Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/XHBAZfNMxptI5_0VPGJquMV1Hho.roa
File:                     XHBAZfNMxptI5_0VPGJquMV1Hho.roa (raw, json)
Hash identifier:          xXFEIyKE2e57KWYjfe6BvMX8d3luQz4OJwofWv0hA4g=
Subject key identifier:   5C:70:40:65:F3:4C:C6:9B:48:E7:FD:15:3C:62:6A:B8:C5:75:1E:1A
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B739E9DFD01C05CDAF6A5EDABFBBED
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/XHBAZfNMxptI5_0VPGJquMV1Hho.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199436
IP address blocks:        2a13:b487:1b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:39:e9:df:d0:1c:05:cd:af:6a:5e:da:bf:bb:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c704065f34cc69b48e7fd153c626ab8c5751e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e8:f4:d3:d7:c2:4b:f0:ce:90:c2:fc:6a:a3:
                    a2:42:09:c1:d3:29:8d:5d:63:63:44:f0:5a:85:2a:
                    0b:e7:02:51:bb:12:1d:90:de:09:61:70:f7:93:ad:
                    c4:28:2a:e0:66:f6:ee:55:89:c0:d1:0d:ce:e8:93:
                    a1:bf:5b:59:b9:6b:d9:0f:24:38:be:81:ee:c2:23:
                    57:35:c0:c2:7a:92:5d:b9:2b:35:87:8c:9e:3c:6d:
                    4c:ea:6c:35:2c:4d:c1:33:62:be:0f:4b:27:23:13:
                    67:b9:82:f1:54:45:5c:3e:3f:90:fc:6c:d5:32:d5:
                    43:8c:86:d2:ef:01:08:59:ac:bd:e2:df:23:1c:43:
                    b2:22:a0:19:3d:74:65:43:7e:d0:b5:a6:66:60:b2:
                    4f:94:6b:d8:c3:f8:ed:69:9d:18:15:e8:09:6c:7b:
                    7d:74:df:f2:85:7c:37:db:91:0e:29:03:60:75:e6:
                    b5:14:fe:fc:5c:29:d5:f1:f0:06:b2:c6:fa:c9:b6:
                    44:99:67:89:05:dc:99:18:6f:f8:65:bc:05:93:3f:
                    5a:a4:25:5e:77:37:f9:c8:70:a7:c4:22:41:64:13:
                    7f:8e:2c:ca:ce:ed:0a:d5:69:08:d1:02:65:eb:17:
                    bf:86:63:0c:52:03:ec:6c:7e:a4:ae:1d:a0:17:7c:
                    13:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:70:40:65:F3:4C:C6:9B:48:E7:FD:15:3C:62:6A:B8:C5:75:1E:1A
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/XHBAZfNMxptI5_0VPGJquMV1Hho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:b4:40:80:ed:af:cd:3a:39:ac:9b:4b:e4:9d:74:0e:9a:b7:
         76:64:99:b6:28:2c:18:88:31:bc:4f:21:fb:90:d4:ec:20:91:
         f9:92:59:d1:92:05:c9:22:bc:00:59:af:79:67:f6:c7:f6:72:
         7d:02:ed:a6:3c:54:b3:4b:0a:52:bb:5e:53:df:5e:a8:44:ef:
         2f:df:72:e1:13:8d:27:ea:a7:46:69:dd:50:35:ba:79:da:fa:
         53:99:c8:51:aa:a4:d4:a1:be:55:4d:d3:04:86:a5:2d:b9:ef:
         8a:5e:86:a0:ee:47:2f:04:15:0b:41:92:1e:f3:79:a4:0d:f2:
         e9:cf:d6:b6:6d:e2:03:df:df:a0:b2:c8:7c:00:24:fe:13:f3:
         2a:92:e1:bc:8a:12:11:33:c0:c3:09:5b:75:12:09:12:5a:ba:
         0b:52:81:9e:c0:a9:2a:87:e6:82:19:73:08:59:f0:c9:42:90:
         ce:3d:cf:d8:b5:b3:22:c4:99:c8:3b:ea:34:13:6c:fa:90:9e:
         2e:40:a8:9a:3b:56:ae:b4:3f:aa:a7:82:4f:b6:aa:eb:e9:60:
         cd:58:e6:17:2d:71:ca:c1:97:9c:35:db:34:d4:25:46:e5:55:
         ac:b1:75:d6:5a:52:c0:ec:57:5c:7f:ed:99:0c:5c:54:18:30:
         99:57:aa:76
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtznp39AcBc2val7av7vtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzcwNDA2NWYzNGNjNjliNDhlN2ZkMTUzYzYyNmFiOGM1NzUxZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouj009fCS/DOkML8aqOiQgnB0ymN
XWNjRPBahSoL5wJRuxIdkN4JYXD3k63EKCrgZvbuVYnA0Q3O6JOhv1tZuWvZDyQ4
voHuwiNXNcDCepJduSs1h4yePG1M6mw1LE3BM2K+D0snIxNnuYLxVEVcPj+Q/GzV
MtVDjIbS7wEIWay94t8jHEOyIqAZPXRlQ37QtaZmYLJPlGvYw/jtaZ0YFegJbHt9
dN/yhXw325EOKQNgdea1FP78XCnV8fAGssb6ybZEmWeJBdyZGG/4ZbwFkz9apCVe
dzf5yHCnxCJBZBN/jizKzu0K1WkI0QJl6xe/hmMMUgPsbH6krh2gF3wTNwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFxwQGXzTMabSOf9FTxiarjFdR4aMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvWEhCQVpmTk14cHRJNV8wVlBHSnF1TVYxSGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxsw
DQYJKoZIhvcNAQELBQADggEBACO0QIDtr806OaybS+SddA6at3ZkmbYoLBiIMbxP
IfuQ1OwgkfmSWdGSBckivABZr3ln9sf2cn0C7aY8VLNLClK7XlPfXqhE7y/fcuET
jSfqp0Zp3VA1unna+lOZyFGqpNShvlVN0wSGpS2574pehqDuRy8EFQtBkh7zeaQN
8unP1rZt4gPf36CyyHwAJP4T8yqS4byKEhEzwMMJW3USCRJaugtSgZ7AqSqH5oIZ
cwhZ8MlCkM49z9i1syLEmcg76jQTbPqQni5AqJo7Vq60P6qngk+2quvpYM1Y5hct
ccrBl5w12zTUJUblVayxddZaUsDsV1x/7ZkMXFQYMJlXqnY=
-----END CERTIFICATE-----