Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/WShFpAiezmrR6D-4iAhvtzgnjJU.roa
File:                     WShFpAiezmrR6D-4iAhvtzgnjJU.roa (raw, json)
Hash identifier:          nB1gimX0RBvWjrfPuM4uOO0LCGgCCRo1il/BhDJRR+0=
Subject key identifier:   59:28:45:A4:08:9E:CE:6A:D1:E8:3F:B8:88:08:6F:B7:38:27:8C:95
Certificate issuer:       /CN=e5aaf76d27ba812e0d5ce2305f17c53188c2580c
Certificate serial:       018CC9BC4AD416B205748C185248C0F9C1C7
Authority key identifier: E5:AA:F7:6D:27:BA:81:2E:0D:5C:E2:30:5F:17:C5:31:88:C2:58:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/WShFpAiezmrR6D-4iAhvtzgnjJU.roa
Signing time:             Tue 02 Jan 2024 10:33:29 +0000
ROA not before:           Tue 02 Jan 2024 10:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35773
IP address blocks:        2a13:d880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4a:d4:16:b2:05:74:8c:18:52:48:c0:f9:c1:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5aaf76d27ba812e0d5ce2305f17c53188c2580c
        Validity
            Not Before: Jan  2 10:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=592845a4089ece6ad1e83fb888086fb738278c95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f8:f6:1f:0d:62:62:ce:04:20:c2:9f:67:51:
                    3b:b4:69:8e:e7:e4:e5:4c:1f:08:5a:bb:0c:84:f0:
                    85:91:a7:28:f5:4e:e6:57:aa:3a:90:03:4e:50:46:
                    04:7f:4b:b9:5d:4b:23:7d:52:a2:a7:c9:e5:4e:cb:
                    d1:0e:03:49:c6:28:5e:9c:6f:4c:dc:91:62:41:70:
                    90:f5:61:ab:da:8e:a4:a5:83:1f:af:ad:6f:74:98:
                    da:3a:5a:39:2b:53:84:d7:7b:ab:d6:da:7f:a6:d3:
                    7b:f5:89:4c:55:80:2c:a4:ac:a6:62:95:80:29:f6:
                    53:bb:a6:28:3b:5f:9c:dc:e4:f9:13:ce:9d:de:6e:
                    ef:e3:01:ef:74:ef:1b:27:4b:17:b2:26:f0:00:c6:
                    37:66:ef:ed:9a:b3:57:a6:6f:1d:ea:f4:be:5c:df:
                    d1:e7:1f:75:26:bf:9c:d7:0c:7c:a2:63:7c:37:a5:
                    10:d2:87:b1:a8:1e:02:4a:3c:fe:4a:3f:44:34:a1:
                    e2:6c:7f:53:3b:3f:4c:4c:bb:04:b6:92:59:a0:5d:
                    d4:9a:a8:e9:e0:4a:6f:55:23:be:35:33:b2:df:40:
                    25:77:4d:61:20:f8:83:4e:ae:67:5d:65:ea:8d:1e:
                    05:8a:b8:96:27:b9:72:2f:1d:32:05:eb:dd:75:0e:
                    3d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:28:45:A4:08:9E:CE:6A:D1:E8:3F:B8:88:08:6F:B7:38:27:8C:95
            X509v3 Authority Key Identifier:
                keyid:E5:AA:F7:6D:27:BA:81:2E:0D:5C:E2:30:5F:17:C5:31:88:C2:58:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/WShFpAiezmrR6D-4iAhvtzgnjJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:0b:7f:28:26:f9:f7:c4:c1:1b:02:ad:6a:b9:2a:79:55:47:
