Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/Gfn1jwtlF8FRxL3Rz03Ea937VEE.roa
File:                     Gfn1jwtlF8FRxL3Rz03Ea937VEE.roa (raw, json)
Hash identifier:          RFgXaXGTO5AA2vd/LK/W065gZCsDh6ylVKtNqAJn6Qc=
Subject key identifier:   19:F9:F5:8F:0B:65:17:C1:51:C4:BD:D1:CF:4D:C4:6B:DD:FB:54:41
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       01942748142D4ADD529DDCBB6F3E95DDDFEF
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/Gfn1jwtlF8FRxL3Rz03Ea937VEE.roa
Signing time:             Thu 02 Jan 2025 13:50:22 +0000
ROA not before:           Thu 02 Jan 2025 13:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201386
IP address blocks:        2a13:b487:5300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:14:2d:4a:dd:52:9d:dc:bb:6f:3e:95:dd:df:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  2 13:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19f9f58f0b6517c151c4bdd1cf4dc46bddfb5441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8e:9a:ec:8c:0e:ad:fb:6d:c3:b3:06:4a:c5:
                    bd:1a:99:8d:66:cd:4a:2e:cf:24:1b:9d:20:94:78:
                    2f:5b:57:37:0a:6d:a4:60:8f:2c:d1:2e:3b:22:c4:
                    a5:0d:75:12:1e:f5:db:b7:f4:a5:68:07:fc:0f:1d:
                    9d:79:3b:d7:df:e7:8d:0f:30:51:a7:0a:99:b2:ae:
                    19:33:29:32:b2:9d:04:28:20:fe:e7:bf:90:0e:58:
                    05:ed:7c:7e:5b:f1:0e:c6:74:c7:64:3e:a0:db:1b:
                    f2:b5:4b:53:ff:a0:81:eb:f7:11:7d:77:6d:c9:8a:
                    dc:0c:ad:b4:c2:54:c9:0f:77:5a:43:7f:6c:23:75:
                    08:0a:98:31:d8:74:04:9d:8e:5a:09:80:f3:41:15:
                    60:8e:74:61:93:53:16:96:f0:93:79:48:9e:bf:99:
                    c5:34:cf:f5:12:27:59:77:a5:9b:da:47:16:7b:44:
                    32:91:d0:43:31:0d:f0:24:9e:0d:cc:aa:01:a2:a9:
                    39:38:b3:b0:56:0d:5e:11:fe:53:b9:aa:5b:41:c6:
                    6c:58:f0:fd:3f:cc:d3:1a:7f:2f:7f:de:f5:f2:5d:
                    f2:4b:93:45:dc:07:08:4a:7c:e3:23:a5:02:ec:7e:
                    31:f4:7e:56:8a:dc:15:b8:2d:39:a3:09:5e:d7:d2:
                    b2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F9:F5:8F:0B:65:17:C1:51:C4:BD:D1:CF:4D:C4:6B:DD:FB:54:41
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/Gfn1jwtlF8FRxL3Rz03Ea937VEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:5300::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:9a:a5:62:a1:9a:e4:6d:d0:9e:e5:46:87:f1:87:29:8a:d4:
         66:98:43:a5:f9:77:b0:97:75:dd:34:02:69:f2:22:61:d3:fd:
         80:80:09:52:df:13:e6:ec:6e:d1:87:51:b9:02:ca:aa:a9:db:
         08:85:47:d3:b8:07:b8:5a:9a:a6:75:b3:5e:7c:f2:36:bf:02:
         96:5b:3a:4b:f7:0f:98:81:14:f0:05:d2:0c:e9:c4:db:67:1d:
         a8:7e:52:dd:5a:6e:91:e3:c8:57:45:86:25:d1:70:f6:e2:3b:
         c3:26:f0:f6:87:d0:1c:40:51:b9:63:d2:4c:48:25:b0:25:5a:
         c3:8e:ec:3a:94:12:d3:c8:be:89:10:16:4b:f9:ba:dc:b0:1f:
         83:8f:75:ef:9f:8b:d4:05:17:d8:c8:ae:cf:e1:f2:04:45:62:
         13:e0:c6:05:91:84:6c:6b:9e:f2:74:15:16:e5:dc:e0:f5:f6:
         ef:2f:67:69:95:d2:b1:86:0f:d3:cd:7b:cd:62:89:22:21:df:
         8d:1b:f5:72:22:5c:a6:5b:57:9a:94:8b:da:db:cf:9a:09:2b:
         49:ee:86:94:01:30:a1:12:2e:55:1b:c3:28:51:f7:00:60:9e:
         e1:21:6f:07:a4:74:ba:bc:c0:cb:45:a5:68:cb:74:2b:33:79:
         a6:0f:4d:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnSBQtSt1Sndy7bz6V3d/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjUwMTAyMTM1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWY5ZjU4ZjBiNjUxN2MxNTFjNGJkZDFjZjRkYzQ2YmRkZmI1NDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAio6a7IwOrfttw7MGSsW9GpmNZs1K
Ls8kG50glHgvW1c3Cm2kYI8s0S47IsSlDXUSHvXbt/SlaAf8Dx2deTvX3+eNDzBR
pwqZsq4ZMykysp0EKCD+57+QDlgF7Xx+W/EOxnTHZD6g2xvytUtT/6CB6/cRfXdt
yYrcDK20wlTJD3daQ39sI3UICpgx2HQEnY5aCYDzQRVgjnRhk1MWlvCTeUiev5nF
NM/1EidZd6Wb2kcWe0QykdBDMQ3wJJ4NzKoBoqk5OLOwVg1eEf5TuapbQcZsWPD9
P8zTGn8vf9718l3yS5NF3AcISnzjI6UC7H4x9H5WitwVuC05owle19KyoQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBn59Y8LZRfBUcS90c9NxGvd+1RBMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvR2ZuMWp3dGxGOEZSeEwzUnowM0VhOTM3VkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0h1Mw
DQYJKoZIhvcNAQELBQADggEBAAKapWKhmuRt0J7lRofxhymK1GaYQ6X5d7CXdd00
AmnyImHT/YCACVLfE+bsbtGHUbkCyqqp2wiFR9O4B7hamqZ1s1588ja/ApZbOkv3
D5iBFPAF0gzpxNtnHah+Ut1abpHjyFdFhiXRcPbiO8Mm8PaH0BxAUblj0kxIJbAl
WsOO7DqUEtPIvokQFkv5utywH4OPde+fi9QFF9jIrs/h8gRFYhPgxgWRhGxrnvJ0
FRbl3OD19u8vZ2mV0rGGD9PNe81iiSIh340b9XIiXKZbV5qUi9rbz5oJK0nuhpQB
MKESLlUbwyhR9wBgnuEhbwekdLq8wMtFpWjLdCszeaYPTQY=
-----END CERTIFICATE-----