Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/SepNI5BvNqZrKQQ0FfT7pr1pdeg.roa
File:                     SepNI5BvNqZrKQQ0FfT7pr1pdeg.roa (raw, json)
Hash identifier:          ga3FlFqUPF78mWs86DFnDk2WxYprTEnaWthB9skXHok=
Subject key identifier:   49:EA:4D:23:90:6F:36:A6:6B:29:04:34:15:F4:FB:A6:BD:69:75:E8
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018D7F9EE1FBF660DCAA2F38394957BC73A6
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/SepNI5BvNqZrKQQ0FfT7pr1pdeg.roa
Signing time:             Tue 06 Feb 2024 18:12:15 +0000
ROA not before:           Tue 06 Feb 2024 18:12:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7488
IP address blocks:        2a13:b487:7488::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:9e:e1:fb:f6:60:dc:aa:2f:38:39:49:57:bc:73:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Feb  6 18:12:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49ea4d23906f36a66b29043415f4fba6bd6975e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c3:2c:8d:93:62:53:f9:5f:c6:f9:88:df:32:
                    0c:08:7f:ba:9e:d1:25:ad:e4:cd:1d:c0:78:4f:ee:
                    82:da:c6:59:04:6c:4c:d4:53:8d:50:7a:55:0f:4e:
                    f5:ce:3d:c1:5b:77:d4:2f:ed:cb:95:fa:0b:36:f0:
                    c3:e4:2c:92:53:30:ac:b4:e2:34:6f:be:b3:fa:ad:
                    2e:0f:37:f2:0d:71:87:0e:ce:61:97:10:95:d3:66:
                    7d:c1:f0:52:5d:20:e6:95:a2:84:88:65:44:6e:89:
                    00:5f:79:df:68:31:5e:a8:3b:91:73:38:53:2c:85:
                    d5:03:3d:d9:e7:b3:7b:bc:77:3c:13:03:ef:6a:3a:
                    3f:b6:fb:2f:94:bb:08:f4:c7:96:d7:0c:f4:a8:f8:
                    20:2a:73:6b:92:51:99:3f:3c:f8:ab:46:e1:de:21:
                    83:0f:4f:e0:ed:25:9c:dd:bd:87:67:52:c9:90:d6:
                    a3:03:b8:54:33:d7:94:a4:a3:24:45:be:4e:11:6c:
                    85:93:46:b7:00:2d:32:84:b1:9a:cf:45:99:78:c5:
                    24:6a:cc:c3:76:e2:f8:2b:b5:0e:37:48:c7:ef:0b:
                    20:61:42:a2:fd:8d:fb:95:75:f1:05:c3:3b:6e:7f:
                    37:28:30:00:3c:4d:c0:1d:16:2e:be:44:b8:ac:8a:
                    f1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:EA:4D:23:90:6F:36:A6:6B:29:04:34:15:F4:FB:A6:BD:69:75:E8
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/SepNI5BvNqZrKQQ0FfT7pr1pdeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:7488::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:41:cd:01:ff:0a:45:37:72:dc:f8:0b:8b:d7:b1:99:b9:a8:
         4e:75:d2:4b:70:2a:5a:c2:6d:cd:c7:eb:6b:49:ee:5d:47:a7:
         6f:12:ba:49:8f:85:1b:54:c2:53:e9:f6:a0:3e:6d:c5:5e:a4:
         de:cb:ce:52:50:e6:ff:e5:64:91:f7:5a:38:c2:6f:93:de:ef:
         f1:b7:6f:35:53:ac:0d:62:2c:27:3f:e0:d7:24:1d:1b:4f:8f:
         11:1f:27:0e:73:4c:20:11:69:0c:5c:be:3f:00:67:1f:1f:40:
         23:b7:b2:65:9b:ea:a0:35:32:b3:7f:76:7f:30:0f:cf:04:97:
         9a:4d:e2:f8:5f:63:e9:03:54:21:4b:64:c4:23:f5:8f:af:e3:
         35:44:97:8d:28:b6:c4:80:b2:3d:35:40:af:8d:f5:3b:48:9a:
         2a:a7:23:85:fc:82:86:86:a3:b5:33:f0:ad:a3:e6:88:ff:ae:
         ca:e1:ba:8e:6d:ec:71:a4:ea:94:dd:01:75:c5:df:7d:a1:29:
         8d:a4:3d:b6:30:cb:b2:b4:a0:f7:b5:3f:97:de:d7:98:97:6b:
         f4:33:45:27:69:a9:a4:86:1c:63:04:61:89:6e:9d:95:9c:91:
         3d:99:89:59:63:ea:f0:83:8e:04:85:db:a9:0d:16:fd:aa:f1:
         60:c3:f8:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/nuH79mDcqi84OUlXvHOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMjA2MTgxMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWVhNGQyMzkwNmYzNmE2NmIyOTA0MzQxNWY0ZmJhNmJkNjk3NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMMsjZNiU/lfxvmI3zIMCH+6ntEl
reTNHcB4T+6C2sZZBGxM1FONUHpVD071zj3BW3fUL+3LlfoLNvDD5CySUzCstOI0
b76z+q0uDzfyDXGHDs5hlxCV02Z9wfBSXSDmlaKEiGVEbokAX3nfaDFeqDuRczhT
LIXVAz3Z57N7vHc8EwPvajo/tvsvlLsI9MeW1wz0qPggKnNrklGZPzz4q0bh3iGD
D0/g7SWc3b2HZ1LJkNajA7hUM9eUpKMkRb5OEWyFk0a3AC0yhLGaz0WZeMUkaszD
duL4K7UON0jH7wsgYUKi/Y37lXXxBcM7bn83KDAAPE3AHRYuvkS4rIrxrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEnqTSOQbzamaykENBX0+6a9aXXoMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvU2VwTkk1QnZOcVpyS1FRMEZmVDdwcjFwZGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhO0h3SI
MA0GCSqGSIb3DQEBCwUAA4IBAQApQc0B/wpFN3Lc+AuL17GZuahOddJLcCpawm3N
x+trSe5dR6dvErpJj4UbVMJT6fagPm3FXqTey85SUOb/5WSR91o4wm+T3u/xt281
U6wNYiwnP+DXJB0bT48RHycOc0wgEWkMXL4/AGcfH0Ajt7Jlm+qgNTKzf3Z/MA/P
BJeaTeL4X2PpA1QhS2TEI/WPr+M1RJeNKLbEgLI9NUCvjfU7SJoqpyOF/IKGhqO1
M/Cto+aI/67K4bqObexxpOqU3QF1xd99oSmNpD22MMuytKD3tT+X3teYl2v0M0Un
aamkhhxjBGGJbp2VnJE9mYlZY+rwg44EhdupDRb9qvFgw/iC
-----END CERTIFICATE-----