Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/7pPa5Xh8PW297wWLLi9UYAYU7vg.roa
File:                     7pPa5Xh8PW297wWLLi9UYAYU7vg.roa (raw, json)
Hash identifier:          R+ihgl+yjmP3xJ54QDDB+r1oJt513HLffhVvEeCikUQ=
Subject key identifier:   EE:93:DA:E5:78:7C:3D:6D:BD:EF:05:8B:2E:2F:54:60:06:14:EE:F8
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B73D225000F883EFD12D3CACB2242B
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/7pPa5Xh8PW297wWLLi9UYAYU7vg.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202939
IP address blocks:        2a13:b487:1700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3d:22:50:00:f8:83:ef:d1:2d:3c:ac:b2:24:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee93dae5787c3d6dbdef058b2e2f54600614eef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ef:96:53:c3:84:97:0b:17:a5:6e:85:9e:a7:
                    9f:bc:db:e7:bb:e7:c6:78:59:cb:f1:92:32:c9:5b:
                    47:75:44:8c:34:86:23:d8:66:92:f4:bc:c2:df:9c:
                    67:ba:21:96:6f:d7:92:b1:b6:86:23:1d:d7:8b:96:
                    4f:76:49:54:d7:c5:fd:51:81:eb:14:a2:e4:d7:45:
                    9c:35:91:6a:84:8a:a8:ec:2e:4e:0a:6d:41:3a:d0:
                    8a:f5:e8:15:52:6b:a0:f8:6e:91:0a:11:cb:d6:79:
                    68:25:1a:3e:7c:c7:6b:a2:de:05:4d:6b:a0:e7:74:
                    0a:aa:c1:40:4a:fc:41:ba:77:da:d0:4f:84:cc:f6:
                    f1:92:90:7b:e7:10:22:54:a0:c0:e8:2f:50:4f:8f:
                    ea:cf:bb:31:85:14:fc:3c:40:b0:dc:78:1f:a1:f5:
                    79:db:b1:92:62:14:cf:42:0b:54:41:c2:fb:5f:77:
                    2b:07:d4:ab:e2:9b:48:c0:44:28:66:a0:6d:d7:00:
                    93:ad:0f:47:50:58:15:ce:54:eb:9c:f6:59:37:ad:
                    72:55:b4:9a:b7:5a:a2:77:82:ed:fd:08:f6:25:4b:
                    91:f4:f5:9b:ca:3f:97:48:4f:dc:23:07:34:87:13:
                    e3:eb:48:70:5e:e3:5e:5a:ab:c4:97:66:17:71:7b:
                    21:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:93:DA:E5:78:7C:3D:6D:BD:EF:05:8B:2E:2F:54:60:06:14:EE:F8
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/7pPa5Xh8PW297wWLLi9UYAYU7vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1700::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:ca:f6:c9:3f:fb:f7:a4:22:78:15:08:c3:9e:76:64:42:5f:
         d4:98:bc:fe:30:ad:a1:41:f2:4f:fe:1f:5a:8d:7e:91:4c:6e:
         02:ce:e1:56:25:dc:1a:84:53:47:b3:6c:64:1c:a3:90:3d:83:
         ef:0f:36:f8:86:82:4c:a0:0c:92:8e:e0:a8:f9:f1:33:e9:8e:
         26:bc:1a:71:41:8e:4c:f1:b5:ee:af:7e:b0:e7:cd:11:63:23:
         c1:b7:da:72:f7:60:d2:dd:09:24:8c:38:11:23:28:e5:25:98:
         5f:8b:e5:a3:72:90:c2:f5:b2:11:8b:a5:6e:12:f8:ea:d5:d1:
         d3:43:25:47:f5:e8:4d:28:46:d2:53:2c:d4:1b:b5:0c:28:0b:
         0a:95:4c:94:5f:ad:c0:7a:4c:f4:38:f5:ac:a4:db:e6:ad:8c:
         bc:07:bf:9c:af:f3:9f:71:e0:2f:19:b6:f4:d1:32:7b:c4:65:
         58:8a:9d:6a:35:ae:a0:c8:57:bb:ac:4e:4a:46:e5:b6:17:f6:
         39:29:67:24:20:b7:ad:70:1e:72:37:e1:42:c6:b2:97:b3:ce:
         3d:c7:95:68:e8:83:ae:03:c5:f1:02:87:44:df:f0:88:a7:51:
         1e:c7:e4:d9:6c:f3:d3:5b:bc:a7:db:fa:22:e4:af:a1:18:c0:
         cc:a9:f1:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtz0iUAD4g+/RLTyssiQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTkzZGFlNTc4N2MzZDZkYmRlZjA1OGIyZTJmNTQ2MDA2MTRlZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO+WU8OElwsXpW6FnqefvNvnu+fG
eFnL8ZIyyVtHdUSMNIYj2GaS9LzC35xnuiGWb9eSsbaGIx3Xi5ZPdklU18X9UYHr
FKLk10WcNZFqhIqo7C5OCm1BOtCK9egVUmug+G6RChHL1nloJRo+fMdrot4FTWug
53QKqsFASvxBunfa0E+EzPbxkpB75xAiVKDA6C9QT4/qz7sxhRT8PECw3HgfofV5
27GSYhTPQgtUQcL7X3crB9Sr4ptIwEQoZqBt1wCTrQ9HUFgVzlTrnPZZN61yVbSa
t1qid4Lt/Qj2JUuR9PWbyj+XSE/cIwc0hxPj60hwXuNeWqvEl2YXcXsh/QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFO6T2uV4fD1tve8Fiy4vVGAGFO74MB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvN3BQYTVYaDhQVzI5N3dXTExpOVVZQVlVN3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxcw
DQYJKoZIhvcNAQELBQADggEBALHK9sk/+/ekIngVCMOedmRCX9SYvP4wraFB8k/+
H1qNfpFMbgLO4VYl3BqEU0ezbGQco5A9g+8PNviGgkygDJKO4Kj58TPpjia8GnFB
jkzxte6vfrDnzRFjI8G32nL3YNLdCSSMOBEjKOUlmF+L5aNykML1shGLpW4S+OrV
0dNDJUf16E0oRtJTLNQbtQwoCwqVTJRfrcB6TPQ49ayk2+atjLwHv5yv859x4C8Z
tvTRMnvEZViKnWo1rqDIV7usTkpG5bYX9jkpZyQgt61wHnI34ULGspezzj3HlWjo
g64DxfECh0Tf8IinUR7H5Nls89NbvKfb+iLkr6EYwMyp8QQ=
-----END CERTIFICATE-----