Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/KCAKH_j3rSTpqGJF3Lpver6GqsI.roa
File:                     KCAKH_j3rSTpqGJF3Lpver6GqsI.roa (raw, json)
Hash identifier:          5hDTED83zDkbWVpMXRb5LC5dWoXwylCSmxhKf/vtQB8=
Subject key identifier:   28:20:0A:1F:F8:F7:AD:24:E9:A8:62:45:DC:BA:6F:7A:BE:86:AA:C2
Certificate issuer:       /CN=62beaa57c67aeb5bafd99793ab4846850a796c28
Certificate serial:       018CC5DBE0A09F8311BFA5DDDE272499266D
Authority key identifier: 62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/KCAKH_j3rSTpqGJF3Lpver6GqsI.roa
Signing time:             Mon 01 Jan 2024 16:29:30 +0000
ROA not before:           Mon 01 Jan 2024 16:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56687
IP address blocks:        2a13:d000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e0:a0:9f:83:11:bf:a5:dd:de:27:24:99:26:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62beaa57c67aeb5bafd99793ab4846850a796c28
        Validity
            Not Before: Jan  1 16:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28200a1ff8f7ad24e9a86245dcba6f7abe86aac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4b:cd:6c:a8:43:87:cc:53:6f:ee:ff:f9:35:
                    07:cc:18:1a:9b:63:f5:7c:1a:f7:4b:3b:04:43:15:
                    62:fc:61:4f:66:c0:c2:56:43:a6:20:87:17:c9:3c:
                    e2:a6:46:e5:e7:80:22:c9:5e:c1:be:53:80:a9:f5:
                    66:4d:b4:a8:31:e0:0d:4b:1a:68:b5:c1:d9:55:c0:
                    43:c4:74:18:cd:fb:21:84:42:b0:74:65:18:f9:ad:
                    85:23:a7:60:b8:1e:c4:ce:5a:d2:b0:a8:3f:86:2b:
                    4f:a0:86:71:0e:1c:3c:3e:2f:b1:9d:03:43:17:44:
                    d0:63:1d:0f:0c:0e:04:14:20:71:e6:dd:ad:c3:f9:
                    0b:f8:a4:8f:cc:ca:3e:61:42:cf:95:0d:7a:0e:67:
                    4a:64:d3:4e:9a:d3:bf:80:dc:bb:6f:44:d6:c0:91:
                    3d:4c:da:18:ff:a4:ef:f5:d2:cf:ca:3e:60:4c:1d:
                    79:d4:0a:74:18:c8:86:f3:3d:b8:9d:5b:17:7d:94:
                    40:c7:aa:a8:af:04:56:6b:f8:1a:80:02:a1:43:1c:
                    fa:26:39:d6:0a:74:49:d9:9a:ff:f6:25:a3:bf:0e:
                    55:dd:22:64:38:34:7b:2e:c7:ea:9b:67:9b:94:43:
                    04:69:bd:5f:c1:ca:ec:26:c8:e1:df:80:15:7b:3e:
                    3c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:20:0A:1F:F8:F7:AD:24:E9:A8:62:45:DC:BA:6F:7A:BE:86:AA:C2
            X509v3 Authority Key Identifier:
                keyid:62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/KCAKH_j3rSTpqGJF3Lpver6GqsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d000::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:d6:83:37:13:f4:6c:45:ff:d1:76:22:20:44:30:da:17:3c:
         2f:83:fc:48:03:bb:0b:2a:3c:33:55:e3:04:9f:81:26:84:19:
         a6:dc:7c:5f:7c:2a:fa:b0:03:a9:30:48:a2:74:f7:6c:63:e4:
         b5:d9:84:9c:5c:11:09:d1:ba:64:13:73:5e:39:c4:85:ee:05:
         5e:91:6b:0f:64:73:9e:19:cd:e8:4c:2e:95:dc:69:86:7f:57:
         2c:7b:75:c4:db:e3:9c:8e:54:73:74:8f:45:0a:7a:95:98:aa:
         6b:18:c3:33:b3:f0:19:45:d2:c2:47:ae:82:10:2e:aa:8f:5f:
         94:f0:b2:93:5f:4a:23:c4:6f:e3:da:24:1d:13:f0:55:14:6e:
         b6:29:b1:d5:6e:a9:00:18:74:7a:97:64:9e:8e:b2:5e:b8:c3:
         68:3a:21:ce:75:a7:9e:a2:30:99:87:96:38:53:cc:5c:0e:fb:
         ab:85:90:d7:77:41:72:ff:48:4b:32:30:41:57:7a:db:68:5e:
         4c:6b:64:69:23:73:aa:fb:b8:e4:74:ed:5b:67:84:ad:1e:5e:
         cc:6b:e9:86:5b:7a:d6:e7:07:32:aa:1a:fc:a4:a2:34:74:c3:
         cf:00:51:09:f2:24:ec:a2:cb:ef:0d:f4:c6:d6:65:09:72:d4:
         f9:0f:b7:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF2+Cgn4MRv6Xd3ickmSZtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYmVhYTU3YzY3YWViNWJhZmQ5OTc5M2FiNDg0Njg1MGE3
OTZjMjgwHhcNMjQwMTAxMTYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODIwMGExZmY4ZjdhZDI0ZTlhODYyNDVkY2JhNmY3YWJlODZhYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkvNbKhDh8xTb+7/+TUHzBgam2P1
fBr3SzsEQxVi/GFPZsDCVkOmIIcXyTzipkbl54AiyV7BvlOAqfVmTbSoMeANSxpo
tcHZVcBDxHQYzfshhEKwdGUY+a2FI6dguB7EzlrSsKg/hitPoIZxDhw8Pi+xnQND
F0TQYx0PDA4EFCBx5t2tw/kL+KSPzMo+YULPlQ16DmdKZNNOmtO/gNy7b0TWwJE9
TNoY/6Tv9dLPyj5gTB151Ap0GMiG8z24nVsXfZRAx6qorwRWa/gagAKhQxz6JjnW
CnRJ2Zr/9iWjvw5V3SJkODR7Lsfqm2eblEMEab1fwcrsJsjh34AVez48IwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCggCh/4960k6ahiRdy6b3q+hqrCMB8GA1UdIwQY
MBaAFGK+qlfGeutbr9mXk6tIRoUKeWwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUt
OTg4MGYwNGRiOTRhLzEvS0NBS0hfajNyU1RwcUdKRjNMcHZlcjZHcXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUtOTg4MGYwNGRiOTRh
LzEvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPQADAN
BgkqhkiG9w0BAQsFAAOCAQEAPNaDNxP0bEX/0XYiIEQw2hc8L4P8SAO7Cyo8M1Xj
BJ+BJoQZptx8X3wq+rADqTBIonT3bGPktdmEnFwRCdG6ZBNzXjnEhe4FXpFrD2Rz
nhnN6Ewuldxphn9XLHt1xNvjnI5Uc3SPRQp6lZiqaxjDM7PwGUXSwkeughAuqo9f
lPCyk19KI8Rv49okHRPwVRRutimx1W6pABh0epdkno6yXrjDaDohznWnnqIwmYeW
OFPMXA77q4WQ13dBcv9ISzIwQVd622heTGtkaSNzqvu45HTtW2eErR5ezGvphlt6
1ucHMqoa/KSiNHTDzwBRCfIk7KLL7w30xtZlCXLU+Q+3Qg==
-----END CERTIFICATE-----