Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/BehJ3cgG5BTTJz8pN9ZTVxK3Vtk.roa
File:                     BehJ3cgG5BTTJz8pN9ZTVxK3Vtk.roa (raw, json)
Hash identifier:          Ds91fNGjfU1LLHCydfKE30ldfDKqFETGjbrMBD2ryjo=
Subject key identifier:   05:E8:49:DD:C8:06:E4:14:D3:27:3F:29:37:D6:53:57:12:B7:56:D9
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B7366F44EFEF35810238D32CE8A566
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/BehJ3cgG5BTTJz8pN9ZTVxK3Vtk.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7721
IP address blocks:        2a13:b487:1200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:36:6f:44:ef:ef:35:81:02:38:d3:2c:e8:a5:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05e849ddc806e414d3273f2937d6535712b756d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c3:d1:aa:cd:b9:04:51:95:b3:31:52:43:08:
                    6c:a8:17:15:dc:45:9f:76:72:a6:a8:43:c2:3c:07:
                    4f:ea:af:8e:c7:07:83:f7:65:b7:12:0a:11:b2:5a:
                    22:bc:6e:93:23:64:72:8f:87:41:f5:a8:31:5a:98:
                    9d:8f:c0:86:21:25:1a:e6:7c:19:72:41:07:63:29:
                    bf:b4:2d:31:d1:59:44:a5:62:26:0f:30:6e:74:57:
                    53:64:fa:f9:c5:ef:89:82:b2:7f:83:08:34:40:75:
                    a8:93:3e:bb:b0:7f:19:d2:bf:37:24:d7:12:24:17:
                    33:f8:f1:bd:b0:6a:45:32:57:fd:a1:8b:10:9f:37:
                    25:43:a4:39:2d:b1:26:1c:13:07:e3:22:ae:cb:84:
                    35:55:93:f0:a0:81:b2:25:b2:33:93:eb:a4:6f:6f:
                    5f:4e:83:d2:89:68:6d:1a:cf:4d:46:01:9f:b6:8e:
                    13:fc:38:cb:17:5f:ff:aa:84:f5:a0:d6:d4:f8:2f:
                    eb:f6:09:af:41:1d:94:ab:45:d4:1d:22:55:80:14:
                    87:46:40:c5:23:1d:08:a3:4b:02:9e:83:93:dc:df:
                    f8:c7:48:4b:b4:a6:83:c6:55:2a:be:96:c2:08:5c:
                    0b:74:ab:c5:99:a6:ba:fc:b7:e8:d7:2c:a6:23:f3:
                    51:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E8:49:DD:C8:06:E4:14:D3:27:3F:29:37:D6:53:57:12:B7:56:D9
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/BehJ3cgG5BTTJz8pN9ZTVxK3Vtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         18:79:81:80:62:10:fa:37:31:c7:13:30:57:d1:d3:0e:5d:7f:
         00:98:79:37:a7:ed:bf:0d:af:d2:a7:25:24:47:37:81:22:6d:
         18:90:40:99:8c:f3:c2:ec:99:d4:a3:9e:b4:51:a4:1f:0b:54:
         31:6b:90:fd:70:eb:df:cd:b0:bb:a4:61:f0:04:a4:6f:2a:3a:
         e1:5f:e5:0a:20:f6:5e:82:86:3c:30:22:2c:6a:d9:7c:09:8d:
         3c:ec:bd:ec:48:9f:02:e2:d1:64:e8:79:00:ae:5a:7d:0a:ce:
         fa:03:d5:92:64:d3:75:4a:b2:14:a7:e1:bc:58:b4:fb:a8:be:
         9d:b1:dc:96:83:33:aa:6c:dc:09:bf:1f:7d:42:fe:be:7b:ee:
         c8:50:27:2c:ff:a8:0a:b1:25:5d:d6:24:ff:1c:3b:c7:02:df:
         e4:05:42:71:0e:79:60:a3:21:1a:cf:ca:a8:97:66:4b:fe:48:
         93:ee:af:cb:fa:da:42:94:c9:f2:83:c8:8e:c8:1c:ce:31:f7:
         e4:db:bd:2d:9f:1c:e8:6d:ff:69:03:3e:7f:05:67:88:4b:fc:
         a8:c8:5c:2c:4a:d2:21:09:a0:e8:ee:f6:9b:9e:6e:ee:87:23:
         2b:81:ea:c3:02:8c:f7:e9:cf:ea:6f:a1:1a:38:72:6c:30:59:
         cb:96:c9:b2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtzZvRO/vNYECONMs6KVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWU4NDlkZGM4MDZlNDE0ZDMyNzNmMjkzN2Q2NTM1NzEyYjc1NmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsPRqs25BFGVszFSQwhsqBcV3EWf
dnKmqEPCPAdP6q+OxweD92W3EgoRsloivG6TI2Ryj4dB9agxWpidj8CGISUa5nwZ
ckEHYym/tC0x0VlEpWImDzBudFdTZPr5xe+JgrJ/gwg0QHWokz67sH8Z0r83JNcS
JBcz+PG9sGpFMlf9oYsQnzclQ6Q5LbEmHBMH4yKuy4Q1VZPwoIGyJbIzk+ukb29f
ToPSiWhtGs9NRgGfto4T/DjLF1//qoT1oNbU+C/r9gmvQR2Uq0XUHSJVgBSHRkDF
Ix0Io0sCnoOT3N/4x0hLtKaDxlUqvpbCCFwLdKvFmaa6/Lfo1yymI/NR2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAXoSd3IBuQU0yc/KTfWU1cSt1bZMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvQmVoSjNjZ0c1QlRUSno4cE45WlRWeEszVnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxIw
DQYJKoZIhvcNAQELBQADggEBABh5gYBiEPo3MccTMFfR0w5dfwCYeTen7b8Nr9Kn
JSRHN4EibRiQQJmM88LsmdSjnrRRpB8LVDFrkP1w69/NsLukYfAEpG8qOuFf5Qog
9l6ChjwwIixq2XwJjTzsvexInwLi0WToeQCuWn0KzvoD1ZJk03VKshSn4bxYtPuo
vp2x3JaDM6ps3Am/H31C/r577shQJyz/qAqxJV3WJP8cO8cC3+QFQnEOeWCjIRrP
yqiXZkv+SJPur8v62kKUyfKDyI7IHM4x9+TbvS2fHOht/2kDPn8FZ4hL/KjIXCxK
0iEJoOju9puebu6HIyuB6sMCjPfpz+pvoRo4cmwwWcuWybI=
-----END CERTIFICATE-----