Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/46a4cf-be6f-4077-8d4c-bca4cb51a739/1/7c1_Dh1S3CE3CzBWVVdxoF317xY.roa
File:                     7c1_Dh1S3CE3CzBWVVdxoF317xY.roa (raw, json)
Hash identifier:          t/pwgQ3DEf4mA3bZ4+CLhgDLpoMyG4sAO8JXf8iP8Rc=
Subject key identifier:   ED:CD:7F:0E:1D:52:DC:21:37:0B:30:56:55:57:71:A0:5D:F5:EF:16
Certificate issuer:       /CN=fa758fbd62c6eabaa3c9875305f207805e37cdcb
Certificate serial:       018EA35D4F28C4CFE41D2430DFEB372719B7
Authority key identifier: FA:75:8F:BD:62:C6:EA:BA:A3:C9:87:53:05:F2:07:80:5E:37:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-nWPvWLG6rqjyYdTBfIHgF43zcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/46a4cf-be6f-4077-8d4c-bca4cb51a739/1/7c1_Dh1S3CE3CzBWVVdxoF317xY.roa
Signing time:             Wed 03 Apr 2024 09:49:45 +0000
ROA not before:           Wed 03 Apr 2024 09:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200233
IP address blocks:        2a13:181::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/46a4cf-be6f-4077-8d4c-bca4cb51a739/1/1-nWPvWLG6rqjyYdTBfIHgF43zcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/46a4cf-be6f-4077-8d4c-bca4cb51a739/1/1-nWPvWLG6rqjyYdTBfIHgF43zcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-nWPvWLG6rqjyYdTBfIHgF43zcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:5d:4f:28:c4:cf:e4:1d:24:30:df:eb:37:27:19:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa758fbd62c6eabaa3c9875305f207805e37cdcb
        Validity
            Not Before: Apr  3 09:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edcd7f0e1d52dc21370b3056555771a05df5ef16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:48:99:f9:c3:ff:a7:ac:b5:65:86:ed:0d:ce:
                    ed:7e:67:92:28:7b:1a:04:6c:7f:6e:78:fc:86:ec:
                    a5:0a:ca:22:2a:59:52:f7:e6:6d:ae:83:33:f8:5b:
                    55:98:fc:7b:39:1e:f8:08:e0:12:65:28:04:e6:66:
                    6e:9c:9c:39:80:8c:a7:24:89:03:c4:69:97:f0:79:
                    1a:59:c3:4d:47:9d:d9:a3:06:ea:ea:79:4c:1b:72:
                    10:e4:f0:02:b1:2a:19:56:cd:0b:11:6c:bc:be:ab:
                    e3:71:8f:1b:65:4a:9a:e7:59:05:27:b9:8e:fc:78:
                    2e:0c:ef:d4:fb:c9:a7:0b:7d:e0:0f:59:4b:46:58:
                    ef:1c:6a:7c:af:22:4e:31:8c:f7:1f:ac:2b:3d:d5:
                    34:c8:02:54:da:7d:a3:35:e9:15:cc:27:61:34:c0:
                    a1:c3:7d:e7:91:4a:ed:e4:a0:94:05:f4:42:64:a6:
                    c7:0a:32:78:8a:63:df:eb:c0:2e:ec:99:4d:d4:53:
                    16:04:4f:5e:c5:fc:1e:cf:f2:af:a9:95:e1:8d:67:
                    43:d0:e2:69:02:7b:11:3c:2e:bb:8d:79:01:ac:e7:
                    89:52:79:9b:1a:0e:54:7d:61:37:9f:d7:55:2e:fc:
                    05:d8:a0:4d:48:12:37:57:28:36:08:76:77:3b:40:
                    83:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:CD:7F:0E:1D:52:DC:21:37:0B:30:56:55:57:71:A0:5D:F5:EF:16
            X509v3 Authority Key Identifier:
