Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/sQFx683CxXcR28flVAkjdjE5umQ.roa
File:                     sQFx683CxXcR28flVAkjdjE5umQ.roa (raw, json)
Hash identifier:          3XN6F/x8ISkS/WzsFnBdacVAQiUEtXBTdwgbPUNPxXA=
Subject key identifier:   B1:01:71:EB:CD:C2:C5:77:11:DB:C7:E5:54:09:23:76:31:39:BA:64
Certificate issuer:       /CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
Certificate serial:       018CCA29F89FE8B76402D196316628BAAF3B
Authority key identifier: 7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/sQFx683CxXcR28flVAkjdjE5umQ.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200056
IP address blocks:        2a13:79c7:1700::/40 maxlen: 48
                          2a13:79c7:17a0::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f8:9f:e8:b7:64:02:d1:96:31:66:28:ba:af:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b10171ebcdc2c57711dbc7e5540923763139ba64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:42:c2:66:4d:8b:f6:b3:1d:54:d2:25:b5:98:
                    64:e3:c8:f0:5c:33:5f:e7:df:a3:81:c2:b3:27:07:
                    11:9b:39:7e:d3:60:10:6d:8e:2e:53:39:98:5c:ca:
                    31:8f:d3:5f:fd:51:4f:d3:ff:df:55:f2:d2:a0:6f:
                    44:34:f3:0a:f8:d2:0e:62:43:9d:07:17:ec:ef:2e:
                    d4:af:8b:c3:6a:03:1b:a4:1c:a2:52:bb:32:7e:5b:
                    a9:58:2e:1d:03:5c:84:04:7d:6f:90:69:be:2c:67:
                    15:8a:93:c0:10:1d:67:d6:28:21:9c:4f:ae:ac:90:
                    7c:53:dd:22:45:5c:b7:0b:24:a0:46:c8:32:1e:59:
                    18:96:3a:e2:4f:a9:9a:9e:2d:66:7b:df:0b:45:56:
                    a1:bc:f7:28:50:35:1a:2a:88:c6:05:ed:76:b0:00:
                    93:0c:df:9a:6b:8a:5d:42:9d:5b:c4:71:cc:15:96:
                    32:4e:19:c2:60:ce:da:38:48:91:7a:b1:4d:85:30:
                    84:c3:8c:b2:5b:f9:a3:b1:28:04:67:15:97:20:82:
                    e8:f2:75:c0:77:db:53:52:ca:f2:48:f1:26:ca:b4:
                    ca:d2:7c:34:06:f5:82:c9:54:02:2e:ab:05:f4:66:
                    50:91:18:49:cb:14:e8:38:ce:e8:97:c9:dd:d1:36:
                    c1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:01:71:EB:CD:C2:C5:77:11:DB:C7:E5:54:09:23:76:31:39:BA:64
            X509v3 Authority Key Identifier:
                keyid:7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/sQFx683CxXcR28flVAkjdjE5umQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:79c7:1700::/40

    Signature Algorithm: sha256WithRSAEncryption
         47:11:5b:db:1d:8a:2c:ee:b4:43:83:76:fc:d4:3d:25:0a:38:
         d5:61:6e:6a:dd:2b:89:eb:e9:7c:15:23:c3:e2:af:5a:e2:b5:
         8e:4b:b2:ad:23:9b:bb:2b:d5:c8:d7:4e:0d:49:96:15:6f:5d:
         02:47:d7:35:c8:09:a7:ab:5c:06:a4:1f:63:28:a8:b7:af:dc:
         9a:fd:82:1c:0f:32:71:04:f3:5f:57:67:57:64:9a:77:f4:2a:
         18:e1:7f:ad:a1:3f:82:25:d7:c1:38:0c:f2:d2:26:f0:95:7f:
         a5:f3:ee:93:c1:ee:93:d3:4a:37:43:16:5f:cc:5f:c0:02:4a:
         fe:a5:0b:61:39:68:cc:d8:33:73:54:73:51:9e:70:cb:3d:ad:
         9b:95:40:38:f7:b1:47:11:a2:74:68:61:ea:7c:3e:e6:d7:49:
         ff:5e:13:f9:df:aa:4b:bc:3a:10:86:e7:9f:c0:83:ff:bd:f9:
         49:32:e4:a8:e5:a0:fb:60:be:57:48:a8:8a:60:8b:76:44:53:
         0c:a8:a1:8f:35:10:4c:ef:ae:aa:1a:76:87:55:9d:ed:77:bf:
         cd:1e:51:6b:85:68:b0:f3:ba:f1:ee:d7:ea:79:f9:b3:e2:63:
         88:d9:b5:f9:6d:30:ab:e5:78:dd:7d:e9:53:d6:c8:eb:7d:d3:
         7b:34:86:53
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKfif6LdkAtGWMWYouq87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOTY1ZWE2YjM5YzIyYWVjMmFkMmQ0ZDRjMGEzYTMxM2Rm
MWRlZmEwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTAxNzFlYmNkYzJjNTc3MTFkYmM3ZTU1NDA5MjM3NjMxMzliYTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjELCZk2L9rMdVNIltZhk48jwXDNf
59+jgcKzJwcRmzl+02AQbY4uUzmYXMoxj9Nf/VFP0//fVfLSoG9ENPMK+NIOYkOd
Bxfs7y7Ur4vDagMbpByiUrsyflupWC4dA1yEBH1vkGm+LGcVipPAEB1n1ighnE+u
rJB8U90iRVy3CySgRsgyHlkYljriT6mani1me98LRVahvPcoUDUaKojGBe12sACT
DN+aa4pdQp1bxHHMFZYyThnCYM7aOEiRerFNhTCEw4yyW/mjsSgEZxWXIILo8nXA
d9tTUsrySPEmyrTK0nw0BvWCyVQCLqsF9GZQkRhJyxToOM7ol8nd0TbBWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLEBcevNwsV3EdvH5VQJI3YxObpkMB8GA1UdIwQY
MBaAFH2WXqaznCKuwq0tTUwKOjE98d76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjct
MzJmNWE5NTA3NzMxLzEvc1FGeDY4M0N4WGNSMjhmbFZBa2pkakU1dW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjctMzJmNWE5NTA3NzMx
LzEvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhN5xxcw
DQYJKoZIhvcNAQELBQADggEBAEcRW9sdiizutEODdvzUPSUKONVhbmrdK4nr6XwV
I8Pir1ritY5Lsq0jm7sr1cjXTg1JlhVvXQJH1zXICaerXAakH2MoqLev3Jr9ghwP
MnEE819XZ1dkmnf0Khjhf62hP4Il18E4DPLSJvCVf6Xz7pPB7pPTSjdDFl/MX8AC
Sv6lC2E5aMzYM3NUc1GecMs9rZuVQDj3sUcRonRoYep8PubXSf9eE/nfqku8OhCG
55/Ag/+9+Uky5KjloPtgvldIqIpgi3ZEUwyooY81EEzvrqoadodVne13v80eUWuF
aLDzuvHu1+p5+bPiY4jZtfltMKvleN196VPWyOt903s0hlM=
-----END CERTIFICATE-----