Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vvqrVx6MEgbucf7NrZod7R1_Wsc.roa
File:                     vvqrVx6MEgbucf7NrZod7R1_Wsc.roa (raw, json)
Hash identifier:          fJXSO/96x3K2jI5YAOMP25YdNvp5abo8niLPxxKDkdQ=
Subject key identifier:   BE:FA:AB:57:1E:8C:12:06:EE:71:FE:CD:AD:9A:1D:ED:1D:7F:5A:C7
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       018CC3B73E514547F175550EC3BC8FE44363
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vvqrVx6MEgbucf7NrZod7R1_Wsc.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211390
IP address blocks:        2a13:b487:1600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3e:51:45:47:f1:75:55:0e:c3:bc:8f:e4:43:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=befaab571e8c1206ee71fecdad9a1ded1d7f5ac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:33:83:30:fb:5b:41:d3:44:a3:dd:18:9b:f5:
                    b0:b6:92:34:e9:c8:15:3b:85:a9:d7:d0:30:2f:db:
                    ca:97:2e:57:78:d6:b8:16:44:19:1f:19:84:ad:7f:
                    dd:eb:d3:f3:4f:e6:ed:c5:7f:d6:ce:b2:7a:df:6a:
                    87:78:9a:1c:af:70:d9:95:04:75:c3:04:8d:98:45:
                    3d:48:b0:a2:71:38:08:dd:64:04:c2:a8:13:b7:fa:
                    c2:f5:d3:7d:52:8a:3e:00:af:54:ea:01:5a:c5:0c:
                    ed:a8:6f:e5:9d:eb:3c:02:ed:fd:54:e1:42:dd:df:
                    6d:96:f3:54:c9:30:4a:c9:d1:d1:1a:5c:ea:f8:8d:
                    62:78:78:d4:86:98:dd:b1:ab:c8:c7:fa:52:fa:07:
                    aa:02:24:ea:26:c9:5a:37:96:69:87:01:73:87:8b:
                    2f:bc:1a:26:15:6b:98:ba:67:24:cb:c3:7e:81:c5:
                    86:d7:e5:51:14:69:98:00:c2:db:f1:2c:17:b1:da:
                    72:d1:59:e7:91:11:f2:c2:4c:04:6f:b4:e6:c7:e2:
                    1b:77:b5:5f:b2:b9:76:c7:65:1a:3b:a8:da:9f:5a:
                    cd:f4:54:35:0f:93:62:f3:85:0b:51:e1:fe:ee:bc:
                    75:53:d7:7c:4f:26:e3:a2:bf:0b:a7:c8:f1:e3:e6:
                    94:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:FA:AB:57:1E:8C:12:06:EE:71:FE:CD:AD:9A:1D:ED:1D:7F:5A:C7
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/vvqrVx6MEgbucf7NrZod7R1_Wsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1600::/40

    Signature Algorithm: sha256WithRSAEncryption
         d3:7e:89:8f:4e:e7:fe:9c:2c:e2:3e:1e:18:c1:70:8a:82:85:
         77:55:7e:4b:c2:72:8a:e6:09:ab:79:b1:e6:e0:e8:46:c2:cf:
         5c:4b:55:16:c5:20:e5:ca:da:39:7d:76:8f:c7:fd:c5:39:c3:
         75:70:b7:ff:72:42:64:08:fd:35:08:41:f1:14:6a:82:df:74:
         35:a0:52:ab:68:eb:e1:f2:5d:32:23:cd:87:19:d5:24:f2:38:
         2b:e3:22:93:a0:a8:4b:27:2a:2f:4e:76:8a:13:c5:94:6c:06:
         4d:30:df:24:cb:12:6c:b4:06:94:12:fc:e6:f7:0c:f5:76:9e:
         11:dd:7d:73:0d:e0:6d:0c:b9:ae:98:e1:db:64:80:d4:26:5d:
         71:1a:13:25:43:5d:14:fc:87:25:5e:fe:a0:96:ff:2e:d5:8d:
         9c:df:4e:50:7b:e4:85:b3:8b:bf:ee:36:6d:f9:f5:01:0f:04:
         90:41:eb:0a:af:7a:1c:56:b1:91:7f:c5:29:22:81:79:d3:4b:
         be:94:e6:86:56:d6:a9:92:d4:6c:df:cb:67:14:50:51:14:31:
         da:11:11:64:91:42:30:52:3a:81:8e:a2:68:00:3e:2e:4d:6b:
         3c:c9:52:3c:cb:c8:0a:ce:ff:fa:11:94:26:b9:90:10:1d:93:
         a5:ad:0e:be
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtz5RRUfxdVUOw7yP5ENjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWZhYWI1NzFlOGMxMjA2ZWU3MWZlY2RhZDlhMWRlZDFkN2Y1YWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTODMPtbQdNEo90Ym/WwtpI06cgV
O4Wp19AwL9vKly5XeNa4FkQZHxmErX/d69PzT+btxX/WzrJ632qHeJocr3DZlQR1
wwSNmEU9SLCicTgI3WQEwqgTt/rC9dN9Uoo+AK9U6gFaxQztqG/lnes8Au39VOFC
3d9tlvNUyTBKydHRGlzq+I1ieHjUhpjdsavIx/pS+geqAiTqJslaN5ZphwFzh4sv
vBomFWuYumcky8N+gcWG1+VRFGmYAMLb8SwXsdpy0VnnkRHywkwEb7Tmx+Ibd7Vf
srl2x2UaO6jan1rN9FQ1D5Ni84ULUeH+7rx1U9d8Tybjor8Lp8jx4+aU5QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL76q1cejBIG7nH+za2aHe0df1rHMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvdnZxclZ4Nk1FZ2J1Y2Y3TnJab2Q3UjFfV3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxYw
DQYJKoZIhvcNAQELBQADggEBANN+iY9O5/6cLOI+HhjBcIqChXdVfkvCcormCat5
sebg6EbCz1xLVRbFIOXK2jl9do/H/cU5w3Vwt/9yQmQI/TUIQfEUaoLfdDWgUqto
6+HyXTIjzYcZ1STyOCvjIpOgqEsnKi9OdooTxZRsBk0w3yTLEmy0BpQS/Ob3DPV2
nhHdfXMN4G0Mua6Y4dtkgNQmXXEaEyVDXRT8hyVe/qCW/y7VjZzfTlB75IWzi7/u
Nm359QEPBJBB6wqvehxWsZF/xSkigXnTS76U5oZW1qmS1Gzfy2cUUFEUMdoREWSR
QjBSOoGOomgAPi5NazzJUjzLyArO//oRlCa5kBAdk6WtDr4=
-----END CERTIFICATE-----