                keyid:FA:75:8F:BD:62:C6:EA:BA:A3:C9:87:53:05:F2:07:80:5E:37:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-nWPvWLG6rqjyYdTBfIHgF43zcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/46a4cf-be6f-4077-8d4c-bca4cb51a739/1/7c1_Dh1S3CE3CzBWVVdxoF317xY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/46a4cf-be6f-4077-8d4c-bca4cb51a739/1/1-nWPvWLG6rqjyYdTBfIHgF43zcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:181::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:17:98:46:36:28:ac:5e:4a:cb:a8:3a:f8:5a:29:7e:32:ab:
         4b:b8:4c:13:33:a4:e7:eb:ae:51:0e:3e:aa:cf:77:d5:cf:68:
         78:80:db:46:1d:22:30:fb:49:75:48:a8:5b:12:fb:0c:24:48:
         bc:02:8b:41:ee:81:c1:1f:50:03:75:91:0c:91:ef:ea:50:7f:
         2c:d7:36:a4:d6:25:a3:4a:dd:b4:85:d8:97:03:90:df:05:42:
         32:e4:00:9e:e1:64:56:78:32:4f:2c:59:59:61:03:3a:4a:b9:
         86:97:0b:0f:c9:2f:89:cf:50:cd:8c:eb:ce:b7:f6:93:7f:f9:
         dc:da:fb:a9:a8:dd:0c:11:01:bf:f3:0e:63:36:a8:a8:e4:df:
         bb:3a:84:cb:d7:22:dd:0d:7a:89:ef:1e:fb:e2:7d:63:47:e6:
         4c:8d:1a:7e:68:9f:c8:6d:ff:b4:24:bb:f3:ff:81:51:33:15:
         75:ca:70:50:93:f3:99:12:c7:d0:73:8d:12:18:f0:4d:d0:48:
         6c:ca:88:12:83:ef:69:18:b3:ab:ac:81:2f:58:25:6b:f0:7e:
         e9:a6:97:45:74:cd:9e:dc:69:97:bb:af:ba:71:a7:59:46:2b:
         d4:86:3c:63:11:e4:42:43:7a:1c:39:06:28:89:f9:44:e9:ec:
         3b:e7:85:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6jXU8oxM/kHSQw3+s3Jxm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNzU4ZmJkNjJjNmVhYmFhM2M5ODc1MzA1ZjIwNzgwNWUz
N2NkY2IwHhcNMjQwNDAzMDk0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGNkN2YwZTFkNTJkYzIxMzcwYjMwNTY1NTU3NzFhMDVkZjVlZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7kiZ+cP/p6y1ZYbtDc7tfmeSKHsa
BGx/bnj8huylCsoiKllS9+ZtroMz+FtVmPx7OR74COASZSgE5mZunJw5gIynJIkD
xGmX8HkaWcNNR53Zowbq6nlMG3IQ5PACsSoZVs0LEWy8vqvjcY8bZUqa51kFJ7mO
/HguDO/U+8mnC33gD1lLRljvHGp8ryJOMYz3H6wrPdU0yAJU2n2jNekVzCdhNMCh
w33nkUrt5KCUBfRCZKbHCjJ4imPf68Au7JlN1FMWBE9exfwez/KvqZXhjWdD0OJp
AnsRPC67jXkBrOeJUnmbGg5UfWE3n9dVLvwF2KBNSBI3Vyg2CHZ3O0CDDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO3Nfw4dUtwhNwswVlVXcaBd9e8WMB8GA1UdIwQY
MBaAFPp1j71ixuq6o8mHUwXyB4BeN83LMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1uV1B2V0xHNnJxanlZZFRCZklIZ0Y0M3pjcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvNDZhNGNmLWJlNmYtNDA3Ny04ZDRj
LWJjYTRjYjUxYTczOS8xLzdjMV9EaDFTM0NFM0N6QldWVmR4b0YzMTd4WS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvNDZhNGNmLWJlNmYtNDA3Ny04ZDRjLWJjYTRjYjUxYTcz
OS8xLzEtbldQdldMRzZycWp5WWRUQmZJSGdGNDN6Y3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqEwGB
MA0GCSqGSIb3DQEBCwUAA4IBAQBkF5hGNiisXkrLqDr4Wil+MqtLuEwTM6Tn665R
Dj6qz3fVz2h4gNtGHSIw+0l1SKhbEvsMJEi8AotB7oHBH1ADdZEMke/qUH8s1zak
1iWjSt20hdiXA5DfBUIy5ACe4WRWeDJPLFlZYQM6SrmGlwsPyS+Jz1DNjOvOt/aT
f/nc2vupqN0MEQG/8w5jNqio5N+7OoTL1yLdDXqJ7x774n1jR+ZMjRp+aJ/Ibf+0
JLvz/4FRMxV1ynBQk/OZEsfQc40SGPBN0EhsyogSg+9pGLOrrIEvWCVr8H7pppdF
dM2e3GmXu6+6cadZRivUhjxjEeRCQ3ocOQYoiflE6ew754Xd
-----END CERTIFICATE-----