Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/M8LBnQw3WLUQ_xguxWSMae0r8a8.roa
File:                     M8LBnQw3WLUQ_xguxWSMae0r8a8.roa (raw, json)
Hash identifier:          FFywbFCxUMtJ+3HCQYv9MDa/u3003/+na8S+rwjyWuk=
Subject key identifier:   33:C2:C1:9D:0C:37:58:B5:10:FF:18:2E:C5:64:8C:69:ED:2B:F1:AF
Certificate issuer:       /CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
Certificate serial:       018CCA29F9676B9345F7CBC245AE63F529F6
Authority key identifier: 7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/M8LBnQw3WLUQ_xguxWSMae0r8a8.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203529
IP address blocks:        2a13:79c7:1600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f9:67:6b:93:45:f7:cb:c2:45:ae:63:f5:29:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33c2c19d0c3758b510ff182ec5648c69ed2bf1af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:06:4f:6f:3e:e4:b7:0b:62:37:67:2e:87:d0:
                    4c:07:13:ce:1b:3f:24:49:e0:0c:f1:4e:5d:c9:aa:
                    5e:35:56:25:34:4a:3b:cf:db:59:91:61:64:4e:a8:
                    c5:d9:00:88:e1:ff:09:22:2a:fe:9c:62:c3:46:02:
                    7b:19:42:c1:66:d4:2b:8d:9c:0a:cf:92:0d:0f:62:
                    a7:db:94:bf:fd:6c:97:3a:b1:9e:34:cb:e9:ed:6b:
                    0b:7a:5a:23:39:18:d1:86:c7:f6:d4:d0:9d:95:d6:
                    e3:e9:d0:27:42:0d:46:8f:3c:ec:84:17:d4:55:b2:
                    2b:2f:f1:cc:2c:f7:e7:24:aa:65:84:92:b3:41:ef:
                    9f:08:6d:ba:c4:35:48:fc:c2:c2:4b:3a:58:7e:99:
                    2d:0a:ac:3f:7c:3f:2d:d5:c5:9e:c9:7f:3a:12:c1:
                    12:9a:58:61:bf:05:2f:3c:2e:f2:9b:2e:0a:9c:19:
                    55:d9:ee:15:d3:bf:fb:50:0d:0e:e3:3a:50:71:8b:
                    06:99:22:54:17:c5:7b:84:65:72:ed:56:f4:6f:3d:
                    61:c5:58:df:e8:6f:2f:79:24:8d:ae:32:94:eb:14:
                    26:5e:bd:64:12:68:ed:53:94:fe:38:9b:20:14:8c:
                    ec:db:1a:b2:de:3d:26:91:a5:b8:6d:c1:2c:c5:0a:
                    e6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C2:C1:9D:0C:37:58:B5:10:FF:18:2E:C5:64:8C:69:ED:2B:F1:AF
            X509v3 Authority Key Identifier:
                keyid:7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/M8LBnQw3WLUQ_xguxWSMae0r8a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:79c7:1600::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:ed:73:d5:bb:6e:17:2d:a2:be:da:32:f4:45:e2:4b:65:07:
         94:19:f5:62:0b:e8:d9:28:49:07:fa:78:03:9d:be:53:c9:4a:
         27:32:bf:da:da:70:31:9e:46:a6:21:47:11:0d:8c:4d:43:b9:
         71:b7:d8:41:d1:2d:f0:d2:25:26:75:76:83:76:21:8e:20:52:
         81:03:db:4e:91:1f:ea:b5:62:12:c7:fd:bb:39:b2:67:d5:2a:
         13:d4:47:39:33:f6:59:b8:df:9e:99:ca:da:ac:8c:42:9a:b4:
         48:12:da:e7:86:5a:3a:70:c9:4c:50:d0:29:ff:74:9d:56:13:
         4c:bf:f3:c2:39:2b:66:9c:3c:74:20:1b:7d:f2:93:32:bb:8c:
         27:4f:2e:26:5a:c0:23:23:8d:3e:b9:f6:2a:1c:bd:47:61:18:
         03:08:90:1c:21:61:f0:39:0a:d8:a5:92:12:1f:16:b5:cb:e9:
         6f:e8:1c:62:cb:1a:80:5d:88:48:dd:57:8b:96:e1:b9:d6:fa:
         40:1c:8d:94:f2:20:0b:33:e9:38:08:81:8b:f2:cc:ba:4e:01:
         57:16:3d:b3:18:c0:8b:11:68:73:d1:93:9d:7b:c6:6b:b5:d3:
         20:a4:cc:ea:6d:98:27:1d:2c:28:87:b3:7f:4d:c9:e4:16:71:
         1c:13:61:03
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKflna5NF98vCRa5j9Sn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOTY1ZWE2YjM5YzIyYWVjMmFkMmQ0ZDRjMGEzYTMxM2Rm
MWRlZmEwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2MyYzE5ZDBjMzc1OGI1MTBmZjE4MmVjNTY0OGM2OWVkMmJmMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQZPbz7ktwtiN2cuh9BMBxPOGz8k
SeAM8U5dyapeNVYlNEo7z9tZkWFkTqjF2QCI4f8JIir+nGLDRgJ7GULBZtQrjZwK
z5IND2Kn25S//WyXOrGeNMvp7WsLelojORjRhsf21NCdldbj6dAnQg1GjzzshBfU
VbIrL/HMLPfnJKplhJKzQe+fCG26xDVI/MLCSzpYfpktCqw/fD8t1cWeyX86EsES
mlhhvwUvPC7ymy4KnBlV2e4V07/7UA0O4zpQcYsGmSJUF8V7hGVy7Vb0bz1hxVjf
6G8veSSNrjKU6xQmXr1kEmjtU5T+OJsgFIzs2xqy3j0mkaW4bcEsxQrmCQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDPCwZ0MN1i1EP8YLsVkjGntK/GvMB8GA1UdIwQY
MBaAFH2WXqaznCKuwq0tTUwKOjE98d76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjct
MzJmNWE5NTA3NzMxLzEvTThMQm5RdzNXTFVRX3hndXhXU01hZTByOGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjctMzJmNWE5NTA3NzMx
LzEvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhN5xxYw
DQYJKoZIhvcNAQELBQADggEBAK7tc9W7bhctor7aMvRF4ktlB5QZ9WIL6NkoSQf6
eAOdvlPJSicyv9racDGeRqYhRxENjE1DuXG32EHRLfDSJSZ1doN2IY4gUoED206R
H+q1YhLH/bs5smfVKhPURzkz9lm4356ZytqsjEKatEgS2ueGWjpwyUxQ0Cn/dJ1W
E0y/88I5K2acPHQgG33ykzK7jCdPLiZawCMjjT659iocvUdhGAMIkBwhYfA5Ctil
khIfFrXL6W/oHGLLGoBdiEjdV4uW4bnW+kAcjZTyIAsz6TgIgYvyzLpOAVcWPbMY
wIsRaHPRk517xmu10yCkzOptmCcdLCiHs39NyeQWcRwTYQM=
-----END CERTIFICATE-----