Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8928f1-8618-4c19-9f3d-4b8793db7460/1/b06iVp-p0elqRYHnyWzt0QnUbbg.roa
File:                     b06iVp-p0elqRYHnyWzt0QnUbbg.roa (raw, json)
Hash identifier:          KuhhONAuaD2IE5Uj0npmBru3e2WAVAA/5ZdquYX45zg=
Subject key identifier:   6F:4E:A2:56:9F:A9:D1:E9:6A:45:81:E7:C9:6C:ED:D1:09:D4:6D:B8
Certificate issuer:       /CN=9c620f31b4997c7345bc66b46b43d686bf00931a
Certificate serial:       018CC6B905D9DD45240FC841ADCE401F6284
Authority key identifier: 9C:62:0F:31:B4:99:7C:73:45:BC:66:B4:6B:43:D6:86:BF:00:93:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nGIPMbSZfHNFvGa0a0PWhr8Akxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8928f1-8618-4c19-9f3d-4b8793db7460/1/b06iVp-p0elqRYHnyWzt0QnUbbg.roa
Signing time:             Mon 01 Jan 2024 20:31:03 +0000
ROA not before:           Mon 01 Jan 2024 20:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20618
IP address blocks:        213.132.0.0/19 maxlen: 19
                          2a02:4bc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8928f1-8618-4c19-9f3d-4b8793db7460/1/nGIPMbSZfHNFvGa0a0PWhr8Akxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8928f1-8618-4c19-9f3d-4b8793db7460/1/nGIPMbSZfHNFvGa0a0PWhr8Akxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nGIPMbSZfHNFvGa0a0PWhr8Akxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:05:d9:dd:45:24:0f:c8:41:ad:ce:40:1f:62:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c620f31b4997c7345bc66b46b43d686bf00931a
        Validity
            Not Before: Jan  1 20:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f4ea2569fa9d1e96a4581e7c96cedd109d46db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:49:86:aa:c2:9a:a3:a9:cd:93:a6:4b:47:3b:
                    d0:19:c5:7e:df:79:3a:35:b6:9d:00:b1:40:af:1c:
                    34:aa:bf:b2:0b:1a:6c:e7:6e:17:af:e4:03:c5:c5:
                    b9:55:9e:29:d6:0e:72:37:25:b3:85:5f:45:83:79:
                    87:33:41:33:fc:d7:74:e5:a4:4e:e3:af:cc:86:ab:
                    fb:a4:3b:f2:c4:0d:b9:33:7a:84:40:8c:b3:2a:dd:
                    4e:78:12:72:7f:b5:09:ab:c4:8c:2b:26:58:16:83:
                    53:2a:36:9b:06:b1:75:8b:fe:18:53:f6:04:81:57:
                    42:6a:0b:d5:3b:83:38:e5:f8:ff:67:ce:2b:89:fc:
                    12:dc:85:69:1f:7c:23:4f:4e:a0:8f:20:8a:1e:ee:
                    4b:96:c0:c0:f2:ed:da:29:06:d5:82:a2:38:ca:08:
                    97:29:50:e1:6d:d6:9d:8e:3f:4f:18:c7:71:96:1a:
                    f1:7a:a7:a7:3f:7f:c5:ce:5f:88:3a:b3:ee:f1:91:
                    8b:49:89:fc:d7:86:c6:e5:09:9d:ae:e0:f8:25:44:
                    f5:8f:43:3c:f3:4e:1d:01:a3:1d:36:a5:51:25:87:
                    31:61:ae:8f:6f:dc:00:51:5a:65:e3:08:cf:09:e7:
                    2f:bc:07:3f:b6:94:e9:05:b7:ce:6a:0b:39:67:bf:
                    b3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:4E:A2:56:9F:A9:D1:E9:6A:45:81:E7:C9:6C:ED:D1:09:D4:6D:B8
            X509v3 Authority Key Identifier:
