Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/FflGgEqWyj-DNnL4ZOjfpO_5jVc.roa
File:                     FflGgEqWyj-DNnL4ZOjfpO_5jVc.roa (raw, json)
Hash identifier:          h36hkfh5xo/bj1xxQzprWPWaQpGhxeLMaz6HBfNpyaM=
Subject key identifier:   15:F9:46:80:4A:96:CA:3F:83:36:72:F8:64:E8:DF:A4:EF:F9:8D:57
Certificate issuer:       /CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
Certificate serial:       018CCA29FA1ABD5DDBCDCADC65CC691D4EA6
Authority key identifier: 7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/FflGgEqWyj-DNnL4ZOjfpO_5jVc.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208029
IP address blocks:        2a13:79c7:2100::/40 maxlen: 48
                          2a13:79c7:2122::/47 maxlen: 47
                          2a13:79c7:2124::/47 maxlen: 47
                          2a13:79c7:2120::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fa:1a:bd:5d:db:cd:ca:dc:65:cc:69:1d:4e:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15f946804a96ca3f833672f864e8dfa4eff98d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:39:eb:02:6e:93:4c:d0:0e:7a:1d:e9:fb:51:
                    19:fb:60:e8:4b:d6:02:3f:21:03:cd:cd:0e:dd:6e:
                    e9:d6:11:10:9c:69:cf:e4:bb:37:c3:5d:84:c7:54:
                    9f:5f:e0:33:ba:49:d2:66:d0:4a:cb:43:3e:a2:3f:
                    1a:5d:9a:52:7c:2a:5d:c5:a2:d6:14:07:0d:e5:47:
                    24:0a:68:75:34:88:50:fa:7f:bd:d8:06:bf:a7:0e:
                    0c:e8:a2:07:63:6c:4b:bb:11:d0:b4:3d:14:d0:27:
                    8e:b7:3a:ae:ea:00:1f:c2:06:cf:fb:61:8c:9a:f8:
                    02:e5:ff:05:7d:00:12:9d:7d:84:79:80:26:95:90:
                    c1:30:68:fa:32:37:5a:00:6b:8d:0c:b5:11:c9:12:
                    ac:95:98:87:09:e5:3d:57:fe:34:42:b3:4e:2a:e1:
                    50:02:25:56:26:e5:9b:ea:e6:06:1c:2d:87:19:85:
                    0a:5d:9d:90:92:ec:6b:64:68:62:78:b1:57:51:b2:
                    28:f9:f1:0a:d3:15:c7:ed:6f:c5:87:54:78:66:ef:
                    5e:09:d1:80:a1:27:10:7a:4e:ad:d4:a8:4b:76:29:
                    cb:1b:4c:cc:d0:90:68:af:0f:8f:bb:4b:f2:85:23:
                    b1:7e:7f:6e:d4:18:12:1f:80:01:16:5f:a4:79:9b:
                    62:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F9:46:80:4A:96:CA:3F:83:36:72:F8:64:E8:DF:A4:EF:F9:8D:57
            X509v3 Authority Key Identifier:
                keyid:7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/FflGgEqWyj-DNnL4ZOjfpO_5jVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:79c7:2100::/40

    Signature Algorithm: sha256WithRSAEncryption
         71:6c:d0:1e:94:7c:ac:7e:ea:d0:9b:41:cc:b4:32:8f:0c:b1:
         c0:37:09:70:42:32:8c:fa:91:4a:c7:a8:65:6c:89:a0:51:6c:
         3c:30:51:07:4c:9e:ae:f7:b6:90:3c:08:1a:d6:9c:2a:7e:44:
         c4:bc:90:d1:4e:a8:c5:41:7a:a4:38:e6:f0:e1:8a:70:d3:1e:
         77:62:27:f6:73:a2:fd:a6:06:1d:b5:d1:b9:a7:83:ec:ed:83:
         37:e0:d0:cc:85:d5:30:ac:84:28:f2:e3:3d:fb:89:5e:bf:28:
         b6:66:2c:6a:60:42:ba:62:29:09:1a:4f:46:16:56:59:c3:7b:
         6c:3c:5f:a5:03:43:82:88:eb:fc:aa:a5:5e:72:8a:3f:66:d5:
         d9:16:dd:83:bb:cb:f3:dd:82:9e:51:69:24:d1:3a:ea:c2:85:
         07:a6:d2:1a:03:38:a4:b8:07:8b:25:f3:3f:4a:f9:58:81:c4:
         1d:9f:e3:95:94:e2:71:90:6a:0e:4b:21:60:b2:a5:3d:10:f4:
         2c:72:53:6e:55:90:2f:c6:70:79:fa:f5:90:35:f6:91:b2:e7:
         e1:f9:5d:ca:41:67:16:9a:4c:ba:28:c4:73:40:27:c3:29:c0:
         e9:11:07:33:e0:c6:17:cc:83:ee:83:0f:47:9e:cc:21:90:be:
         50:e3:ae:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKfoavV3bzcrcZcxpHU6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOTY1ZWE2YjM5YzIyYWVjMmFkMmQ0ZDRjMGEzYTMxM2Rm
MWRlZmEwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWY5NDY4MDRhOTZjYTNmODMzNjcyZjg2NGU4ZGZhNGVmZjk4ZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDnrAm6TTNAOeh3p+1EZ+2DoS9YC
PyEDzc0O3W7p1hEQnGnP5Ls3w12Ex1SfX+AzuknSZtBKy0M+oj8aXZpSfCpdxaLW
FAcN5UckCmh1NIhQ+n+92Aa/pw4M6KIHY2xLuxHQtD0U0CeOtzqu6gAfwgbP+2GM
mvgC5f8FfQASnX2EeYAmlZDBMGj6MjdaAGuNDLURyRKslZiHCeU9V/40QrNOKuFQ
AiVWJuWb6uYGHC2HGYUKXZ2QkuxrZGhieLFXUbIo+fEK0xXH7W/Fh1R4Zu9eCdGA
oScQek6t1KhLdinLG0zM0JBorw+Pu0vyhSOxfn9u1BgSH4ABFl+keZtinwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBX5RoBKlso/gzZy+GTo36Tv+Y1XMB8GA1UdIwQY
MBaAFH2WXqaznCKuwq0tTUwKOjE98d76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjct
MzJmNWE5NTA3NzMxLzEvRmZsR2dFcVd5ai1ETm5MNFpPamZwT181alZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjctMzJmNWE5NTA3NzMx
LzEvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhN5xyEw
DQYJKoZIhvcNAQELBQADggEBAHFs0B6UfKx+6tCbQcy0Mo8MscA3CXBCMoz6kUrH
qGVsiaBRbDwwUQdMnq73tpA8CBrWnCp+RMS8kNFOqMVBeqQ45vDhinDTHndiJ/Zz
ov2mBh210bmng+ztgzfg0MyF1TCshCjy4z37iV6/KLZmLGpgQrpiKQkaT0YWVlnD
e2w8X6UDQ4KI6/yqpV5yij9m1dkW3YO7y/Pdgp5RaSTROurChQem0hoDOKS4B4sl
8z9K+ViBxB2f45WU4nGQag5LIWCypT0Q9CxyU25VkC/GcHn69ZA19pGy5+H5XcpB
ZxaaTLooxHNAJ8MpwOkRBzPgxhfMg+6DD0eezCGQvlDjrg8=
-----END CERTIFICATE-----