Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vscmmUwEbAves4B1AekzWuGiH0o.roa
File:                     vscmmUwEbAves4B1AekzWuGiH0o.roa (raw, json)
Hash identifier:          NWKtjuA3cdWoIObEjBmnwCjnFJHzdoD0eGyI26NBHtw=
Subject key identifier:   BE:C7:26:99:4C:04:6C:0B:DE:B3:80:75:01:E9:33:5A:E1:A2:1F:4A
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B7381C26832D25693778D94138B99A
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vscmmUwEbAves4B1AekzWuGiH0o.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151338
IP address blocks:        2a13:b487:5000::/40 maxlen: 48
                          2a13:b487:4f00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:1c:26:83:2d:25:69:37:78:d9:41:38:b9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bec726994c046c0bdeb3807501e9335ae1a21f4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:8a:96:49:1c:e6:f6:7e:05:bc:cd:78:63:d6:
                    6b:47:b1:25:5f:f2:dc:35:06:e8:4a:5d:ab:48:88:
                    67:fe:b7:94:71:7d:3f:bd:00:b2:4d:3a:94:22:42:
                    9e:4d:51:b9:dc:40:ac:dc:5f:d7:b7:06:e6:2e:aa:
                    65:7f:c9:f6:6f:17:db:ab:5f:6e:1b:ac:df:8b:62:
                    a1:98:86:52:8f:d8:b2:4c:98:d4:08:b8:43:b5:f2:
                    d5:92:6a:73:68:67:5b:a5:16:48:5d:1a:0e:2c:b1:
                    8a:ea:c6:82:57:53:29:86:aa:b8:91:a0:6d:34:a0:
                    82:e3:6a:fd:1e:e4:37:12:e7:2d:12:28:4e:be:16:
                    a4:0a:8e:1d:62:38:4b:42:7b:08:5a:8b:33:96:55:
                    1f:87:45:ec:8b:28:9d:ea:13:b5:15:ce:89:1d:8e:
                    25:54:0f:0e:c6:99:1f:58:ae:64:b8:79:62:9c:eb:
                    40:bb:b6:99:9a:e2:61:aa:66:45:c8:5c:6f:b0:e8:
                    3b:bc:b9:b4:d4:c1:5f:d3:f8:df:32:dd:80:33:31:
                    bc:97:28:ef:ed:1e:83:cd:11:7d:a9:75:66:03:71:
                    64:bd:c5:30:cc:a1:97:6a:47:12:de:4a:e0:92:b5:
                    b1:a1:5a:fb:e8:04:31:b1:7a:2e:ad:ef:4f:1d:de:
                    ac:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C7:26:99:4C:04:6C:0B:DE:B3:80:75:01:E9:33:5A:E1:A2:1F:4A
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vscmmUwEbAves4B1AekzWuGiH0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:4f00::-2a13:b487:50ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9f:e0:f9:f7:ab:d9:25:3a:0a:7c:e7:88:04:39:83:14:ca:6c:
         e0:9e:26:36:cb:7b:52:25:ee:ad:fb:b5:1e:69:b2:4b:47:f6:
         be:ae:5d:aa:b7:3e:c9:fc:5f:cd:22:77:5d:42:29:d9:97:a9:
         b6:97:ce:0c:b9:97:fb:1d:11:6a:19:e9:c7:4e:76:f2:47:08:
         ff:5b:3b:a1:11:b1:15:69:38:7b:18:1c:9a:4a:b2:95:f4:e9:
         53:71:33:de:15:30:f4:03:00:57:7a:8a:3b:b4:18:54:15:57:
         44:7b:05:6a:52:71:ed:f3:5e:31:be:b2:eb:2a:2a:a9:88:7e:
         47:72:47:f6:d4:77:72:98:b9:a5:e6:40:92:0f:cd:75:28:0a:
         90:e6:e3:b7:ff:f4:b5:9c:cd:f6:50:e3:ae:a0:57:7d:44:e1:
         4f:12:34:05:f4:61:ee:47:81:4a:e6:35:15:79:ac:69:f2:f4:
         4f:1d:70:e5:af:97:96:06:c5:59:fd:6a:ce:d6:88:dd:6a:3e:
         2b:27:60:28:da:26:ae:e0:ab:ec:2f:0e:89:8a:b0:c5:aa:2d:
         4c:94:d1:cb:95:60:c2:a1:6e:d9:ff:f5:86:4d:04:8c:0d:4c:
         f9:bd:ec:c0:77:38:33:4f:dd:3c:bc:bd:7d:22:7d:c5:2c:8f:
         52:76:de:35
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtzgcJoMtJWk3eNlBOLmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWM3MjY5OTRjMDQ2YzBiZGViMzgwNzUwMWU5MzM1YWUxYTIxZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7YqWSRzm9n4FvM14Y9ZrR7ElX/Lc
NQboSl2rSIhn/reUcX0/vQCyTTqUIkKeTVG53ECs3F/XtwbmLqplf8n2bxfbq19u
G6zfi2KhmIZSj9iyTJjUCLhDtfLVkmpzaGdbpRZIXRoOLLGK6saCV1Mphqq4kaBt
NKCC42r9HuQ3EuctEihOvhakCo4dYjhLQnsIWoszllUfh0Xsiyid6hO1Fc6JHY4l
VA8OxpkfWK5kuHlinOtAu7aZmuJhqmZFyFxvsOg7vLm01MFf0/jfMt2AMzG8lyjv
7R6DzRF9qXVmA3FkvcUwzKGXakcS3krgkrWxoVr76AQxsXoure9PHd6s+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL7HJplMBGwL3rOAdQHpM1rhoh9KMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvdnNjbW1Vd0ViQXZlczRCMUFla3pXdUdpSDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgAqE7SH
TwMGACoTtIdQMA0GCSqGSIb3DQEBCwUAA4IBAQCf4Pn3q9klOgp854gEOYMUymzg
niY2y3tSJe6t+7UeabJLR/a+rl2qtz7J/F/NInddQinZl6m2l84MuZf7HRFqGenH
TnbyRwj/WzuhEbEVaTh7GByaSrKV9OlTcTPeFTD0AwBXeoo7tBhUFVdEewVqUnHt
814xvrLrKiqpiH5Hckf21HdymLml5kCSD811KAqQ5uO3//S1nM32UOOuoFd9ROFP
EjQF9GHuR4FK5jUVeaxp8vRPHXDlr5eWBsVZ/WrO1ojdaj4rJ2Ao2iau4KvsLw6J
irDFqi1MlNHLlWDCoW7Z//WGTQSMDUz5vezAdzgzT908vL19In3FLI9Sdt41
-----END CERTIFICATE-----