Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ec5584-6618-4b12-a11c-3055cb729bcf/1/w008FFpCKKyWnX6n81SnBhdArSA.roa
File:                     w008FFpCKKyWnX6n81SnBhdArSA.roa (raw, json)
Hash identifier:          i2WouBVtg5FWSxOAGODGzRm4PVsn3xlAhSpFRCYJ1UE=
Subject key identifier:   C3:4D:3C:14:5A:42:28:AC:96:9D:7E:A7:F3:54:A7:06:17:40:AD:20
Certificate issuer:       /CN=4c3b88cdb13f3eb12a9be54ab19baa90559b396a
Certificate serial:       018CC8713C55211867473956140C167BFA32
Authority key identifier: 4C:3B:88:CD:B1:3F:3E:B1:2A:9B:E5:4A:B1:9B:AA:90:55:9B:39:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDuIzbE_PrEqm-VKsZuqkFWbOWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ec5584-6618-4b12-a11c-3055cb729bcf/1/w008FFpCKKyWnX6n81SnBhdArSA.roa
Signing time:             Tue 02 Jan 2024 04:31:53 +0000
ROA not before:           Tue 02 Jan 2024 04:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51826
IP address blocks:        2a13:a0c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ec5584-6618-4b12-a11c-3055cb729bcf/1/TDuIzbE_PrEqm-VKsZuqkFWbOWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ec5584-6618-4b12-a11c-3055cb729bcf/1/TDuIzbE_PrEqm-VKsZuqkFWbOWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDuIzbE_PrEqm-VKsZuqkFWbOWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3c:55:21:18:67:47:39:56:14:0c:16:7b:fa:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3b88cdb13f3eb12a9be54ab19baa90559b396a
        Validity
            Not Before: Jan  2 04:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c34d3c145a4228ac969d7ea7f354a7061740ad20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f1:67:1c:01:cf:13:7b:2e:a8:06:2e:c2:2a:
                    de:77:93:45:ff:83:e0:f7:dd:3f:6d:25:f6:91:34:
                    5c:7b:d8:37:ef:9d:94:3a:ef:27:08:78:63:2b:b8:
                    f3:d3:bd:9a:ab:5c:89:d3:84:fb:eb:58:01:be:26:
                    c0:d0:ed:15:12:c4:21:fb:29:23:2f:df:b2:04:55:
                    1d:f1:fc:99:77:36:3a:13:4f:2a:42:cf:38:c1:fc:
                    de:d4:d9:1a:03:b6:96:67:86:96:97:5c:f7:7c:fc:
                    66:70:fb:cf:93:0f:a9:3e:a8:e6:7a:e0:f6:ab:8f:
                    3d:95:df:fc:3e:75:3e:cf:7c:d1:e8:ed:54:fe:7b:
                    41:5f:d6:ed:94:59:d1:5f:b8:9c:e9:fb:78:7e:de:
                    cf:65:c1:d3:ee:d3:3a:ee:d6:bc:b0:83:76:90:55:
                    97:91:1d:5e:6f:fc:07:4d:5d:1b:d3:2b:84:b5:8f:
                    56:20:0f:74:ec:1c:c9:80:db:35:14:b5:4d:eb:f8:
                    dd:17:55:48:45:4a:dc:41:e6:de:61:51:b0:05:1f:
                    82:7b:fa:0b:cb:b4:ed:84:5c:d0:4f:09:0f:28:fa:
                    a0:25:ae:93:2a:bb:3d:d0:3f:ce:7c:49:6d:1e:d2:
                    19:10:78:c9:05:09:dd:dd:64:95:01:de:2d:22:b3:
                    05:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:4D:3C:14:5A:42:28:AC:96:9D:7E:A7:F3:54:A7:06:17:40:AD:20
            X509v3 Authority Key Identifier:
