Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/X37TwGH5fbJzQzBKuCmw6OeyX7c.roa
File:                     X37TwGH5fbJzQzBKuCmw6OeyX7c.roa (raw, json)
Hash identifier:          s8v8/RjTjw0yGf+sAryIWemgypZC/5M4WFBAg17az2o=
Subject key identifier:   5F:7E:D3:C0:61:F9:7D:B2:73:43:30:4A:B8:29:B0:E8:E7:B2:5F:B7
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       018D69D0EC8CDAA1AD2091CB61CFADB6E813
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/X37TwGH5fbJzQzBKuCmw6OeyX7c.roa
Signing time:             Fri 02 Feb 2024 12:35:16 +0000
ROA not before:           Fri 02 Feb 2024 12:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        2a13:97c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:d0:ec:8c:da:a1:ad:20:91:cb:61:cf:ad:b6:e8:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Feb  2 12:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f7ed3c061f97db27343304ab829b0e8e7b25fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7b:b7:a3:de:d4:de:e2:42:3c:2e:a8:3f:54:
                    d3:58:25:f1:f9:5b:a3:ee:b5:71:73:a9:1c:07:27:
                    e4:51:42:57:d2:7a:12:69:96:e7:97:33:9f:67:1e:
                    01:85:58:f2:fc:7e:7b:ba:31:6e:5d:34:08:ed:f9:
                    28:b3:ed:3c:8e:51:5e:bb:5e:29:80:18:4a:fd:f4:
                    75:79:da:fd:1c:e8:fc:97:64:33:f5:73:02:b3:8e:
                    c1:9d:e8:07:69:bb:54:60:4e:a8:09:4b:2e:89:c4:
                    63:56:f4:62:6f:97:1b:e5:f7:c4:33:70:e7:a9:99:
                    f5:20:1d:4d:c0:0e:13:df:5e:f6:94:97:46:2f:c5:
                    63:4e:69:a7:0d:f5:77:2b:eb:f8:98:cc:85:0e:5c:
                    19:35:7d:5b:f4:a1:96:4f:1b:92:7e:d0:23:7a:d2:
                    b3:d8:4a:8b:8d:59:f5:b5:f2:f9:cd:b6:eb:24:53:
                    16:79:cf:d5:0f:0f:52:18:85:7a:49:85:43:25:3d:
                    77:36:58:a0:9d:e5:f1:ff:44:ed:48:41:53:91:23:
                    dd:69:f1:6e:95:95:14:31:67:81:5a:1f:ac:69:3d:
                    c8:3c:91:69:0b:d7:e9:1e:08:a2:ef:b2:8f:b5:c4:
                    40:24:d8:3e:6b:58:15:3f:f2:0d:c7:a9:71:0d:f6:
                    67:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:7E:D3:C0:61:F9:7D:B2:73:43:30:4A:B8:29:B0:E8:E7:B2:5F:B7
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/X37TwGH5fbJzQzBKuCmw6OeyX7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:97c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:fb:a6:7a:1b:68:86:c7:e8:c5:64:fe:a5:98:15:cc:6f:81:
         1e:fb:eb:6b:4d:64:9f:45:c1:29:11:cf:60:41:41:65:de:20:
         6b:f5:d5:53:a4:98:f7:70:c6:ce:32:94:7f:69:b7:b9:e2:fc:
         0e:ed:62:16:75:1e:0c:8a:25:c4:00:07:aa:a6:1d:0a:4d:4a:
         3a:b1:9a:11:d7:e5:e8:43:76:cf:a9:6a:ec:6a:b3:d2:54:3f:
         7b:60:26:9a:15:cb:1a:fd:82:30:a1:a5:fe:74:37:14:5b:f0:
         a7:cb:76:ed:08:34:20:e2:8c:fa:1a:55:af:ce:11:51:6e:00:
         06:02:22:4c:ca:68:13:c6:e7:d2:3c:78:a4:d6:b0:22:d6:88:
         c8:87:86:78:d1:7b:4d:1a:c0:63:30:b1:fc:e8:14:84:8b:08:
         84:7e:6b:f9:a7:95:20:b0:46:b8:53:d4:c7:a6:57:64:9f:ba:
         d2:48:88:69:70:d3:66:6e:ee:27:1f:6c:81:e3:1b:2a:08:2a:
         a4:be:04:42:0b:2f:e4:45:53:5c:f7:1e:b5:97:c3:44:b6:b7:
         fc:ff:12:64:4d:d5:50:74:c1:14:94:d3:3e:0e:b7:d6:66:55:
         55:db:1d:7e:e1:d6:49:c7:38:5d:5f:a5:7e:bc:12:db:8a:82:
         f0:7e:0d:3e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY1p0OyM2qGtIJHLYc+ttugTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjQwMjAyMTIzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjdlZDNjMDYxZjk3ZGIyNzM0MzMwNGFiODI5YjBlOGU3YjI1ZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXu3o97U3uJCPC6oP1TTWCXx+Vuj
7rVxc6kcByfkUUJX0noSaZbnlzOfZx4BhVjy/H57ujFuXTQI7fkos+08jlFeu14p
gBhK/fR1edr9HOj8l2Qz9XMCs47BnegHabtUYE6oCUsuicRjVvRib5cb5ffEM3Dn
qZn1IB1NwA4T3172lJdGL8VjTmmnDfV3K+v4mMyFDlwZNX1b9KGWTxuSftAjetKz
2EqLjVn1tfL5zbbrJFMWec/VDw9SGIV6SYVDJT13NligneXx/0TtSEFTkSPdafFu
lZUUMWeBWh+saT3IPJFpC9fpHgii77KPtcRAJNg+a1gVP/INx6lxDfZnVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF9+08Bh+X2yc0MwSrgpsOjnsl+3MB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvWDM3VHdHSDVmYkp6UXpCS3VDbXc2T2V5WDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOXwDAN
BgkqhkiG9w0BAQsFAAOCAQEAc/umehtohsfoxWT+pZgVzG+BHvvra01kn0XBKRHP
YEFBZd4ga/XVU6SY93DGzjKUf2m3ueL8Du1iFnUeDIolxAAHqqYdCk1KOrGaEdfl
6EN2z6lq7Gqz0lQ/e2AmmhXLGv2CMKGl/nQ3FFvwp8t27Qg0IOKM+hpVr84RUW4A
BgIiTMpoE8bn0jx4pNawItaIyIeGeNF7TRrAYzCx/OgUhIsIhH5r+aeVILBGuFPU
x6ZXZJ+60kiIaXDTZm7uJx9sgeMbKggqpL4EQgsv5EVTXPcetZfDRLa3/P8SZE3V
UHTBFJTTPg631mZVVdsdfuHWScc4XV+lfrwS24qC8H4NPg==
-----END CERTIFICATE-----