Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/670LHTaLRHc6gsL39yG_MEe5nTo.roa
File:                     670LHTaLRHc6gsL39yG_MEe5nTo.roa (raw, json)
Hash identifier:          uYnPDCklJbTgby3MqnDNy/LJDgRS1VJculIO83850mo=
Subject key identifier:   EB:BD:0B:1D:36:8B:44:77:3A:82:C2:F7:F7:21:BF:30:47:B9:9D:3A
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB652F8ECFE62992E247CAE820B145
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/670LHTaLRHc6gsL39yG_MEe5nTo.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        2a13:3884::/30 maxlen: 30
                          2a11:5780::/30 maxlen: 30
                          2a11:5784::/30 maxlen: 30
                          2a13:3880::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 00:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:65:2f:8e:cf:e6:29:92:e2:47:ca:e8:20:b1:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebbd0b1d368b44773a82c2f7f721bf3047b99d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ad:84:e6:a4:23:9d:ca:66:fe:ce:4c:a1:07:
                    28:8e:fb:0b:57:b2:39:26:a4:9d:f4:6f:f1:b3:74:
                    c9:aa:41:4b:d9:9d:89:59:bc:d1:76:f3:73:63:2a:
                    cf:7e:d1:af:1b:59:0d:ef:fb:ef:ef:f0:9d:f2:74:
                    9c:ff:bd:a6:45:a4:e6:7f:8d:2b:98:81:d6:1a:64:
                    fa:83:88:9b:13:9d:96:82:ee:0a:d7:e2:f0:94:59:
                    07:be:13:45:a6:92:11:aa:f9:a2:dd:a4:ab:4f:15:
                    d7:58:5e:5b:7d:12:ab:a2:83:76:bb:6c:9c:20:88:
                    13:3f:4e:21:fa:8b:5e:0d:a6:7c:17:9b:64:3c:4b:
                    87:86:1d:17:f4:aa:6c:86:0f:38:dc:b6:d0:8f:d9:
                    8d:fb:82:81:65:f0:55:be:35:c9:d7:a0:43:da:1c:
                    79:a5:9e:d9:99:44:b1:ba:90:eb:ec:b8:b0:ac:6c:
                    85:05:43:25:16:7f:4a:45:87:12:55:ed:a6:03:63:
                    05:cd:59:aa:8a:e3:9c:66:4b:d2:20:3d:ee:5b:a3:
                    f0:47:32:f2:a6:16:4e:b0:d4:4d:60:56:6e:19:02:
                    ab:76:6d:7c:7b:99:12:e1:1a:21:4b:ad:c7:52:6f:
                    25:49:51:ab:fc:f6:f7:93:d6:a3:1c:d7:2c:00:61:
                    06:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:BD:0B:1D:36:8B:44:77:3A:82:C2:F7:F7:21:BF:30:47:B9:9D:3A
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/670LHTaLRHc6gsL39yG_MEe5nTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5780::/29
                  2a13:3880::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:2f:8b:65:c9:41:1a:7a:32:28:d2:b7:36:8b:e9:63:e7:db:
         a9:ec:21:ea:c9:91:f0:0d:dd:5b:b7:6b:22:9f:cb:3a:b4:11:
         f2:7a:c3:a0:66:f3:58:c0:57:4f:9b:4a:01:68:33:5f:2b:12:
         dc:f0:93:8a:4f:58:bd:8f:f3:ab:59:b4:c9:87:04:e8:fe:68:
         0c:40:08:70:cf:d9:15:86:3c:a8:b9:c4:cb:44:74:4d:d7:5b:
         b0:ea:52:36:68:cd:7f:34:62:71:93:22:6a:cc:b4:38:8c:b6:
         cb:82:dd:a5:3c:39:61:46:d4:93:32:3d:05:1e:bc:fe:6e:58:
         6a:39:fb:13:9e:c0:bc:b9:b7:f3:4d:18:53:0c:57:7a:90:9a:
         14:2f:6a:d0:77:9a:da:66:fc:69:ce:42:19:af:3f:39:36:47:
         a1:08:f5:a7:a3:c1:78:e3:61:00:66:b8:ae:8a:93:65:3b:ab:
         e2:5a:d0:b6:b2:7b:5e:b7:22:e6:35:bd:48:a1:ba:1d:7c:48:
         0b:fc:35:9a:60:4a:24:8b:53:c6:d7:a1:d3:21:04:a8:2a:54:
         91:8b:e1:8c:ae:e6:d0:15:1c:78:22:ba:92:8c:c9:72:57:fb:
         a4:e4:f5:74:08:08:75:ae:32:bb:20:be:d6:e5:cf:87:c2:69:
         32:9a:7a:7e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC22Uvjs/mKZLiR8roILFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmJkMGIxZDM2OGI0NDc3M2E4MmMyZjdmNzIxYmYzMDQ3Yjk5ZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjK2E5qQjncpm/s5MoQcojvsLV7I5
JqSd9G/xs3TJqkFL2Z2JWbzRdvNzYyrPftGvG1kN7/vv7/Cd8nSc/72mRaTmf40r
mIHWGmT6g4ibE52Wgu4K1+LwlFkHvhNFppIRqvmi3aSrTxXXWF5bfRKrooN2u2yc
IIgTP04h+oteDaZ8F5tkPEuHhh0X9Kpshg843LbQj9mN+4KBZfBVvjXJ16BD2hx5
pZ7ZmUSxupDr7LiwrGyFBUMlFn9KRYcSVe2mA2MFzVmqiuOcZkvSID3uW6PwRzLy
phZOsNRNYFZuGQKrdm18e5kS4RohS63HUm8lSVGr/Pb3k9ajHNcsAGEGNQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOu9Cx02i0R3OoLC9/chvzBHuZ06MB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvNjcwTEhUYUxSSGM2Z3NMMzl5R19NRWU1blRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhFXgAMF
AyoTOIAwDQYJKoZIhvcNAQELBQADggEBAEYvi2XJQRp6MijStzaL6WPn26nsIerJ
kfAN3Vu3ayKfyzq0EfJ6w6Bm81jAV0+bSgFoM18rEtzwk4pPWL2P86tZtMmHBOj+
aAxACHDP2RWGPKi5xMtEdE3XW7DqUjZozX80YnGTImrMtDiMtsuC3aU8OWFG1JMy
PQUevP5uWGo5+xOewLy5t/NNGFMMV3qQmhQvatB3mtpm/GnOQhmvPzk2R6EI9aej
wXjjYQBmuK6Kk2U7q+Ja0Laye163IuY1vUihuh18SAv8NZpgSiSLU8bXodMhBKgq
VJGL4Yyu5tAVHHgiupKMyXJX+6Tk9XQICHWuMrsgvtblz4fCaTKaen4=
-----END CERTIFICATE-----