Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/idgfV6mOa2fOKgvftqR9qxBn-6w.roa
File:                     idgfV6mOa2fOKgvftqR9qxBn-6w.roa (raw, json)
Hash identifier:          dDJZDHwb5UeXXYmk7D6i9HLy8LMSCPV0HjsNhT/d1Nc=
Subject key identifier:   89:D8:1F:57:A9:8E:6B:67:CE:2A:0B:DF:B6:A4:7D:AB:10:67:FB:AC
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B73B2BB6F04F4317FE8A8A0E37E561
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/idgfV6mOa2fOKgvftqR9qxBn-6w.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199460
IP address blocks:        2a13:b487:1a00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:2b:b6:f0:4f:43:17:fe:8a:8a:0e:37:e5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89d81f57a98e6b67ce2a0bdfb6a47dab1067fbac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c4:8f:2e:f4:c7:22:e3:9c:d4:5e:e5:94:f6:
                    f3:5c:0c:44:60:97:58:16:a3:2a:f6:5c:d2:e0:c5:
                    a2:cc:6e:6f:74:90:6f:c8:7d:c8:2f:b7:c4:32:06:
                    e0:cd:b4:4c:ec:c6:40:c0:c8:41:42:20:38:a6:91:
                    6a:72:ef:09:ae:39:51:48:33:2b:b2:94:6e:42:17:
                    94:d4:d6:14:2b:bf:97:f0:12:9f:fd:47:ab:a8:b6:
                    f6:8d:22:b4:e0:85:54:8b:dd:4c:59:fc:da:3f:7e:
                    5a:25:83:40:17:99:9c:a0:91:a8:41:5a:6e:af:3b:
                    b8:54:1f:59:f1:e4:5a:82:02:08:74:66:2e:3f:94:
                    f3:b7:ae:6c:de:bd:16:f7:ac:b0:9b:67:b4:95:bb:
                    26:08:5c:e3:d1:85:ab:e5:f7:47:f9:4f:ba:2f:68:
                    80:3d:2e:85:96:66:3f:79:89:1d:48:bc:67:74:d3:
                    dc:92:00:5f:dc:e8:24:d6:62:d6:9a:4c:c0:6a:cd:
                    17:11:e7:e1:c2:35:e9:c1:79:ad:e6:a4:82:12:1b:
                    70:5e:5e:14:bc:0f:de:de:fb:50:01:7d:a4:63:9a:
                    ca:6a:c5:fd:38:55:7f:7e:1f:98:a1:28:d3:e0:53:
                    9b:e8:e7:09:41:17:05:bc:4c:44:93:20:37:16:ad:
                    f4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:D8:1F:57:A9:8E:6B:67:CE:2A:0B:DF:B6:A4:7D:AB:10:67:FB:AC
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/idgfV6mOa2fOKgvftqR9qxBn-6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:da:a0:4c:5b:6a:f6:6e:46:0f:d2:9f:b7:be:8f:f9:61:84:
         b6:16:8c:c9:54:cf:a2:04:59:db:03:c7:27:2a:6d:f9:5b:da:
         ca:e2:6a:66:d4:dd:73:44:d8:cf:76:98:11:37:d3:16:0f:5d:
         8a:df:56:bb:ae:d7:a9:35:eb:27:0d:21:be:40:f0:12:9d:ac:
         36:00:9c:00:f9:8c:ba:ba:1b:ff:be:0c:26:f6:69:b8:1c:07:
         61:f3:db:e3:d5:f3:f7:a3:6f:f4:fa:69:73:8f:4b:dd:b2:a3:
         14:20:4e:34:02:1d:df:d2:8e:e7:e9:b5:57:ec:69:64:86:3d:
         6e:d0:4e:f3:fc:25:0b:7e:4d:3c:a6:8e:df:f0:2e:7a:67:9c:
         ef:50:9e:38:6a:de:e3:2e:d3:bd:4a:d2:d6:2b:3f:95:dc:2c:
         59:6f:0a:19:2e:bf:d6:12:d5:d0:f7:7d:3a:94:bf:83:f7:81:
         39:a4:fe:0a:33:b6:e2:a4:f8:a9:f7:a4:c9:04:39:83:10:fa:
         78:36:bd:e0:a8:f5:6a:47:a6:ce:12:bd:75:0c:ae:fc:29:9b:
         fc:a8:a4:fa:8f:b9:72:0e:cb:e4:ef:67:ba:8a:90:74:9d:34:
         3f:c3:6e:42:f7:35:27:de:29:e7:15:23:93:56:c3:df:13:5b:
         36:55:80:1a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtzsrtvBPQxf+iooON+VhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWQ4MWY1N2E5OGU2YjY3Y2UyYTBiZGZiNmE0N2RhYjEwNjdmYmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8SPLvTHIuOc1F7llPbzXAxEYJdY
FqMq9lzS4MWizG5vdJBvyH3IL7fEMgbgzbRM7MZAwMhBQiA4ppFqcu8JrjlRSDMr
spRuQheU1NYUK7+X8BKf/UerqLb2jSK04IVUi91MWfzaP35aJYNAF5mcoJGoQVpu
rzu4VB9Z8eRaggIIdGYuP5Tzt65s3r0W96ywm2e0lbsmCFzj0YWr5fdH+U+6L2iA
PS6FlmY/eYkdSLxndNPckgBf3Ogk1mLWmkzAas0XEefhwjXpwXmt5qSCEhtwXl4U
vA/e3vtQAX2kY5rKasX9OFV/fh+YoSjT4FOb6OcJQRcFvExEkyA3Fq30vQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFInYH1epjmtnzioL37akfasQZ/usMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvaWRnZlY2bU9hMmZPS2d2ZnRxUjlxeEJuLTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxow
DQYJKoZIhvcNAQELBQADggEBABXaoExbavZuRg/Sn7e+j/lhhLYWjMlUz6IEWdsD
xycqbflb2sriambU3XNE2M92mBE30xYPXYrfVruu16k16ycNIb5A8BKdrDYAnAD5
jLq6G/++DCb2abgcB2Hz2+PV8/ejb/T6aXOPS92yoxQgTjQCHd/SjufptVfsaWSG
PW7QTvP8JQt+TTymjt/wLnpnnO9Qnjhq3uMu071K0tYrP5XcLFlvChkuv9YS1dD3
fTqUv4P3gTmk/goztuKk+Kn3pMkEOYMQ+ng2veCo9WpHps4SvXUMrvwpm/yopPqP
uXIOy+TvZ7qKkHSdND/DbkL3NSfeKecVI5NWw98TWzZVgBo=
-----END CERTIFICATE-----