Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/shBcqHuMYK54d2-eNKu3BbfoK8U.roa
File:                     shBcqHuMYK54d2-eNKu3BbfoK8U.roa (raw, json)
Hash identifier:          EXUTP2yBA6T0WhfA+VjPiXIhfIqimWYXi3ahF/xrwLg=
Subject key identifier:   B2:10:5C:A8:7B:8C:60:AE:78:77:6F:9E:34:AB:B7:05:B7:E8:2B:C5
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B739A0D0C029D8DC0B632DBDC88C69
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/shBcqHuMYK54d2-eNKu3BbfoK8U.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199068
IP address blocks:        2a13:b487:1f00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:39:a0:d0:c0:29:d8:dc:0b:63:2d:bd:c8:8c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2105ca87b8c60ae78776f9e34abb705b7e82bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3f:ad:43:8b:ee:9d:21:73:96:1a:c9:60:70:
                    3f:3a:dd:d3:29:cc:43:af:7e:f5:96:72:de:71:9e:
                    1a:5c:2b:90:21:86:44:37:5f:d0:f0:44:bc:51:e2:
                    0f:b1:9e:76:dc:dc:55:88:a4:86:cd:f3:81:ba:37:
                    48:17:b8:68:03:06:7b:09:36:72:58:b0:87:32:4d:
                    87:c3:75:ff:e7:64:ef:f6:bc:28:04:b4:07:84:b4:
                    86:9f:e3:8f:f9:46:78:82:02:23:7e:f2:06:54:7f:
                    26:90:a7:55:4e:26:76:7c:10:60:a1:d9:d6:65:ae:
                    7b:b6:ec:d8:05:a3:27:8e:12:95:bd:c3:27:2b:03:
                    f5:c0:3e:27:5b:15:40:2e:54:a4:56:69:70:5e:2b:
                    2a:f9:96:a4:b8:a9:5b:f7:61:49:00:ea:72:6e:b0:
                    68:4b:f4:31:d5:54:a2:3c:f0:f3:49:0c:65:06:cc:
                    6d:91:74:88:b1:29:8b:e5:d5:3f:07:ea:b1:60:fd:
                    17:24:67:21:d2:ef:c7:af:f9:26:73:ee:9b:b5:9b:
                    25:5d:b9:75:03:2c:f0:65:f1:12:5c:d6:bc:fa:f5:
                    64:65:4c:bb:74:cd:00:be:d5:5f:0b:f6:47:80:c5:
                    b6:02:c1:e3:b3:f8:98:f7:59:a9:06:a9:ac:3a:03:
                    94:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:10:5C:A8:7B:8C:60:AE:78:77:6F:9E:34:AB:B7:05:B7:E8:2B:C5
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/shBcqHuMYK54d2-eNKu3BbfoK8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:f5:a9:14:4f:0a:20:15:d1:cf:1f:f4:c2:80:a9:f6:79:ff:
         b4:80:9d:60:f9:ec:ec:59:ec:c6:94:0c:83:c2:b2:e2:f7:4c:
         a2:61:2d:06:fe:4f:d0:10:f0:e9:28:5e:f8:b4:75:65:3b:0e:
         3c:51:12:29:f6:f1:02:5d:e3:7c:85:34:e6:5c:73:84:6b:e1:
         29:0c:83:21:b2:cc:71:da:7f:50:03:59:1d:64:44:ae:92:0e:
         3b:88:ee:e4:a1:56:08:a2:16:6a:0d:25:8f:29:98:fd:c4:32:
         d0:94:71:24:3a:51:15:e2:83:27:e3:20:db:29:6e:d3:97:31:
         e4:d0:53:34:6a:d1:bb:50:c1:f5:e7:0b:6f:93:a1:c1:fb:f2:
         12:a4:6e:ec:8d:38:9c:61:c3:c3:e2:b2:12:f0:23:07:0f:e6:
         87:e4:26:52:99:50:6d:16:4f:fa:f4:37:39:34:13:95:2c:a7:
         d4:d4:1b:73:a5:44:af:7d:3d:4e:ce:e0:6f:12:ef:6e:d3:64:
         a1:61:23:7a:15:be:64:04:a7:ed:c2:0d:40:6d:9b:1f:3c:79:
         b8:aa:b6:1d:87:2f:ab:e8:ba:42:eb:76:75:b0:c2:38:a2:90:
         25:5f:68:ab:02:24:67:b2:99:4f:ee:2b:a5:e3:21:c7:f3:c1:
         00:86:64:da
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtzmg0MAp2NwLYy29yIxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjEwNWNhODdiOGM2MGFlNzg3NzZmOWUzNGFiYjcwNWI3ZTgyYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoD+tQ4vunSFzlhrJYHA/Ot3TKcxD
r371lnLecZ4aXCuQIYZEN1/Q8ES8UeIPsZ523NxViKSGzfOBujdIF7hoAwZ7CTZy
WLCHMk2Hw3X/52Tv9rwoBLQHhLSGn+OP+UZ4ggIjfvIGVH8mkKdVTiZ2fBBgodnW
Za57tuzYBaMnjhKVvcMnKwP1wD4nWxVALlSkVmlwXisq+ZakuKlb92FJAOpybrBo
S/Qx1VSiPPDzSQxlBsxtkXSIsSmL5dU/B+qxYP0XJGch0u/Hr/kmc+6btZslXbl1
AyzwZfESXNa8+vVkZUy7dM0AvtVfC/ZHgMW2AsHjs/iY91mpBqmsOgOUTwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLIQXKh7jGCueHdvnjSrtwW36CvFMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvc2hCY3FIdU1ZSzU0ZDItZU5LdTNCYmZvSzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hx8w
DQYJKoZIhvcNAQELBQADggEBABn1qRRPCiAV0c8f9MKAqfZ5/7SAnWD57OxZ7MaU
DIPCsuL3TKJhLQb+T9AQ8OkoXvi0dWU7DjxREin28QJd43yFNOZcc4Rr4SkMgyGy
zHHaf1ADWR1kRK6SDjuI7uShVgiiFmoNJY8pmP3EMtCUcSQ6URXigyfjINspbtOX
MeTQUzRq0btQwfXnC2+TocH78hKkbuyNOJxhw8PishLwIwcP5ofkJlKZUG0WT/r0
Nzk0E5Usp9TUG3OlRK99PU7O4G8S727TZKFhI3oVvmQEp+3CDUBtmx88ebiqth2H
L6voukLrdnWwwjiikCVfaKsCJGeymU/uK6XjIcfzwQCGZNo=
-----END CERTIFICATE-----