Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/b3jK_QHCrG2UE5YGcAdiSRhNqyk.roa
File:                     b3jK_QHCrG2UE5YGcAdiSRhNqyk.roa (raw, json)
Hash identifier:          xmu0Z62Mmw6Bb6MP2WM/wV9F/tzmg+J08fR7uUEMubs=
Subject key identifier:   6F:78:CA:FD:01:C2:AC:6D:94:13:96:06:70:07:62:49:18:4D:AB:29
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       018F878840E4EEE90C6EB273B48A29DA755D
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/b3jK_QHCrG2UE5YGcAdiSRhNqyk.roa
Signing time:             Fri 17 May 2024 17:10:04 +0000
ROA not before:           Fri 17 May 2024 17:10:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198571
IP address blocks:        2a13:3f81::/32 maxlen: 32
                          2a13:3f82::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:87:88:40:e4:ee:e9:0c:6e:b2:73:b4:8a:29:da:75:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: May 17 17:10:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f78cafd01c2ac6d9413960670076249184dab29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a1:86:6b:9b:d9:28:e3:fd:aa:b7:e1:39:8b:
                    39:db:e0:9b:ce:6b:b3:37:d4:83:b8:26:d0:5a:8a:
                    98:39:63:78:c3:78:55:18:42:0d:ed:f5:e3:72:0f:
                    a0:71:eb:76:9f:a0:df:f6:13:4d:11:45:cb:57:6c:
                    0d:4b:8c:9e:56:ad:d4:45:bf:18:26:4d:05:28:92:
                    81:f4:0f:7a:0a:e8:bb:bb:81:e7:48:05:f9:c8:9a:
                    25:7c:35:5f:a3:3c:e5:c4:89:7b:db:da:38:23:ac:
                    7d:96:9b:ee:2e:77:82:91:7d:f8:94:0d:6e:43:5e:
                    35:ee:8a:39:07:a7:e1:8f:8d:66:2d:d9:ce:07:ea:
                    de:9f:e2:a2:b3:0e:81:8e:bd:96:af:f4:38:36:65:
                    44:fa:80:e2:a4:ed:41:ff:eb:9e:fe:b7:7b:eb:e7:
                    76:9f:ba:7f:23:9d:d2:96:c9:0f:33:68:05:50:ed:
                    2f:8c:cc:0a:6e:f4:0e:91:5c:c3:a2:70:2f:3a:13:
                    a6:47:c3:b1:93:7a:13:8d:b3:60:a7:85:0f:bc:d8:
                    ec:54:51:d5:70:cc:8b:57:9a:14:1b:2d:59:9e:80:
                    32:2b:3b:bf:b5:55:e6:67:52:8b:99:72:9a:62:96:
                    44:0d:85:ad:94:93:4b:9e:7c:10:28:7d:ae:17:8e:
                    e9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:78:CA:FD:01:C2:AC:6D:94:13:96:06:70:07:62:49:18:4D:AB:29
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/b3jK_QHCrG2UE5YGcAdiSRhNqyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3f81::-2a13:3f82:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7a:d2:2a:33:fd:6c:aa:61:66:51:ed:08:a2:29:2a:f8:43:d4:
         42:f4:d8:3f:57:46:ee:95:37:38:38:7f:6b:c1:10:a5:d4:cd:
         68:66:1c:2c:84:1f:ca:c9:eb:b1:40:4c:1b:80:52:ac:37:4a:
         ee:17:3d:b3:6d:41:67:00:a9:08:77:3f:b7:a3:09:b1:84:c7:
         b7:4a:c5:ef:27:50:7b:ed:cd:16:d4:f7:26:3f:e0:b0:45:23:
         a4:06:4f:df:69:c2:68:b4:39:b9:a7:22:f3:59:47:01:cb:e3:
         e7:08:cb:08:1f:36:6d:4c:86:c0:f6:07:72:65:e2:f8:87:49:
         5d:49:49:b7:06:ae:09:1f:c5:c7:e5:03:3d:c6:ca:e2:3c:66:
         93:c9:8b:ea:6d:2b:f9:e6:1b:39:e2:ad:fe:64:c7:97:01:cc:
         f2:e0:6e:2c:56:3f:90:19:06:34:bd:e2:9b:f0:4e:ad:37:dc:
         df:53:b0:c7:27:65:91:f8:fb:d0:59:14:85:65:d7:e8:9a:bf:
         7e:0d:cd:52:16:a2:f3:58:1f:02:ff:69:16:a2:82:7f:c8:18:
         63:a1:2b:ed:89:a9:fc:cd:63:0d:e0:c5:34:43:a1:f8:57:6d:
         a3:a0:fa:a9:e3:8f:35:6c:72:dd:2f:0e:e6:c6:6c:fe:e3:e0:
         76:eb:3f:43
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY+HiEDk7ukMbrJztIop2nVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjQwNTE3MTcxMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjc4Y2FmZDAxYzJhYzZkOTQxMzk2MDY3MDA3NjI0OTE4NGRhYjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6GGa5vZKOP9qrfhOYs52+Cbzmuz
N9SDuCbQWoqYOWN4w3hVGEIN7fXjcg+gcet2n6Df9hNNEUXLV2wNS4yeVq3URb8Y
Jk0FKJKB9A96Cui7u4HnSAX5yJolfDVfozzlxIl729o4I6x9lpvuLneCkX34lA1u
Q1417oo5B6fhj41mLdnOB+ren+Kisw6Bjr2Wr/Q4NmVE+oDipO1B/+ue/rd76+d2
n7p/I53SlskPM2gFUO0vjMwKbvQOkVzDonAvOhOmR8Oxk3oTjbNgp4UPvNjsVFHV
cMyLV5oUGy1ZnoAyKzu/tVXmZ1KLmXKaYpZEDYWtlJNLnnwQKH2uF47pRwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFG94yv0BwqxtlBOWBnAHYkkYTaspMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvYjNqS19RSENyRzJVRTVZR2NBZGlTUmhOcXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqEz+B
AwUAKhM/gjANBgkqhkiG9w0BAQsFAAOCAQEAetIqM/1sqmFmUe0Ioikq+EPUQvTY
P1dG7pU3ODh/a8EQpdTNaGYcLIQfysnrsUBMG4BSrDdK7hc9s21BZwCpCHc/t6MJ
sYTHt0rF7ydQe+3NFtT3Jj/gsEUjpAZP32nCaLQ5uaci81lHAcvj5wjLCB82bUyG
wPYHcmXi+IdJXUlJtwauCR/Fx+UDPcbK4jxmk8mL6m0r+eYbOeKt/mTHlwHM8uBu
LFY/kBkGNL3im/BOrTfc31Owxydlkfj70FkUhWXX6Jq/fg3NUhai81gfAv9pFqKC
f8gYY6Er7Ymp/M1jDeDFNEOh+Fdto6D6qeOPNWxy3S8O5sZs/uPgdus/Qw==
-----END CERTIFICATE-----