Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/Doax2lNTyCsTAl4OZyPQbhpZiWo.roa
File:                     Doax2lNTyCsTAl4OZyPQbhpZiWo.roa (raw, json)
Hash identifier:          DNZw6G0yigWsm6ZECP/aWwtk5BuKwTey75Y2gK6xNWw=
Subject key identifier:   0E:86:B1:DA:53:53:C8:2B:13:02:5E:0E:67:23:D0:6E:1A:59:89:6A
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B7376159ED78661796252C9A0F89B0
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/Doax2lNTyCsTAl4OZyPQbhpZiWo.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57934
IP address blocks:        2a13:b487:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:37:61:59:ed:78:66:17:96:25:2c:9a:0f:89:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e86b1da5353c82b13025e0e6723d06e1a59896a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cd:d6:53:51:97:b7:4e:7c:6e:ec:54:98:2a:
                    28:a2:65:68:c8:2a:c3:95:63:df:36:dc:63:0b:b5:
                    fb:7f:00:20:1c:ae:de:fb:ad:b7:13:04:9d:e5:da:
                    19:cf:50:fb:a0:72:2c:b0:5b:12:fa:04:80:17:18:
                    ac:ce:44:a4:ff:32:32:ae:6e:ed:ab:01:9b:76:c0:
                    97:32:c8:14:d6:bf:08:12:02:18:73:6b:08:7e:7c:
                    f8:0a:cb:bd:c0:83:90:cc:e2:86:4c:87:66:23:e9:
                    48:a1:a2:73:a5:71:e0:c7:68:65:fc:a8:25:2b:ba:
                    19:0a:6f:87:92:bf:84:9d:dd:f5:53:d1:e3:6e:65:
                    93:49:10:9c:f2:f1:d9:b5:fa:e8:73:f5:cc:b9:20:
                    bc:b1:2d:aa:94:d4:76:a4:4b:bf:6e:33:a5:08:ec:
                    c3:cf:19:9d:8a:27:1c:90:3a:fa:56:af:68:08:f3:
                    e7:5f:e4:4a:e6:ec:b9:36:57:09:23:1b:a9:34:a5:
                    97:37:0e:e7:96:d8:25:7c:99:0c:11:6f:a0:ec:58:
                    ed:b5:be:10:f2:7f:65:f1:91:5d:06:7c:2e:dd:f7:
                    bb:41:82:82:79:38:f1:7c:8b:9f:b5:07:26:10:b2:
                    da:c6:8f:e6:cf:ce:f7:67:74:01:20:ed:f1:39:cc:
                    ef:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:86:B1:DA:53:53:C8:2B:13:02:5E:0E:67:23:D0:6E:1A:59:89:6A
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/Doax2lNTyCsTAl4OZyPQbhpZiWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b5:9c:c1:62:d0:2a:7c:7d:e1:0f:28:c3:c9:cb:ce:63:c1:57:
         55:af:ef:6f:c8:97:bf:52:3e:94:16:2e:5b:dc:a7:b4:67:ca:
         8c:4e:f2:ed:43:66:a2:fb:21:90:2d:db:6a:9b:d5:40:33:99:
         22:20:b2:ca:2f:9e:2f:05:c7:b6:fe:2b:16:e4:eb:03:b5:5f:
         76:9c:01:24:8a:68:d1:fd:f7:44:34:a7:66:b0:9e:bd:14:fe:
         7e:01:a2:85:be:39:c0:8b:52:d3:84:3d:64:55:76:ac:73:5b:
         51:06:2e:bc:a4:4d:ae:48:a3:2a:00:dc:7d:cc:a2:9a:01:47:
         e8:ec:bc:f5:83:c3:26:9f:76:56:93:7e:5e:59:7b:ce:d1:cd:
         23:bc:72:2d:1e:50:39:76:6d:d5:3f:ba:75:6f:14:30:cf:61:
         3b:a3:44:d4:4d:0d:0e:69:f7:e0:a9:1e:ff:ae:f4:6f:ed:0d:
         7c:54:51:49:1e:f6:4c:08:ea:ea:94:21:fb:f1:6f:31:f2:a9:
         3f:5b:cb:09:d6:2b:87:9a:f3:85:3d:7c:ae:e2:f0:c4:43:1b:
         1a:29:d2:a3:c4:f7:bf:71:27:12:fe:cc:71:18:f5:4b:d6:26:
         6a:2f:e7:35:ea:4f:69:72:c3:ab:68:d5:81:c2:97:54:92:9e:
         84:9b:11:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtzdhWe14ZheWJSyaD4mwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTg2YjFkYTUzNTNjODJiMTMwMjVlMGU2NzIzZDA2ZTFhNTk4OTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkM3WU1GXt058buxUmCooomVoyCrD
lWPfNtxjC7X7fwAgHK7e+623EwSd5doZz1D7oHIssFsS+gSAFxiszkSk/zIyrm7t
qwGbdsCXMsgU1r8IEgIYc2sIfnz4Csu9wIOQzOKGTIdmI+lIoaJzpXHgx2hl/Kgl
K7oZCm+Hkr+End31U9HjbmWTSRCc8vHZtfroc/XMuSC8sS2qlNR2pEu/bjOlCOzD
zxmdiicckDr6Vq9oCPPnX+RK5uy5NlcJIxupNKWXNw7nltglfJkMEW+g7Fjttb4Q
8n9l8ZFdBnwu3fe7QYKCeTjxfIuftQcmELLaxo/mz873Z3QBIO3xOczv2QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA6GsdpTU8grEwJeDmcj0G4aWYlqMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvRG9heDJsTlR5Q3NUQWw0T1p5UFFiaHBaaVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxAw
DQYJKoZIhvcNAQELBQADggEBALWcwWLQKnx94Q8ow8nLzmPBV1Wv72/Il79SPpQW
Llvcp7RnyoxO8u1DZqL7IZAt22qb1UAzmSIgssovni8Fx7b+Kxbk6wO1X3acASSK
aNH990Q0p2awnr0U/n4BooW+OcCLUtOEPWRVdqxzW1EGLrykTa5IoyoA3H3MopoB
R+jsvPWDwyafdlaTfl5Ze87RzSO8ci0eUDl2bdU/unVvFDDPYTujRNRNDQ5p9+Cp
Hv+u9G/tDXxUUUke9kwI6uqUIfvxbzHyqT9bywnWK4ea84U9fK7i8MRDGxop0qPE
979xJxL+zHEY9UvWJmov5zXqT2lyw6to1YHCl1SSnoSbEbE=
-----END CERTIFICATE-----