Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/_MCpzUFozB8AKVYlTpuz2A7wfCE.roa
File:                     _MCpzUFozB8AKVYlTpuz2A7wfCE.roa (raw, json)
Hash identifier:          GsiaFwEdtPHr49gfNK4IYUi2FWFgxgW4k5hFJD9HVVs=
Subject key identifier:   FC:C0:A9:CD:41:68:CC:1F:00:29:56:25:4E:9B:B3:D8:0E:F0:7C:21
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B73BF40946D7D11896C981C4BDD398
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/_MCpzUFozB8AKVYlTpuz2A7wfCE.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199467
IP address blocks:        2a13:b487:1800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:f4:09:46:d7:d1:18:96:c9:81:c4:bd:d3:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcc0a9cd4168cc1f002956254e9bb3d80ef07c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9d:bb:43:67:e1:95:e6:6b:d1:2f:eb:e3:8f:
                    f9:af:54:a5:53:44:4d:32:32:83:a4:ad:25:84:0d:
                    90:5a:de:02:8a:cf:cc:c9:33:3f:ed:c3:6f:29:c3:
                    d7:94:5e:fd:3c:c4:24:fb:9f:f5:b2:4d:0c:b1:27:
                    d0:f3:fa:b5:f6:3d:9a:46:d9:de:8c:29:84:a7:d7:
                    c8:9f:8a:57:eb:08:a6:3d:44:76:d7:bb:52:0f:a8:
                    aa:79:65:53:a1:95:56:09:64:19:c0:f8:70:91:d6:
                    1c:21:ac:d5:1d:26:2c:42:4f:7a:e3:7b:c4:1f:e5:
                    e2:98:be:b8:14:de:6a:65:5f:bc:a2:69:0f:41:52:
                    0c:04:1e:f9:68:8e:01:da:59:c2:bb:58:89:90:22:
                    bf:b6:ca:af:29:9a:5f:69:fb:7a:7f:5e:90:06:22:
                    b5:1e:71:42:2f:f5:a8:2e:84:f0:aa:8f:2f:72:c2:
                    7b:12:43:9d:88:cf:5b:66:c3:ae:50:bc:d2:60:ea:
                    2e:54:c0:31:0e:20:45:ee:29:51:78:20:52:30:d5:
                    8d:45:29:5e:1d:59:32:9e:d1:e9:94:1a:5e:bc:f4:
                    6f:fc:64:4e:96:80:5d:67:19:08:04:79:73:19:2c:
                    86:5c:c4:04:96:e9:3e:b4:f2:fc:39:ed:45:62:d9:
                    0e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:C0:A9:CD:41:68:CC:1F:00:29:56:25:4E:9B:B3:D8:0E:F0:7C:21
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/_MCpzUFozB8AKVYlTpuz2A7wfCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1800::/40

    Signature Algorithm: sha256WithRSAEncryption
         25:38:fc:97:d6:fd:0b:c8:8d:d4:fc:04:53:bc:e8:72:df:e7:
         7e:5c:0c:e5:0f:1c:3a:ef:ee:89:cb:86:91:59:a2:6f:b5:09:
         8e:15:95:d7:f8:f1:b7:e0:3c:d3:b3:1a:c0:df:7e:f8:b9:6e:
         b8:41:6b:96:d8:bc:c3:79:dd:98:0e:25:9c:4d:72:0b:dc:70:
         5f:4a:fc:23:3b:11:20:55:a2:fd:85:b7:03:3d:35:27:ad:bb:
         e9:fd:bc:52:68:1e:28:f4:f2:18:de:4c:16:3c:46:bb:8b:28:
         86:64:15:98:88:97:2d:d5:74:2d:2a:8d:f7:2e:5c:8a:0a:5e:
         79:aa:07:1f:5b:19:20:ff:f7:d6:0a:36:98:b7:26:dd:fd:58:
         6c:36:91:a9:82:11:3e:1b:56:b8:d9:07:49:cd:47:e6:f5:14:
         f7:5f:af:23:1a:67:b5:78:8f:fa:5d:db:98:09:56:f6:5d:66:
         54:9a:22:95:f3:ba:c4:06:b8:0d:8f:8d:9a:fe:62:49:c0:34:
         d1:c9:4d:1e:11:c5:99:d3:9a:5e:16:25:e2:6b:e0:7b:c6:22:
         51:fc:8b:e1:96:c6:c5:3b:9c:b2:ff:99:a5:36:b9:84:37:d9:
         b0:90:9f:7f:ff:d8:23:c4:05:c2:3e:46:93:87:39:74:da:00:
         52:4c:2d:31
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtzv0CUbX0RiWyYHEvdOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2MwYTljZDQxNjhjYzFmMDAyOTU2MjU0ZTliYjNkODBlZjA3YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZ27Q2fhleZr0S/r44/5r1SlU0RN
MjKDpK0lhA2QWt4Cis/MyTM/7cNvKcPXlF79PMQk+5/1sk0MsSfQ8/q19j2aRtne
jCmEp9fIn4pX6wimPUR217tSD6iqeWVToZVWCWQZwPhwkdYcIazVHSYsQk9643vE
H+XimL64FN5qZV+8omkPQVIMBB75aI4B2lnCu1iJkCK/tsqvKZpfaft6f16QBiK1
HnFCL/WoLoTwqo8vcsJ7EkOdiM9bZsOuULzSYOouVMAxDiBF7ilReCBSMNWNRSle
HVkyntHplBpevPRv/GROloBdZxkIBHlzGSyGXMQEluk+tPL8Oe1FYtkO7wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPzAqc1BaMwfAClWJU6bs9gO8HwhMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvX01DcHpVRm96QjhBS1ZZbFRwdXoyQTd3ZkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxgw
DQYJKoZIhvcNAQELBQADggEBACU4/JfW/QvIjdT8BFO86HLf535cDOUPHDrv7onL
hpFZom+1CY4Vldf48bfgPNOzGsDffvi5brhBa5bYvMN53ZgOJZxNcgvccF9K/CM7
ESBVov2FtwM9NSetu+n9vFJoHij08hjeTBY8RruLKIZkFZiIly3VdC0qjfcuXIoK
XnmqBx9bGSD/99YKNpi3Jt39WGw2kamCET4bVrjZB0nNR+b1FPdfryMaZ7V4j/pd
25gJVvZdZlSaIpXzusQGuA2PjZr+YknANNHJTR4RxZnTml4WJeJr4HvGIlH8i+GW
xsU7nLL/maU2uYQ32bCQn3//2CPEBcI+RpOHOXTaAFJMLTE=
-----END CERTIFICATE-----