Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6_9QDbVP5qrgT3MDHZPD-TgwyjM.roa
File:                     6_9QDbVP5qrgT3MDHZPD-TgwyjM.roa (raw, json)
Hash identifier:          KNEn6mkyDUlEo3s153xYwuOJJ3o0vlN9hiu6DDMs1j0=
Subject key identifier:   EB:FF:50:0D:B5:4F:E6:AA:E0:4F:73:03:1D:93:C3:F9:38:30:CA:33
Certificate issuer:       /CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
Certificate serial:       018CC86EEF29B553FCAA1BE84A1663F29E44
Authority key identifier: EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6_9QDbVP5qrgT3MDHZPD-TgwyjM.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     131642
IP address blocks:        2a13:2200::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ef:29:b5:53:fc:aa:1b:e8:4a:16:63:f2:9e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebff500db54fe6aae04f73031d93c3f93830ca33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:44:6e:23:9d:8e:45:4d:83:3d:8d:b2:65:d4:
                    e7:36:1a:6c:8d:09:a6:7a:2e:8b:c8:95:08:33:fe:
                    10:bc:cd:53:da:85:9a:85:a5:ae:8c:8c:d4:f3:f3:
                    1e:22:a1:81:2e:33:98:fc:99:ee:cc:48:7f:d0:9d:
                    b8:88:d4:4b:9b:87:d3:b3:ab:fd:58:59:8e:45:19:
                    14:7e:30:23:6a:0f:9a:d4:99:61:25:47:cc:98:53:
                    13:ad:89:3d:52:49:fe:87:af:80:e3:23:ac:9c:1b:
                    c6:3d:0b:eb:84:fb:55:aa:5e:0e:bc:52:a4:1c:81:
                    48:05:7d:b6:55:0c:d1:e5:32:2c:d2:60:2b:aa:c1:
                    22:51:09:bf:24:da:90:64:96:e8:5d:58:71:4a:3b:
                    8c:f5:08:ec:9b:2f:48:ef:ea:eb:f8:f9:66:2d:46:
                    55:ac:46:3b:9c:f9:d4:ef:41:49:cc:ea:ee:9a:08:
                    26:a8:af:01:7e:6a:d6:e2:bb:65:f5:56:83:63:3e:
                    45:3d:75:33:ed:13:42:6e:05:89:71:ed:19:9b:69:
                    ec:d0:99:b9:8a:da:f6:9d:48:6e:14:68:84:0e:b0:
                    21:82:79:e8:7a:91:53:14:8a:0f:de:3c:3e:61:71:
                    50:98:c2:d4:e3:37:f3:1b:6b:68:f7:af:57:25:ee:
                    2a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:FF:50:0D:B5:4F:E6:AA:E0:4F:73:03:1D:93:C3:F9:38:30:CA:33
            X509v3 Authority Key Identifier:
                keyid:EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6_9QDbVP5qrgT3MDHZPD-TgwyjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2200::/47

    Signature Algorithm: sha256WithRSAEncryption
         08:e3:07:03:5c:3c:fd:9a:29:11:41:60:31:33:4f:37:bb:9f:
         79:a1:dc:32:57:1b:d2:30:02:d0:a3:87:10:68:c3:78:4a:3a:
         ab:23:a7:43:f1:bb:65:e8:91:8f:fd:bd:ab:41:1e:76:15:9e:
         67:c8:86:10:d3:59:68:86:27:fc:44:fd:04:99:f6:0f:ed:b9:
         9d:26:75:9c:43:5f:35:48:fb:f1:ba:2d:b7:67:1a:9e:0f:53:
         cb:6b:ac:62:00:ce:f7:b5:aa:b1:03:b5:d9:5e:6b:a0:42:d1:
         12:72:8a:51:c8:2c:5a:46:87:26:3d:a7:f1:ce:79:da:08:2a:
         71:c4:74:64:b7:15:41:13:28:9e:df:23:c2:79:99:54:15:61:
         10:ae:da:07:ab:9e:1f:6b:fc:3f:a6:7f:b9:34:14:07:63:0d:
         8a:56:dd:a2:ed:2c:7a:22:cb:b1:0f:21:57:59:d7:7f:35:21:
         fa:c7:31:0c:ae:29:e9:52:13:d1:fa:d7:fb:2a:e1:1f:19:ff:
         64:5a:82:e1:c3:7b:a6:a9:d2:a9:85:f5:7e:f9:9c:88:93:1c:
         ee:07:7b:de:4c:b8:86:33:d5:da:3d:ba:c4:76:ab:85:30:fc:
         17:00:49:bb:d8:0e:aa:fc:2b:5f:8a:33:c7:f4:b0:b9:75:d5:
         b9:72:91:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbu8ptVP8qhvoShZj8p5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmQxMDJiNjExMmIwZDlhOGI4ZWViYWM0Yjk3YzgxOWY5
N2M2MDYwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmZmNTAwZGI1NGZlNmFhZTA0ZjczMDMxZDkzYzNmOTM4MzBjYTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmERuI52ORU2DPY2yZdTnNhpsjQmm
ei6LyJUIM/4QvM1T2oWahaWujIzU8/MeIqGBLjOY/JnuzEh/0J24iNRLm4fTs6v9
WFmORRkUfjAjag+a1JlhJUfMmFMTrYk9Ukn+h6+A4yOsnBvGPQvrhPtVql4OvFKk
HIFIBX22VQzR5TIs0mArqsEiUQm/JNqQZJboXVhxSjuM9Qjsmy9I7+rr+PlmLUZV
rEY7nPnU70FJzOrumggmqK8BfmrW4rtl9VaDYz5FPXUz7RNCbgWJce0Zm2ns0Jm5
itr2nUhuFGiEDrAhgnnoepFTFIoP3jw+YXFQmMLU4zfzG2to969XJe4qyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOv/UA21T+aq4E9zAx2Tw/k4MMozMB8GA1UdIwQY
MBaAFOotECthErDZqLjuusS5fIGfl8YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEt
YjgyOWNjNDAxMDMxLzEvNl85UURiVlA1cXJnVDNNREhaUEQtVGd3eWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEtYjgyOWNjNDAxMDMx
LzEvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhMiAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAI4wcDXDz9mikRQWAxM083u595odwyVxvSMALQ
o4cQaMN4SjqrI6dD8btl6JGP/b2rQR52FZ5nyIYQ01lohif8RP0EmfYP7bmdJnWc
Q181SPvxui23ZxqeD1PLa6xiAM73taqxA7XZXmugQtEScopRyCxaRocmPafxznna
CCpxxHRktxVBEyie3yPCeZlUFWEQrtoHq54fa/w/pn+5NBQHYw2KVt2i7Sx6Isux
DyFXWdd/NSH6xzEMrinpUhPR+tf7KuEfGf9kWoLhw3umqdKphfV++ZyIkxzuB3ve
TLiGM9XaPbrEdquFMPwXAEm72A6q/CtfijPH9LC5ddW5cpGP
-----END CERTIFICATE-----