Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/6to8-rJKMGdwbJNcgECuCE7KVWU.roa
File:                     6to8-rJKMGdwbJNcgECuCE7KVWU.roa (raw, json)
Hash identifier:          d6OFCpb6lyht9RjtikIWE4bVfP//2nAdpLItiVvYHJ8=
Subject key identifier:   EA:DA:3C:FA:B2:4A:30:67:70:6C:93:5C:80:40:AE:08:4E:CA:55:65
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       0190EEEA3FE297B3622A4C9A2732E5E61BFC
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/6to8-rJKMGdwbJNcgECuCE7KVWU.roa
Signing time:             Fri 26 Jul 2024 12:00:47 +0000
ROA not before:           Fri 26 Jul 2024 12:00:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136787
IP address blocks:        2a13:240:8888::/48 maxlen: 48
                          2a13:240:9999::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 17 Nov 2024 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:ea:3f:e2:97:b3:62:2a:4c:9a:27:32:e5:e6:1b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Jul 26 12:00:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eada3cfab24a3067706c935c8040ae084eca5565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:af:1e:f7:3d:fb:86:76:6c:75:63:9d:8b:7e:
                    03:d3:08:3e:9f:1e:ce:f8:5f:d2:17:be:37:9a:88:
                    d4:68:74:c6:92:be:b9:4c:b3:99:6f:70:7a:89:a9:
                    f1:12:99:94:e2:59:e9:d6:29:0f:f1:d1:3c:db:2d:
                    05:4f:a6:49:09:87:3a:55:ad:cd:7d:6a:91:94:14:
                    92:6e:8a:cf:9b:28:94:d7:f1:f7:26:d5:ef:81:2c:
                    cc:48:64:b0:ce:0f:28:96:99:3b:44:cb:d4:d7:2a:
                    da:85:e9:90:38:1e:3e:4f:2a:73:ae:eb:49:63:94:
                    c7:f9:c7:52:a6:c6:ec:c1:3e:c8:cd:00:d9:ce:ef:
                    e8:bc:17:59:12:af:5e:05:be:85:cb:86:40:ec:a6:
                    dc:5e:a6:39:84:1d:e7:38:08:67:62:69:5d:29:9d:
                    8a:3f:fa:98:bd:ff:98:78:3d:34:9a:1e:2d:23:0b:
                    3a:33:1b:53:61:1e:bf:5f:1b:a1:d4:68:75:e6:3d:
                    e6:6a:c5:64:8e:02:4f:dd:b3:d0:f3:cc:0f:4e:39:
                    d1:bd:3b:34:e8:18:73:76:21:0b:7e:62:5b:ed:66:
                    34:05:71:62:2f:c6:a0:f2:be:3e:23:bf:f1:2e:00:
                    5c:af:47:aa:e9:3c:87:66:36:34:63:56:5e:b8:ab:
                    e4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:DA:3C:FA:B2:4A:30:67:70:6C:93:5C:80:40:AE:08:4E:CA:55:65
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/6to8-rJKMGdwbJNcgECuCE7KVWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240:8888::/48
                  2a13:240:9999::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:6a:eb:cf:b6:ed:bd:cc:28:61:46:d6:6e:4f:3f:ef:04:8c:
         54:e9:1a:e4:17:e4:1c:fb:79:79:a5:e3:35:e9:1b:68:bd:8c:
         dc:60:e4:37:26:39:f7:ed:5c:da:3d:7e:ea:6b:ae:52:90:87:
         8d:cd:1d:34:27:c5:62:3c:91:90:71:24:31:91:15:db:5d:06:
         0d:7d:e9:8b:38:80:08:3c:fa:a9:a6:8f:b8:6f:b4:cd:11:c6:
         99:d8:2c:a8:6f:07:a7:e9:62:4a:5b:c0:9c:46:3f:49:6b:f3:
         1f:19:72:db:32:c1:97:2f:17:24:07:66:37:e4:e4:7a:68:4b:
         5f:1a:ff:cd:13:3a:2a:de:fd:89:a1:99:95:fe:c1:47:c9:20:
         a5:a0:ec:bd:86:5a:cd:e9:94:e1:98:05:cb:4c:13:0f:45:12:
         45:5e:95:3b:e5:3c:c2:01:c6:31:2c:21:5c:8e:0b:a5:f2:e3:
         bd:05:41:dd:0c:87:2c:c8:95:91:58:13:f7:cc:50:f3:00:3e:
         f7:57:97:41:86:b3:f3:b2:2c:1e:61:c5:1c:08:8c:d1:73:cc:
         29:b8:85:0a:ab:d1:01:bc:75:73:ca:0d:52:27:a6:2d:84:ad:
         eb:6d:e2:38:49:1a:c4:1b:b0:c8:53:0e:55:35:b2:e1:f3:86:
         2e:f8:02:a0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZDu6j/il7NiKkyaJzLl5hv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjQwNzI2MTIwMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWRhM2NmYWIyNGEzMDY3NzA2YzkzNWM4MDQwYWUwODRlY2E1NTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAia8e9z37hnZsdWOdi34D0wg+nx7O
+F/SF743mojUaHTGkr65TLOZb3B6ianxEpmU4lnp1ikP8dE82y0FT6ZJCYc6Va3N
fWqRlBSSborPmyiU1/H3JtXvgSzMSGSwzg8olpk7RMvU1yrahemQOB4+TypzrutJ
Y5TH+cdSpsbswT7IzQDZzu/ovBdZEq9eBb6Fy4ZA7KbcXqY5hB3nOAhnYmldKZ2K
P/qYvf+YeD00mh4tIws6MxtTYR6/Xxuh1Gh15j3masVkjgJP3bPQ88wPTjnRvTs0
6BhzdiELfmJb7WY0BXFiL8ag8r4+I7/xLgBcr0eq6TyHZjY0Y1ZeuKvkIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOraPPqySjBncGyTXIBArghOylVlMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvNnRvOC1ySktNR2R3YkpOY2dFQ3VDRTdLVldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhMCQIiI
AwcAKhMCQJmZMA0GCSqGSIb3DQEBCwUAA4IBAQCyauvPtu29zChhRtZuTz/vBIxU
6RrkF+Qc+3l5peM16RtovYzcYOQ3Jjn37VzaPX7qa65SkIeNzR00J8ViPJGQcSQx
kRXbXQYNfemLOIAIPPqppo+4b7TNEcaZ2Cyobwen6WJKW8CcRj9Ja/MfGXLbMsGX
LxckB2Y35OR6aEtfGv/NEzoq3v2JoZmV/sFHySCloOy9hlrN6ZThmAXLTBMPRRJF
XpU75TzCAcYxLCFcjgul8uO9BUHdDIcsyJWRWBP3zFDzAD73V5dBhrPzsiweYcUc
CIzRc8wpuIUKq9EBvHVzyg1SJ6YthK3rbeI4SRrEG7DIUw5VNbLh84Yu+AKg
-----END CERTIFICATE-----