Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vHA8o25Y95MWMNzt-3xy6YDPJts.roa
File:                     vHA8o25Y95MWMNzt-3xy6YDPJts.roa (raw, json)
Hash identifier:          wtNOLZFwsEQR4QmUFb6bp5SdhZWkDpYOvYmYW0zwtO0=
Subject key identifier:   BC:70:3C:A3:6E:58:F7:93:16:30:DC:ED:FB:7C:72:E9:80:CF:26:DB
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B73A3F4E09F5E8920AB94D568B4087
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vHA8o25Y95MWMNzt-3xy6YDPJts.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199459
IP address blocks:        2a13:b487:1900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3a:3f:4e:09:f5:e8:92:0a:b9:4d:56:8b:40:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc703ca36e58f7931630dcedfb7c72e980cf26db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:1f:3c:a7:3b:42:e6:61:b2:de:d3:35:9c:12:
                    57:aa:e8:c0:74:e6:64:41:35:d8:2b:c1:ac:3f:da:
                    29:68:6e:fd:0a:d0:6f:1e:8a:c7:ae:98:56:7c:14:
                    2a:8d:99:73:c3:8c:f3:78:fa:98:7a:87:30:30:96:
                    51:4d:ad:3f:79:04:36:fa:42:04:24:d3:e1:f7:08:
                    c4:18:ab:6c:4e:3c:75:aa:dc:21:a3:04:09:5b:a6:
                    e8:cd:e5:7e:9b:0d:86:5c:6c:aa:cb:49:08:e5:1e:
                    c3:9b:a8:47:35:e9:ed:62:46:48:37:3d:9e:44:f2:
                    6e:e7:d0:2d:ce:14:2f:06:56:ca:ed:ad:94:70:63:
                    03:c2:61:69:06:b9:9e:df:5b:33:b4:9c:d1:d3:cb:
                    96:31:30:64:12:3a:cd:a8:38:5d:c6:99:7b:42:e5:
                    1c:8a:1f:09:54:cc:1f:7e:72:ae:a1:03:0c:38:41:
                    5b:ce:48:cd:be:4f:3c:55:bb:14:09:81:8c:1f:1f:
                    8f:d5:90:ac:b8:1f:e0:68:8a:c4:bd:a6:2b:8e:39:
                    f1:84:d9:3e:4e:d5:e0:e4:1e:c7:f4:12:d1:80:fe:
                    91:fe:df:37:50:d3:91:e4:db:ee:76:71:db:9b:26:
                    ce:54:ef:e2:f9:a9:fe:b8:e7:85:46:ef:f0:68:f2:
                    59:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:70:3C:A3:6E:58:F7:93:16:30:DC:ED:FB:7C:72:E9:80:CF:26:DB
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vHA8o25Y95MWMNzt-3xy6YDPJts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         ca:7c:36:f5:80:73:9b:e4:3e:f6:27:8d:22:5b:49:eb:b7:84:
         e2:5c:53:79:c4:63:3e:90:72:66:b7:9f:db:e4:b4:8a:89:5b:
         bb:34:12:7f:17:e8:3d:c4:06:f7:07:fe:ce:a9:05:9a:f8:0b:
         1a:0d:6a:00:3a:35:3a:16:ce:31:98:6b:a6:5e:35:24:ee:7b:
         3e:64:14:cb:01:a6:ad:7c:7d:17:42:1b:03:41:90:35:ac:14:
         84:b3:51:d4:9e:88:fa:e4:91:9f:22:c9:18:4c:c1:d0:4b:7c:
         c5:6e:90:5b:db:0b:33:95:e9:1e:60:f6:94:8b:04:88:91:d7:
         66:df:1d:fe:64:0d:7d:ab:d7:16:56:4f:f9:a3:2c:2d:40:c4:
         e8:49:f4:41:0e:31:b3:b7:8e:84:3b:1d:b7:3d:6c:d7:e0:16:
         f8:57:4c:dc:ba:90:e2:56:47:6f:26:ed:2f:23:be:90:89:73:
         c3:1c:07:ad:93:90:40:1d:34:b8:87:46:b7:4f:6e:96:07:f6:
         98:db:b6:53:6b:fe:4e:26:d7:9e:30:48:af:2c:cd:20:12:ed:
         8c:7a:44:7d:ae:49:74:f7:29:24:db:d2:25:91:df:f1:d0:3d:
         f6:81:96:56:96:13:aa:78:cc:94:23:1e:30:fc:05:4e:f4:b3:
         95:ff:f1:e7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtzo/Tgn16JIKuU1Wi0CHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzcwM2NhMzZlNThmNzkzMTYzMGRjZWRmYjdjNzJlOTgwY2YyNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAih88pztC5mGy3tM1nBJXqujAdOZk
QTXYK8GsP9opaG79CtBvHorHrphWfBQqjZlzw4zzePqYeocwMJZRTa0/eQQ2+kIE
JNPh9wjEGKtsTjx1qtwhowQJW6bozeV+mw2GXGyqy0kI5R7Dm6hHNentYkZINz2e
RPJu59AtzhQvBlbK7a2UcGMDwmFpBrme31sztJzR08uWMTBkEjrNqDhdxpl7QuUc
ih8JVMwffnKuoQMMOEFbzkjNvk88VbsUCYGMHx+P1ZCsuB/gaIrEvaYrjjnxhNk+
TtXg5B7H9BLRgP6R/t83UNOR5NvudnHbmybOVO/i+an+uOeFRu/waPJZcQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLxwPKNuWPeTFjDc7ft8cumAzybbMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvdkhBOG8yNVk5NU1XTU56dC0zeHk2WURQSnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxkw
DQYJKoZIhvcNAQELBQADggEBAMp8NvWAc5vkPvYnjSJbSeu3hOJcU3nEYz6Qcma3
n9vktIqJW7s0En8X6D3EBvcH/s6pBZr4CxoNagA6NToWzjGYa6ZeNSTuez5kFMsB
pq18fRdCGwNBkDWsFISzUdSeiPrkkZ8iyRhMwdBLfMVukFvbCzOV6R5g9pSLBIiR
12bfHf5kDX2r1xZWT/mjLC1AxOhJ9EEOMbO3joQ7Hbc9bNfgFvhXTNy6kOJWR28m
7S8jvpCJc8McB62TkEAdNLiHRrdPbpYH9pjbtlNr/k4m154wSK8szSAS7Yx6RH2u
SXT3KSTb0iWR3/HQPfaBllaWE6p4zJQjHjD8BU70s5X/8ec=
-----END CERTIFICATE-----