWE2YjM5YzIyYWVjMmFkMmQ0ZDRjMGEzYTMxM2Rm
MWRlZmEwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWQ3ZmE1ZTViNmRkYzgyMzA4N2UwNGRiNDUxY2VjZGUwMGEwMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW5vvheyUWqXMIkC78W8zwe8qZbj
03faLXyqt4Dwbw0eJ8eV5+RBwbpG90q2Ysaq0dr8/d/xnQ42QsEdu/hjlsWAqdtQ
2TMihgB89JnJcrHeUfhE4Hhki66r/iaq9GFXVEmIkJaE6JKPxA3GUCfuZu0EvYJV
RkGRTVzt5d/9pnQv3kBN2If54dqLaPg3HooEtW4n5EHK61EnznPrKbvjacfoEgrO
gcyTPBv24obXgqXf18XYXdbfOZWwXTG4hNnlPfq72p8FRSFdgqYR0a87sS1KmNTC
L2MBTTJI0lGsWzhicuvgfpSfGxdrscK+6HbWg7EZW35VOnBpDoU+G63P4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPnX+l5bbdyCMIfgTbRRzs3gCgNmMB8GA1UdIwQY
MBaAFH2WXqaznCKuwq0tTUwKOjE98d76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjct
MzJmNWE5NTA3NzMxLzEvMS1kZjZYbHR0M0lJd2gtQk50RkhPemVBS0EyWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTUvZGJiMjJiLTJhMWEtNDc2Mi1hMGY3LTMyZjVhOTUwNzcz
MS8xL2ZaWmVwck9jSXE3Q3JTMU5UQW82TVQzeDN2by5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoTecD/
MA0GCSqGSIb3DQEBCwUAA4IBAQAJMRszXYvU/nRfbRF/Cq5DAOFhXMnGNUbj4Ls2
ERZopXI5ITh+bu08FvD/78NeLXc90Zv+FtULpySCTIsxb6A+8aOsSgicLJ+GYO52
Qgx9Bg2nBc3objhJDaZGrinOSFxFY1CfuMvDgg3SZ1neY97E+7GCIICEv/XoDKOU
5k8nZjx8whGT6twnVlwNxYeuJWTPDoQ2WvhdajB71YfD8Wf55j5In3WPOEOBhs3K
BgDy9nLqDVSkjLTndCbTANj38fQdVl931fV7/IhPpz3E1mSJotyfNwNofbcgy+20
BciyLkBUveKqGpl3gsbcVLfCdydC/Izm5w+WdIaRmktwOLjC
-----END CERTIFICATE-----