Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/n3dFzTvlFo8Xx8pJRpz2-9Q6_sY.roa
File:                     n3dFzTvlFo8Xx8pJRpz2-9Q6_sY.roa (raw, json)
Hash identifier:          QLCvypYAbCeCTFOCWGM+/Eu1ub5SCMgx2bTGWsW2RIc=
Subject key identifier:   9F:77:45:CD:3B:E5:16:8F:17:C7:CA:49:46:9C:F6:FB:D4:3A:FE:C6
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B73E8F1DE85AA86EA0EB6DA7773047
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/n3dFzTvlFo8Xx8pJRpz2-9Q6_sY.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212013
IP address blocks:        2a13:b487:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3e:8f:1d:e8:5a:a8:6e:a0:eb:6d:a7:77:30:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f7745cd3be5168f17c7ca49469cf6fbd43afec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:42:3f:37:03:40:6a:0a:3e:86:bb:30:7b:02:
                    09:80:3a:85:77:92:9f:81:ac:78:24:a8:a6:e9:69:
                    1a:54:83:0b:ab:8a:f6:9d:b9:66:be:10:ff:f1:9f:
                    9a:83:0a:ce:ea:81:51:f3:a8:5d:f6:93:8a:67:d4:
                    ba:d4:a2:91:59:4e:fd:7c:6f:6b:f2:34:dd:12:1b:
                    6d:c7:c2:29:51:53:6a:2c:2c:4a:c3:ba:62:40:14:
                    d2:af:1f:63:62:72:62:79:dc:3b:3f:d9:74:3d:35:
                    e8:21:ce:d0:b4:be:80:5d:98:0a:34:4c:5c:d4:96:
                    65:05:fb:6a:60:11:7f:ff:36:f8:27:96:13:51:28:
                    8f:48:43:42:ad:65:18:21:8b:ac:c5:98:7b:59:f8:
                    50:20:69:8d:11:83:cb:40:cd:e6:af:1e:9d:69:10:
                    26:3d:ca:8e:af:39:95:01:03:4f:5c:25:66:99:bb:
                    73:4b:51:c8:c2:91:e9:85:e3:d3:3f:af:50:05:8e:
                    f5:64:0d:93:54:1d:84:01:d3:20:de:01:6f:19:f6:
                    8b:a5:2d:6f:6f:a0:67:16:f0:82:ea:35:4e:08:ed:
                    f9:60:d1:ed:ce:c7:3d:75:70:b0:2e:ad:e8:89:43:
                    5a:3b:de:ce:2d:3d:07:b5:c2:e5:9d:e0:56:8a:95:
                    1c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:77:45:CD:3B:E5:16:8F:17:C7:CA:49:46:9C:F6:FB:D4:3A:FE:C6
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/n3dFzTvlFo8Xx8pJRpz2-9Q6_sY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         72:52:3e:3c:9f:9a:fe:fe:9f:52:07:59:68:05:db:50:6d:b9:
         e6:36:4f:67:a5:1d:26:f4:94:e5:a8:ff:3e:d5:8c:ab:35:ad:
         f2:fe:d0:91:48:7d:00:e8:96:00:32:4f:49:b6:72:15:5a:80:
         be:af:07:9b:31:62:89:f0:e2:f0:37:60:48:4e:e8:a0:fd:af:
         fc:37:59:ac:2c:b9:13:c4:85:19:24:72:9b:19:db:65:86:76:
         33:5f:e0:89:b7:a5:c3:8b:7f:23:de:46:be:33:f0:ab:6e:54:
         4b:f4:51:38:ab:bb:25:2e:e1:cc:ca:6c:0e:b0:03:3f:14:e4:
         a2:1e:61:aa:6b:fe:47:fd:2b:00:1d:61:85:33:fd:0a:4e:1a:
         09:4b:64:d7:91:06:e8:22:7c:e5:f8:69:61:b0:d4:c4:93:44:
         84:fd:18:38:36:1d:ae:b1:25:ec:69:11:64:80:37:5b:c8:31:
         a5:c6:bf:cd:65:25:45:a7:20:b9:09:a4:eb:71:07:ff:ac:fb:
         f0:64:e5:21:da:e2:1e:34:3e:2e:32:af:3c:78:35:72:8d:0f:
         92:03:2a:14:51:e3:fe:d1:27:27:3f:f0:59:a9:91:93:ab:99:
         20:1d:93:7f:a5:13:9c:a6:e3:3d:b2:22:4e:43:14:80:5b:5c:
         65:1b:2b:6c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtz6PHehaqG6g622ndzBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc3NDVjZDNiZTUxNjhmMTdjN2NhNDk0NjljZjZmYmQ0M2FmZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUI/NwNAago+hrswewIJgDqFd5Kf
gax4JKim6WkaVIMLq4r2nblmvhD/8Z+agwrO6oFR86hd9pOKZ9S61KKRWU79fG9r
8jTdEhttx8IpUVNqLCxKw7piQBTSrx9jYnJiedw7P9l0PTXoIc7QtL6AXZgKNExc
1JZlBftqYBF//zb4J5YTUSiPSENCrWUYIYusxZh7WfhQIGmNEYPLQM3mrx6daRAm
PcqOrzmVAQNPXCVmmbtzS1HIwpHphePTP69QBY71ZA2TVB2EAdMg3gFvGfaLpS1v
b6BnFvCC6jVOCO35YNHtzsc9dXCwLq3oiUNaO97OLT0HtcLlneBWipUcHwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJ93Rc075RaPF8fKSUac9vvUOv7GMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvbjNkRnpUdmxGbzhYeDhwSlJwejItOVE2X3NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhO0hyAw
DQYJKoZIhvcNAQELBQADggEBAHJSPjyfmv7+n1IHWWgF21BtueY2T2elHSb0lOWo
/z7VjKs1rfL+0JFIfQDolgAyT0m2chVagL6vB5sxYonw4vA3YEhO6KD9r/w3Waws
uRPEhRkkcpsZ22WGdjNf4Im3pcOLfyPeRr4z8KtuVEv0UTiruyUu4czKbA6wAz8U
5KIeYapr/kf9KwAdYYUz/QpOGglLZNeRBugifOX4aWGw1MSTRIT9GDg2Ha6xJexp
EWSAN1vIMaXGv81lJUWnILkJpOtxB/+s+/Bk5SHa4h40Pi4yrzx4NXKND5IDKhRR
4/7RJyc/8FmpkZOrmSAdk3+lE5ym4z2yIk5DFIBbXGUbK2w=
-----END CERTIFICATE-----