Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/nwJlYFnSzwMt9vuF_AchihpPMOY.roa
File:                     nwJlYFnSzwMt9vuF_AchihpPMOY.roa (raw, json)
Hash identifier:          KGa47Wfm/zawLn5n4gdW9tWD506ftzW586Vgf7erAoM=
Subject key identifier:   9F:02:65:60:59:D2:CF:03:2D:F6:FB:85:FC:07:21:8A:1A:4F:30:E6
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B736F8145E441E87AAF2F92CCAFFC1
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/nwJlYFnSzwMt9vuF_AchihpPMOY.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57406
IP address blocks:        2a13:b480::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:36:f8:14:5e:44:1e:87:aa:f2:f9:2c:ca:ff:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f02656059d2cf032df6fb85fc07218a1a4f30e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b9:cf:e3:15:a6:57:33:2d:5b:bd:0c:07:ac:
                    be:a9:45:36:8e:3d:ca:65:f4:4d:50:72:e3:72:28:
                    c6:01:31:25:09:3c:8a:b8:5a:d9:f6:2e:da:39:77:
                    34:82:26:4b:aa:e3:bd:81:cf:b4:86:a6:f1:c1:14:
                    51:b4:3e:fe:65:84:79:01:67:ae:76:44:13:86:0d:
                    76:77:02:b0:91:5d:fd:e6:1d:6f:39:64:37:0a:fb:
                    90:75:ae:28:0f:4f:e7:b1:59:cc:87:ab:a2:c2:73:
                    98:a0:95:26:af:7d:20:4e:03:d1:a6:57:1a:c8:69:
                    22:5c:e4:e7:42:39:bb:e5:de:24:be:0c:a2:af:3e:
                    e6:ae:e4:ec:a6:49:6e:35:b4:63:41:19:6a:fb:cf:
                    7c:c3:9e:55:58:37:b1:71:2a:b6:a1:49:cb:a1:07:
                    8d:b9:b0:09:f6:46:1b:ad:1a:b3:0a:71:94:07:0b:
                    d0:dc:1a:10:b5:8d:e5:d2:92:b4:c7:e6:88:37:cd:
                    04:75:26:39:df:8a:6b:ad:cc:7b:a8:7d:0d:52:20:
                    8e:bb:c5:58:a0:dc:be:fc:b2:24:b5:27:38:51:b2:
                    ad:b8:b3:d3:c0:ab:7c:51:02:40:41:18:f4:54:c6:
                    e2:e1:63:18:d4:77:ae:89:2d:a7:fe:84:93:be:a8:
                    b9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:02:65:60:59:D2:CF:03:2D:F6:FB:85:FC:07:21:8A:1A:4F:30:E6
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/nwJlYFnSzwMt9vuF_AchihpPMOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b480::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:a9:c0:3f:65:1b:c1:a6:17:ee:cd:1c:93:ce:42:32:2f:15:
         0b:66:9e:5a:31:a6:2d:f6:0f:45:97:cd:b2:3d:31:10:33:e7:
         ef:e8:a1:b7:ff:17:1f:ec:61:31:62:b5:d8:2d:08:ed:8c:a9:
         f9:b8:cd:8c:ea:f8:81:f4:27:bb:ff:9e:d3:0b:bf:1e:19:12:
         0c:69:5e:5c:8a:d3:ee:20:4d:f8:2d:66:37:91:9e:2d:f7:81:
         70:60:eb:59:b1:6d:2b:0a:11:8e:42:4c:95:81:a6:24:5e:a3:
         a5:94:8a:51:8a:cd:1e:44:09:09:14:52:49:1b:f1:21:ae:dc:
         c7:2c:c1:a8:4f:01:ab:1f:b1:ab:bb:05:09:91:42:30:4b:f6:
         19:b5:70:3f:d8:80:76:df:61:9d:d7:3e:6b:43:72:27:1d:12:
         ed:8c:70:bc:0b:01:f7:69:1f:48:ec:83:2a:7b:b2:15:2b:9a:
         f2:5b:1d:9a:89:50:e7:74:7b:a5:e0:bc:e8:f4:fa:cf:de:84:
         09:a3:99:60:00:36:ae:16:c4:fc:07:5b:67:96:06:95:97:7a:
         bd:59:9e:39:fe:9e:0f:6a:50:71:cc:5c:16:6d:5f:e4:1c:49:
         ec:49:58:11:50:ef:95:d3:2a:e6:40:9d:71:bb:1e:0c:b8:4d:
         b7:3d:c3:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtzb4FF5EHoeq8vksyv/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjAyNjU2MDU5ZDJjZjAzMmRmNmZiODVmYzA3MjE4YTFhNGYzMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrnP4xWmVzMtW70MB6y+qUU2jj3K
ZfRNUHLjcijGATElCTyKuFrZ9i7aOXc0giZLquO9gc+0hqbxwRRRtD7+ZYR5AWeu
dkQThg12dwKwkV395h1vOWQ3CvuQda4oD0/nsVnMh6uiwnOYoJUmr30gTgPRplca
yGkiXOTnQjm75d4kvgyirz7mruTspkluNbRjQRlq+898w55VWDexcSq2oUnLoQeN
ubAJ9kYbrRqzCnGUBwvQ3BoQtY3l0pK0x+aIN80EdSY534prrcx7qH0NUiCOu8VY
oNy+/LIktSc4UbKtuLPTwKt8UQJAQRj0VMbi4WMY1HeuiS2n/oSTvqi5oQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ8CZWBZ0s8DLfb7hfwHIYoaTzDmMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvbndKbFlGblN6d010OXZ1Rl9BY2hpaHBQTU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO0gDAN
BgkqhkiG9w0BAQsFAAOCAQEAF6nAP2UbwaYX7s0ck85CMi8VC2aeWjGmLfYPRZfN
sj0xEDPn7+iht/8XH+xhMWK12C0I7Yyp+bjNjOr4gfQnu/+e0wu/HhkSDGleXIrT
7iBN+C1mN5GeLfeBcGDrWbFtKwoRjkJMlYGmJF6jpZSKUYrNHkQJCRRSSRvxIa7c
xyzBqE8Bqx+xq7sFCZFCMEv2GbVwP9iAdt9hndc+a0NyJx0S7YxwvAsB92kfSOyD
KnuyFSua8lsdmolQ53R7peC86PT6z96ECaOZYAA2rhbE/AdbZ5YGlZd6vVmeOf6e
D2pQccxcFm1f5BxJ7ElYEVDvldMq5kCdcbseDLhNtz3Dyg==
-----END CERTIFICATE-----