                keyid:4C:3B:88:CD:B1:3F:3E:B1:2A:9B:E5:4A:B1:9B:AA:90:55:9B:39:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDuIzbE_PrEqm-VKsZuqkFWbOWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ec5584-6618-4b12-a11c-3055cb729bcf/1/w008FFpCKKyWnX6n81SnBhdArSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ec5584-6618-4b12-a11c-3055cb729bcf/1/TDuIzbE_PrEqm-VKsZuqkFWbOWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:72:7e:26:b6:19:da:e8:27:94:d7:23:cd:94:de:ba:f1:08:
         62:61:72:88:8c:a3:dc:4f:6d:61:cc:df:5c:6f:f1:af:ec:b2:
         df:08:4d:04:23:8a:f8:39:2b:1b:99:51:0f:56:9e:78:17:30:
         3d:d6:e3:99:85:56:9f:53:2d:5e:fe:49:ee:2c:d0:79:fc:95:
         2f:e0:e6:b3:88:60:ec:d6:f6:eb:80:c8:37:eb:85:0d:4d:64:
         a6:f0:d0:a0:07:ae:2d:ab:3d:bb:46:52:1a:91:f3:70:b8:52:
         d8:c2:b7:37:b1:6b:3f:9d:bd:3f:0e:2c:c7:f1:ff:d0:2b:a1:
         86:b7:10:55:d0:ee:02:fb:8d:58:9c:c0:b8:97:ac:fc:8c:71:
         34:80:63:6d:21:ad:40:1f:d2:86:f5:19:ff:8c:30:f3:02:6d:
         8b:33:8a:05:a2:57:01:15:d7:4f:e0:24:98:ed:29:a7:86:4c:
         30:7f:be:72:ea:5d:19:60:09:5c:89:1b:a9:e5:8c:8b:2a:d2:
         ac:ea:d1:cd:c7:bb:fd:88:25:11:5d:69:46:3a:90:cc:17:41:
         4c:0d:76:91:15:4f:42:ec:d7:b0:ec:79:65:08:43:67:9d:c0:
         60:bd:fb:66:27:6b:75:df:cd:9e:b7:95:3d:fe:a2:49:93:d0:
         f9:4d:b8:ab
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIcTxVIRhnRzlWFAwWe/oyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjM2I4OGNkYjEzZjNlYjEyYTliZTU0YWIxOWJhYTkwNTU5
YjM5NmEwHhcNMjQwMTAyMDQzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzRkM2MxNDVhNDIyOGFjOTY5ZDdlYTdmMzU0YTcwNjE3NDBhZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvFnHAHPE3suqAYuwired5NF/4Pg
990/bSX2kTRce9g3752UOu8nCHhjK7jz072aq1yJ04T761gBvibA0O0VEsQh+ykj
L9+yBFUd8fyZdzY6E08qQs84wfze1NkaA7aWZ4aWl1z3fPxmcPvPkw+pPqjmeuD2
q489ld/8PnU+z3zR6O1U/ntBX9btlFnRX7ic6ft4ft7PZcHT7tM67ta8sIN2kFWX
kR1eb/wHTV0b0yuEtY9WIA907BzJgNs1FLVN6/jdF1VIRUrcQebeYVGwBR+Ce/oL
y7TthFzQTwkPKPqgJa6TKrs90D/OfEltHtIZEHjJBQnd3WSVAd4tIrMF8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMNNPBRaQiislp1+p/NUpwYXQK0gMB8GA1UdIwQY
MBaAFEw7iM2xPz6xKpvlSrGbqpBVmzlqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVER1SXpiRV9QckVxbS1WS3NadXFrRldiT1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9lYzU1ODQtNjYxOC00YjEyLWExMWMt
MzA1NWNiNzI5YmNmLzEvdzAwOEZGcENLS3lXblg2bjgxU25CaGRBclNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9lYzU1ODQtNjYxOC00YjEyLWExMWMtMzA1NWNiNzI5YmNm
LzEvVER1SXpiRV9QckVxbS1WS3NadXFrRldiT1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAn3J+JrYZ2ugnlNcjzZTeuvEIYmFyiIyj3E9tYczf
XG/xr+yy3whNBCOK+DkrG5lRD1aeeBcwPdbjmYVWn1MtXv5J7izQefyVL+Dms4hg
7Nb264DIN+uFDU1kpvDQoAeuLas9u0ZSGpHzcLhS2MK3N7FrP529Pw4sx/H/0Cuh
hrcQVdDuAvuNWJzAuJes/IxxNIBjbSGtQB/ShvUZ/4ww8wJtizOKBaJXARXXT+Ak
mO0pp4ZMMH++cupdGWAJXIkbqeWMiyrSrOrRzce7/YglEV1pRjqQzBdBTA12kRVP
QuzXsOx5ZQhDZ53AYL37Zidrdd/NnreVPf6iSZPQ+U24qw==
-----END CERTIFICATE-----