         7c:1b:70:c0:26:87:d0:79:80:86:12:1d:62:ad:5c:b6:fc:c5:
         a0:58:88:32:c4:61:94:f3:82:3c:3c:74:bf:4a:25:e8:b1:eb:
         ee:18:2e:aa:d0:15:d6:2f:da:d2:e4:ce:93:78:87:4f:9a:73:
         b4:94:76:29:ec:be:07:26:58:6d:ae:d8:f7:a1:c6:bd:a1:e4:
         3b:28:c4:12:5e:af:de:16:e1:bd:87:9d:a2:eb:39:cc:9b:0c:
         33:d4:4a:7f:15:6b:33:c1:80:bb:2d:1b:c3:64:19:42:fe:32:
         aa:42:04:ce:72:26:0e:c2:44:31:82:be:a0:7d:16:3e:c9:dd:
         60:8e:d0:d7:67:87:0e:cf:e0:ec:30:14:a5:87:10:be:26:d9:
         75:d5:3f:79:b5:25:4c:ee:cb:c6:b4:32:88:d6:46:52:ea:0d:
         98:d8:e7:1c:47:7c:91:b4:4a:61:91:49:55:82:1c:d9:81:8c:
         6b:a1:c6:73:2e:52:3c:fc:28:0f:e4:48:d1:c8:a6:a0:9a:46:
         5d:20:5d:ee:1c:97:d1:36:9d:4a:e0:9a:31:fa:31:ad:58:ee:
         99:5c:ff:66:10:20:0b:4b:60:8c:8b:6f:ca:41:a7:af:4c:7e:
         87:86:57:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvErUFrIFdIwYUkjA+cHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YWFmNzZkMjdiYTgxMmUwZDVjZTIzMDVmMTdjNTMxODhj
MjU4MGMwHhcNMjQwMTAyMTAzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTI4NDVhNDA4OWVjZTZhZDFlODNmYjg4ODA4NmZiNzM4Mjc4Yzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvj2Hw1iYs4EIMKfZ1E7tGmO5+Tl
TB8IWrsMhPCFkaco9U7mV6o6kANOUEYEf0u5XUsjfVKip8nlTsvRDgNJxihenG9M
3JFiQXCQ9WGr2o6kpYMfr61vdJjaOlo5K1OE13ur1tp/ptN79YlMVYAspKymYpWA
KfZTu6YoO1+c3OT5E86d3m7v4wHvdO8bJ0sXsibwAMY3Zu/tmrNXpm8d6vS+XN/R
5x91Jr+c1wx8omN8N6UQ0oexqB4CSjz+Sj9ENKHibH9TOz9MTLsEtpJZoF3Umqjp
4EpvVSO+NTOy30Ald01hIPiDTq5nXWXqjR4FiriWJ7lyLx0yBevddQ49EwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFkoRaQIns5q0eg/uIgIb7c4J4yVMB8GA1UdIwQY
MBaAFOWq920nuoEuDVziMF8XxTGIwlgMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFyM2JTZTZnUzROWE9Jd1h4ZkZNWWpDV0F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85ZjUyMjMtYTU2Yy00NjViLWFjNjUt
ZmQxNTJhNmEwNTg3LzEvV1NoRnBBaWV6bXJSNkQtNGlBaHZ0emduakpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85ZjUyMjMtYTU2Yy00NjViLWFjNjUtZmQxNTJhNmEwNTg3
LzEvNWFyM2JTZTZnUzROWE9Jd1h4ZkZNWWpDV0F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPYgDAN
BgkqhkiG9w0BAQsFAAOCAQEAEgt/KCb598TBGwKtarkqeVVHfBtwwCaH0HmAhhId
Yq1ctvzFoFiIMsRhlPOCPDx0v0ol6LHr7hguqtAV1i/a0uTOk3iHT5pztJR2Key+
ByZYba7Y96HGvaHkOyjEEl6v3hbhvYedous5zJsMM9RKfxVrM8GAuy0bw2QZQv4y
qkIEznImDsJEMYK+oH0WPsndYI7Q12eHDs/g7DAUpYcQvibZddU/ebUlTO7LxrQy
iNZGUuoNmNjnHEd8kbRKYZFJVYIc2YGMa6HGcy5SPPwoD+RI0cimoJpGXSBd7hyX
0TadSuCaMfoxrVjumVz/ZhAgC0tgjItvykGnr0x+h4ZX6Q==
-----END CERTIFICATE-----