Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/ggQrHKs_Dp1NAlIqtr-utBTO5JM.roa
File:                     ggQrHKs_Dp1NAlIqtr-utBTO5JM.roa (raw, json)
Hash identifier:          dXqkufzflOQEsjww3aohgBgvzVkH/a897FtMA7jyVY0=
Subject key identifier:   82:04:2B:1C:AB:3F:0E:9D:4D:02:52:2A:B6:BF:AE:B4:14:CE:E4:93
Certificate issuer:       /CN=ed64691c31892cc991ad4e9a9671147759e417ab
Certificate serial:       018CC86F39610E2094002ECD778A39910CC9
Authority key identifier: ED:64:69:1C:31:89:2C:C9:91:AD:4E:9A:96:71:14:77:59:E4:17:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/ggQrHKs_Dp1NAlIqtr-utBTO5JM.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        2a13:9400::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/7WRpHDGJLMmRrU6alnEUd1nkF6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/7WRpHDGJLMmRrU6alnEUd1nkF6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:03:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:39:61:0e:20:94:00:2e:cd:77:8a:39:91:0c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed64691c31892cc991ad4e9a9671147759e417ab
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82042b1cab3f0e9d4d02522ab6bfaeb414cee493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e6:6a:cf:f0:85:6f:47:e1:97:fe:7d:12:5c:
                    3e:e5:4d:4d:58:13:02:4a:fa:f9:2c:e2:24:89:4f:
                    24:43:8f:a4:d2:f6:d0:1d:ee:b8:62:71:08:83:9b:
                    50:b6:be:59:32:93:ca:35:d5:61:4a:2e:f9:46:e2:
                    e4:81:a7:76:56:3d:83:e1:59:e5:96:c8:ba:f1:9b:
                    03:eb:b6:1f:85:0c:f9:3a:6a:2c:b9:10:ca:97:1f:
                    c7:81:e5:29:72:82:d2:e3:68:f1:95:6b:48:75:1c:
                    26:9d:a1:4a:fb:29:27:2b:11:8f:0c:13:76:ad:46:
                    48:77:6a:12:13:45:57:1c:9d:40:74:6d:b6:e8:4b:
                    7c:05:b4:a5:8a:2b:17:86:b6:bd:6e:43:3b:c0:7d:
                    f8:e6:d4:a5:2e:03:34:c1:7a:65:e3:c4:89:89:70:
                    85:ff:35:98:2f:d9:b5:86:19:3d:89:ca:2e:dc:ad:
                    e3:89:5e:2b:77:ce:5a:e8:7b:34:eb:9c:18:64:f0:
                    b9:47:fb:5d:e6:a8:c7:49:6c:d9:50:36:9b:7d:e6:
                    5f:9b:5c:08:ef:2c:3d:b2:33:b0:af:db:fd:e4:9b:
                    f2:e5:01:3b:e5:61:ee:8a:21:89:3b:5d:18:23:e7:
                    07:b7:7f:af:3f:50:62:b1:bb:f8:90:e7:ea:ad:0c:
                    65:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:04:2B:1C:AB:3F:0E:9D:4D:02:52:2A:B6:BF:AE:B4:14:CE:E4:93
            X509v3 Authority Key Identifier:
