Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Kjl9IFs75CXTayAeWCOq2m5AJiY.roa
File:                     Kjl9IFs75CXTayAeWCOq2m5AJiY.roa (raw, json)
Hash identifier:          WqkdX9arsh2/RTQYn/E3qcnf5h065ZWtmGmY4TTOv+E=
Subject key identifier:   2A:39:7D:20:5B:3B:E4:25:D3:6B:20:1E:58:23:AA:DA:6E:40:26:26
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D0EB7C1852A7D08E487802482BA3
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Kjl9IFs75CXTayAeWCOq2m5AJiY.roa
Signing time:             Mon 01 Jan 2024 20:30:49 +0000
ROA not before:           Mon 01 Jan 2024 20:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a0c:9a44:cf::/48 maxlen: 48
                          2a0e:7d41:8888::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d0:eb:7c:18:52:a7:d0:8e:48:78:02:48:2b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a397d205b3be425d36b201e5823aada6e402626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fb:0b:3d:1e:92:78:7f:2f:eb:58:d5:b2:b2:
                    2d:f5:86:ef:4a:6c:a9:4b:03:1c:d1:ba:1b:9b:6e:
                    ba:3f:bd:27:a6:e4:f5:26:19:c5:b7:e6:87:48:f3:
                    34:eb:b1:e3:b7:42:ea:41:56:f4:39:d8:9f:05:4f:
                    23:c2:68:17:9a:99:a7:4f:82:e4:41:0d:6b:bc:47:
                    a3:88:5b:59:0a:09:b1:39:43:d4:7a:e5:83:ef:46:
                    b4:80:0a:0b:79:18:17:dd:49:4e:21:cb:9a:a2:10:
                    98:cd:16:4b:4b:4e:11:19:90:98:84:50:ae:c8:74:
                    cd:45:c6:59:56:57:37:3b:f4:b9:c0:bb:e3:e3:06:
                    0e:06:e0:06:f3:3a:20:bd:30:71:27:69:1f:4b:e3:
                    f5:7c:de:3a:f7:d2:a5:5e:f8:42:f4:a4:34:1c:47:
                    c1:50:c9:03:e0:5f:70:6b:97:77:91:aa:a8:4d:b4:
                    45:bf:63:cb:32:99:39:72:ec:6f:49:f4:05:61:3c:
                    b7:06:09:a9:d1:97:78:34:63:b9:16:5a:fc:cc:51:
                    e2:87:13:25:4e:4d:a9:ce:cb:df:4f:c4:33:d2:43:
                    46:34:6f:eb:23:81:14:6a:80:0d:92:e8:de:08:07:
                    b3:d8:11:42:b2:97:53:c3:83:d6:73:cd:f3:a8:72:
                    b6:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:39:7D:20:5B:3B:E4:25:D3:6B:20:1E:58:23:AA:DA:6E:40:26:26
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Kjl9IFs75CXTayAeWCOq2m5AJiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a44:cf::/48
                  2a0e:7d41:8888::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:6b:9b:82:18:24:6c:88:aa:8a:03:23:d2:ae:d3:a8:bb:68:
         f4:48:d5:8d:bc:ec:af:47:01:5b:8f:3a:c8:b5:a2:8c:10:48:
         b9:3a:44:89:21:35:e0:32:9c:7f:db:11:1d:e9:0f:18:8f:b3:
         97:e8:c7:e1:90:b8:64:79:97:9d:3d:93:43:f2:12:d9:70:4e:
         9d:0f:3d:dc:95:b5:41:8c:4b:7d:23:0c:d3:57:ed:fb:f6:19:
         69:91:b7:fc:73:20:ab:a2:fc:e7:38:2c:8b:24:6e:8b:d5:7b:
         94:cb:1f:25:e1:d3:ee:f8:f1:4b:91:63:91:f4:6b:87:b4:67:
         d9:65:29:91:d6:12:f2:64:78:56:22:e1:a6:e8:0f:d2:62:51:
         87:89:f2:f9:1e:90:1a:ca:50:eb:d4:27:11:94:c5:ba:02:41:
         0e:52:21:d8:c1:8c:44:0e:ff:cd:e5:f0:b6:0e:b9:02:b0:af:
         af:eb:53:35:a1:e0:b7:71:a3:b0:4f:86:13:c3:eb:38:34:12:
         d2:8b:2a:c0:27:c3:89:fe:9a:f3:d1:70:b9:d6:b6:a2:04:b3:
         70:e7:f1:f3:cd:8b:b8:82:47:7e:a4:ac:b6:5a:74:fe:00:34:
         b8:48:85:a7:9e:40:ad:37:45:dc:07:18:be:d0:5b:12:21:a4:
         cc:76:e3:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuNDrfBhSp9COSHgCSCujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTM5N2QyMDViM2JlNDI1ZDM2YjIwMWU1ODIzYWFkYTZlNDAyNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfsLPR6SeH8v61jVsrIt9YbvSmyp
SwMc0bobm266P70npuT1JhnFt+aHSPM067Hjt0LqQVb0OdifBU8jwmgXmpmnT4Lk
QQ1rvEejiFtZCgmxOUPUeuWD70a0gAoLeRgX3UlOIcuaohCYzRZLS04RGZCYhFCu
yHTNRcZZVlc3O/S5wLvj4wYOBuAG8zogvTBxJ2kfS+P1fN4699KlXvhC9KQ0HEfB
UMkD4F9wa5d3kaqoTbRFv2PLMpk5cuxvSfQFYTy3Bgmp0Zd4NGO5Flr8zFHihxMl
Tk2pzsvfT8Qz0kNGNG/rI4EUaoANkujeCAez2BFCspdTw4PWc83zqHK27wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCo5fSBbO+Ql02sgHlgjqtpuQCYmMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvS2psOUlGczc1Q1hUYXlBZVdDT3EybTVBSmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgyaRADP
AwcAKg59QYiIMA0GCSqGSIb3DQEBCwUAA4IBAQBYa5uCGCRsiKqKAyPSrtOou2j0
SNWNvOyvRwFbjzrItaKMEEi5OkSJITXgMpx/2xEd6Q8Yj7OX6MfhkLhkeZedPZND
8hLZcE6dDz3clbVBjEt9IwzTV+379hlpkbf8cyCrovznOCyLJG6L1XuUyx8l4dPu
+PFLkWOR9GuHtGfZZSmR1hLyZHhWIuGm6A/SYlGHifL5HpAaylDr1CcRlMW6AkEO
UiHYwYxEDv/N5fC2DrkCsK+v61M1oeC3caOwT4YTw+s4NBLSiyrAJ8OJ/prz0XC5
1raiBLNw5/HzzYu4gkd+pKy2WnT+ADS4SIWnnkCtN0XcBxi+0FsSIaTMduPT
-----END CERTIFICATE-----