Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/doqSreqZ0puIFaWYepjXsiORFJA.roa
File:                     doqSreqZ0puIFaWYepjXsiORFJA.roa (raw, json)
Hash identifier:          xuSkxml5vM8NDv68l6QOx0gv3YZ4+ZcGerX4dTq1v8c=
Subject key identifier:   76:8A:92:AD:EA:99:D2:9B:88:15:A5:98:7A:98:D7:B2:23:91:14:90
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       01942748139D56B122AD564CA910F404F294
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/doqSreqZ0puIFaWYepjXsiORFJA.roa
Signing time:             Thu 02 Jan 2025 13:50:22 +0000
ROA not before:           Thu 02 Jan 2025 13:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199683
IP address blocks:        2a13:b487:1400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:13:9d:56:b1:22:ad:56:4c:a9:10:f4:04:f2:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  2 13:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=768a92adea99d29b8815a5987a98d7b223911490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:2a:54:9e:db:af:28:6e:2b:f9:b3:26:96:e2:
                    e5:7e:11:07:2d:15:a4:88:bc:b1:fa:89:42:3b:fe:
                    10:6d:ac:9d:19:ad:bb:1b:fa:b2:83:e3:62:1b:bc:
                    96:f8:c2:2b:1c:b2:ea:73:b1:bd:47:a0:52:47:9a:
                    50:2f:07:85:ca:3d:ca:33:8a:77:bb:d0:11:2d:44:
                    c3:44:97:a2:45:43:c7:41:32:db:b6:a2:0f:1a:38:
                    fe:c8:ce:ea:3a:17:45:f6:5e:a9:32:74:5f:a9:84:
                    3f:79:30:99:53:fb:71:5a:02:35:48:34:2c:35:e1:
                    1d:9e:2c:47:0d:df:50:b0:45:f9:90:32:01:e4:74:
                    c0:d1:de:08:39:78:27:f7:e0:0c:c0:fa:ec:e3:a7:
                    c3:3d:55:fe:5e:65:aa:ec:41:5b:6f:38:af:6f:49:
                    e7:4d:82:1c:f1:cc:0d:7e:b4:e4:17:2a:4d:63:6a:
                    04:7f:bb:f6:d0:9a:d6:a3:fb:dc:b7:7d:fb:ec:41:
                    81:bd:36:16:71:78:27:50:9b:55:b4:ea:59:05:17:
                    f0:84:7c:7d:13:4b:2a:49:1a:3f:e8:44:17:24:47:
                    9d:bf:67:08:7f:2c:ed:a8:1a:92:9d:a7:46:8a:53:
                    0f:26:16:28:db:6b:6d:ff:e3:e0:be:95:b7:e0:a9:
                    f6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:8A:92:AD:EA:99:D2:9B:88:15:A5:98:7A:98:D7:B2:23:91:14:90
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/doqSreqZ0puIFaWYepjXsiORFJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1400::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:e0:07:7b:bc:bc:50:e9:a1:41:39:14:7f:e1:28:fd:f3:c7:
         35:69:34:d5:c1:db:cc:55:5c:d8:4e:55:5a:76:b2:c2:cb:9d:
         35:30:3d:fc:14:ce:af:f1:2a:5e:4f:ad:6f:5c:2d:00:96:83:
         41:3d:02:75:1b:9a:4f:ad:7b:91:b0:32:d3:c6:c8:c5:1d:51:
         cf:35:24:b2:68:a2:c4:09:a2:8d:a9:17:3c:45:51:5a:23:02:
         30:a0:e2:65:21:59:c7:93:74:89:9a:34:57:fd:b4:34:28:a5:
         6c:ac:a8:4d:14:c7:70:03:67:1d:d0:b5:99:32:93:e5:08:54:
         68:72:b0:e1:78:fd:26:87:c3:6e:fa:97:2b:58:6e:1a:92:9d:
         37:3b:2a:f3:da:3f:44:a7:28:27:89:bf:68:13:a3:88:d5:da:
         e0:c3:4f:93:30:dd:a5:bf:7f:f6:e0:8b:c3:5f:17:e2:74:03:
         3d:af:9c:41:a3:3a:e2:b3:86:b0:5c:47:52:51:74:e0:f7:95:
         d8:06:c0:3a:a0:c9:92:eb:58:21:4b:3b:27:f6:3e:86:84:47:
         0a:72:b6:17:c8:32:3d:f6:09:4c:cd:de:e9:1d:0a:8b:2f:d8:
         25:b0:c1:6a:40:b7:09:53:38:6d:ff:6a:a0:1f:20:35:85:56:
         54:28:b7:86
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnSBOdVrEirVZMqRD0BPKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjUwMTAyMTM1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjhhOTJhZGVhOTlkMjliODgxNWE1OTg3YTk4ZDdiMjIzOTExNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SpUntuvKG4r+bMmluLlfhEHLRWk
iLyx+olCO/4QbaydGa27G/qyg+NiG7yW+MIrHLLqc7G9R6BSR5pQLweFyj3KM4p3
u9ARLUTDRJeiRUPHQTLbtqIPGjj+yM7qOhdF9l6pMnRfqYQ/eTCZU/txWgI1SDQs
NeEdnixHDd9QsEX5kDIB5HTA0d4IOXgn9+AMwPrs46fDPVX+XmWq7EFbbzivb0nn
TYIc8cwNfrTkFypNY2oEf7v20JrWo/vct3377EGBvTYWcXgnUJtVtOpZBRfwhHx9
E0sqSRo/6EQXJEedv2cIfyztqBqSnadGilMPJhYo22tt/+PgvpW34Kn2BQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHaKkq3qmdKbiBWlmHqY17IjkRSQMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvZG9xU3JlcVowcHVJRmFXWWVwalhzaU9SRkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxQw
DQYJKoZIhvcNAQELBQADggEBAHngB3u8vFDpoUE5FH/hKP3zxzVpNNXB28xVXNhO
VVp2ssLLnTUwPfwUzq/xKl5PrW9cLQCWg0E9AnUbmk+te5GwMtPGyMUdUc81JLJo
osQJoo2pFzxFUVojAjCg4mUhWceTdImaNFf9tDQopWysqE0Ux3ADZx3QtZkyk+UI
VGhysOF4/SaHw276lytYbhqSnTc7KvPaP0SnKCeJv2gTo4jV2uDDT5Mw3aW/f/bg
i8NfF+J0Az2vnEGjOuKzhrBcR1JRdOD3ldgGwDqgyZLrWCFLOyf2PoaERwpythfI
Mj32CUzN3ukdCosv2CWwwWpAtwlTOG3/aqAfIDWFVlQot4Y=
-----END CERTIFICATE-----