                keyid:ED:64:69:1C:31:89:2C:C9:91:AD:4E:9A:96:71:14:77:59:E4:17:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/ggQrHKs_Dp1NAlIqtr-utBTO5JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/7WRpHDGJLMmRrU6alnEUd1nkF6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9400::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:3c:66:31:3f:ae:72:08:c3:2c:05:66:4b:5e:91:50:71:a2:
         84:8e:90:5c:bb:83:fa:b4:47:52:81:8d:cd:46:c0:d6:83:ed:
         7c:a3:d8:80:3c:35:40:a5:8b:75:1d:6c:10:9b:1e:bf:49:8e:
         72:bc:12:53:92:60:09:0c:34:ea:74:65:40:13:9e:4b:e5:e1:
         d0:d7:35:c2:5d:b4:34:09:e7:2a:81:59:c2:58:b5:8f:68:03:
         9c:2d:26:4d:8f:19:81:01:bf:8d:44:2c:e6:54:1c:8a:cd:ee:
         57:3b:c3:16:dd:a6:97:d3:55:4f:26:92:0f:59:90:b6:46:4c:
         27:75:d0:a3:ef:39:8f:ed:06:07:49:cf:94:b7:0b:b0:e0:5a:
         01:51:5e:3f:78:6c:5e:81:be:76:4d:a9:e8:c9:51:f7:42:75:
         61:03:c1:f5:f4:84:c3:d7:20:83:2c:30:99:fb:d6:6a:72:65:
         5f:f0:fb:45:cf:9a:d4:df:99:8a:cb:5e:35:4e:ed:4f:e9:83:
         a4:46:a0:ba:42:d4:2a:08:cd:bf:7b:ab:36:8f:b3:c5:9c:f3:
         2b:04:f3:a9:b8:ad:45:98:f0:62:bf:a7:9a:8a:23:54:e0:9d:
         07:85:be:f5:f7:ce:16:0c:95:3c:ab:ec:41:72:63:2d:fa:7d:
         ad:50:61:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIbzlhDiCUAC7Nd4o5kQzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNjQ2OTFjMzE4OTJjYzk5MWFkNGU5YTk2NzExNDc3NTll
NDE3YWIwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjA0MmIxY2FiM2YwZTlkNGQwMjUyMmFiNmJmYWViNDE0Y2VlNDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeZqz/CFb0fhl/59Elw+5U1NWBMC
Svr5LOIkiU8kQ4+k0vbQHe64YnEIg5tQtr5ZMpPKNdVhSi75RuLkgad2Vj2D4Vnl
lsi68ZsD67YfhQz5OmosuRDKlx/HgeUpcoLS42jxlWtIdRwmnaFK+yknKxGPDBN2
rUZId2oSE0VXHJ1AdG226Et8BbSliisXhra9bkM7wH345tSlLgM0wXpl48SJiXCF
/zWYL9m1hhk9icou3K3jiV4rd85a6Hs065wYZPC5R/td5qjHSWzZUDabfeZfm1wI
7yw9sjOwr9v95Jvy5QE75WHuiiGJO10YI+cHt3+vP1Bisbv4kOfqrQxl0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIIEKxyrPw6dTQJSKra/rrQUzuSTMB8GA1UdIwQY
MBaAFO1kaRwxiSzJka1OmpZxFHdZ5BerMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1dScEhER0pMTW1SclU2YWxuRVVkMW5rRjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9mNjdkMDktODkyMy00MTUyLTk1ZjIt
N2M3ZGIyMTIzMGEzLzEvZ2dRckhLc19EcDFOQWxJcXRyLXV0QlRPNUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9mNjdkMDktODkyMy00MTUyLTk1ZjItN2M3ZGIyMTIzMGEz
LzEvN1dScEhER0pMTW1SclU2YWxuRVVkMW5rRjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOUADAN
BgkqhkiG9w0BAQsFAAOCAQEAkDxmMT+ucgjDLAVmS16RUHGihI6QXLuD+rRHUoGN
zUbA1oPtfKPYgDw1QKWLdR1sEJsev0mOcrwSU5JgCQw06nRlQBOeS+Xh0Nc1wl20
NAnnKoFZwli1j2gDnC0mTY8ZgQG/jUQs5lQcis3uVzvDFt2ml9NVTyaSD1mQtkZM
J3XQo+85j+0GB0nPlLcLsOBaAVFeP3hsXoG+dk2p6MlR90J1YQPB9fSEw9cggyww
mfvWanJlX/D7Rc+a1N+ZisteNU7tT+mDpEagukLUKgjNv3urNo+zxZzzKwTzqbit
RZjwYr+nmoojVOCdB4W+9ffOFgyVPKvsQXJjLfp9rVBhKQ==
-----END CERTIFICATE-----