                keyid:9C:62:0F:31:B4:99:7C:73:45:BC:66:B4:6B:43:D6:86:BF:00:93:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nGIPMbSZfHNFvGa0a0PWhr8Akxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8928f1-8618-4c19-9f3d-4b8793db7460/1/b06iVp-p0elqRYHnyWzt0QnUbbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8928f1-8618-4c19-9f3d-4b8793db7460/1/nGIPMbSZfHNFvGa0a0PWhr8Akxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.132.0.0/19
                IPv6:
                  2a02:4bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:cd:fc:b0:3a:d9:0a:e6:04:f1:ec:da:d8:1f:43:3e:a3:8c:
         66:34:bd:76:4f:ba:b2:da:8b:27:de:3e:bd:8a:b2:05:bf:9d:
         9a:f9:cb:37:b3:5b:80:3e:d6:bb:db:49:1f:d1:46:68:8e:e3:
         0d:ba:6f:94:e2:a3:81:1b:f7:ce:2a:a4:32:0c:50:ca:a0:1d:
         79:2c:0b:1b:86:e2:5a:f3:2c:d8:7a:cb:95:cd:11:3d:c6:08:
         f4:dd:33:d2:f5:0a:95:de:a4:7a:33:a7:7c:ce:4d:3b:d0:e7:
         72:ba:19:10:c4:9d:a0:1a:a0:02:13:bb:62:06:90:e5:ec:5a:
         be:e2:9b:26:a9:fc:a0:6a:13:43:43:d5:27:da:c3:04:1b:7a:
         d1:bf:00:db:0e:f5:b0:e0:3b:ed:81:d3:95:56:d2:64:19:cb:
         c7:9f:cd:44:e8:08:05:0f:00:08:63:85:31:c4:ed:f3:51:73:
         ca:43:b6:bd:ab:49:3b:bf:21:9a:ff:57:5a:5c:3c:fb:e8:78:
         31:64:4c:ae:0e:81:59:11:0c:15:dc:b4:dd:a3:b1:ee:83:30:
         45:70:87:42:d3:8b:2a:cf:89:f4:61:43:10:15:15:02:1e:bc:
         be:d4:a4:63:8c:16:9e:6b:6b:3c:77:aa:6d:8e:86:b5:ed:49:
         35:b5:59:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuQXZ3UUkD8hBrc5AH2KEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNjIwZjMxYjQ5OTdjNzM0NWJjNjZiNDZiNDNkNjg2YmYw
MDkzMWEwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjRlYTI1NjlmYTlkMWU5NmE0NTgxZTdjOTZjZWRkMTA5ZDQ2ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0mGqsKao6nNk6ZLRzvQGcV+33k6
NbadALFArxw0qr+yCxps524Xr+QDxcW5VZ4p1g5yNyWzhV9Fg3mHM0Ez/Nd05aRO
46/Mhqv7pDvyxA25M3qEQIyzKt1OeBJyf7UJq8SMKyZYFoNTKjabBrF1i/4YU/YE
gVdCagvVO4M45fj/Z84rifwS3IVpH3wjT06gjyCKHu5LlsDA8u3aKQbVgqI4ygiX
KVDhbdadjj9PGMdxlhrxeqenP3/Fzl+IOrPu8ZGLSYn814bG5QmdruD4JUT1j0M8
804dAaMdNqVRJYcxYa6Pb9wAUVpl4wjPCecvvAc/tpTpBbfOags5Z7+z+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG9OolafqdHpakWB58ls7dEJ1G24MB8GA1UdIwQY
MBaAFJxiDzG0mXxzRbxmtGtD1oa/AJMaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkdJUE1iU1pmSE5GdkdhMGEwUFdocjhBa3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84OTI4ZjEtODYxOC00YzE5LTlmM2Qt
NGI4NzkzZGI3NDYwLzEvYjA2aVZwLXAwZWxxUllIbnlXenQwUW5VYmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84OTI4ZjEtODYxOC00YzE5LTlmM2QtNGI4NzkzZGI3NDYw
LzEvbkdJUE1iU1pmSE5GdkdhMGEwUFdocjhBa3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1YQAMA0E
AgACMAcDBQAqAkvAMA0GCSqGSIb3DQEBCwUAA4IBAQACzfywOtkK5gTx7NrYH0M+
o4xmNL12T7qy2osn3j69irIFv52a+cs3s1uAPta720kf0UZojuMNum+U4qOBG/fO
KqQyDFDKoB15LAsbhuJa8yzYesuVzRE9xgj03TPS9QqV3qR6M6d8zk070OdyuhkQ
xJ2gGqACE7tiBpDl7Fq+4psmqfygahNDQ9Un2sMEG3rRvwDbDvWw4DvtgdOVVtJk
GcvHn81E6AgFDwAIY4UxxO3zUXPKQ7a9q0k7vyGa/1daXDz76HgxZEyuDoFZEQwV
3LTdo7HugzBFcIdC04sqz4n0YUMQFRUCHry+1KRjjBaea2s8d6ptjoa17Uk1tVkb
-----END CERTIFICATE-----