Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/dv_hdhKmNcG3g9PDlTptR-b6SNI.roa
File:                     dv_hdhKmNcG3g9PDlTptR-b6SNI.roa (raw, json)
Hash identifier:          NKFcq5dMibVZo7nmCDskHuZlWTOxMis6i1PIGlC56oA=
Subject key identifier:   76:FF:E1:76:12:A6:35:C1:B7:83:D3:C3:95:3A:6D:47:E6:FA:48:D2
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018E70CBC08D7B3E5F6781798CB580E9B38D
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/dv_hdhKmNcG3g9PDlTptR-b6SNI.roa
Signing time:             Sun 24 Mar 2024 14:09:45 +0000
ROA not before:           Sun 24 Mar 2024 14:09:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197715
IP address blocks:        2a0c:9a40:83e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:70:cb:c0:8d:7b:3e:5f:67:81:79:8c:b5:80:e9:b3:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Mar 24 14:09:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76ffe17612a635c1b783d3c3953a6d47e6fa48d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6f:0f:24:f7:15:ae:7e:7d:59:19:65:48:74:
                    ae:03:df:a1:7a:5e:b8:4f:96:2c:c4:39:44:cd:6e:
                    bb:4d:0d:fb:5a:ae:83:9c:e4:c6:35:82:7b:09:6f:
                    52:a1:6a:e6:60:93:a9:cc:0c:d0:64:34:04:8f:b7:
                    b7:37:e4:26:e3:a8:16:f5:97:29:1b:46:50:0a:05:
                    d3:aa:86:3c:39:ae:7c:e8:34:b3:2f:df:8a:b8:e7:
                    22:03:93:40:10:48:8f:cc:a4:68:b1:69:34:9a:b3:
                    cf:c0:18:c9:b8:7c:ca:fc:ff:23:98:7d:e3:2e:4a:
                    8d:b1:3e:72:b4:c2:2f:1d:94:02:a8:95:ff:4e:44:
                    51:17:ef:3f:1f:e3:1f:33:5a:a4:94:33:f6:c7:46:
                    25:2c:55:04:94:5f:72:f7:53:6a:e2:82:49:1d:64:
                    b9:42:ab:84:77:1f:c2:c7:ef:05:2d:3f:0f:d9:51:
                    a4:b2:b4:4f:dd:70:cb:9e:b1:87:a7:dc:c5:15:4d:
                    59:1b:1a:92:b9:b7:23:cb:19:ce:3a:3d:69:06:31:
                    86:ad:0e:b5:61:34:f7:6a:1f:6a:73:49:63:38:a8:
                    0e:a1:1c:c0:b0:f4:ca:d9:84:c5:b5:63:cc:f7:e1:
                    19:d8:2d:ca:c6:1b:18:7a:83:45:b8:81:87:2e:b7:
                    f3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FF:E1:76:12:A6:35:C1:B7:83:D3:C3:95:3A:6D:47:E6:FA:48:D2
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/dv_hdhKmNcG3g9PDlTptR-b6SNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:83e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:92:d9:18:69:91:85:5a:d6:25:20:0f:68:56:23:ef:35:82:
         7f:e8:0a:18:76:d2:b2:7f:3f:29:d8:8f:2f:c3:ad:e2:ab:08:
         1b:af:79:17:0d:a2:6d:ef:06:2a:e6:0e:92:d5:4d:1f:32:0a:
         38:b7:dc:a9:ad:1c:e7:56:bd:b6:e6:4e:cc:ea:2d:8d:42:b4:
         52:02:6b:03:74:33:ec:d0:d7:1b:5d:cc:fd:1e:03:16:c8:ad:
         40:e5:37:34:f9:89:ac:8b:c8:1f:ea:98:00:e7:53:25:a7:42:
         f4:1b:6a:bf:d3:07:80:95:37:4c:2d:02:91:5d:4f:22:a4:b0:
         ed:f7:30:c9:f0:3c:de:2e:96:6a:3e:c4:5d:1c:1a:53:79:f9:
         df:6e:67:12:67:8f:c7:fd:47:65:2d:9a:22:5a:b1:13:63:16:
         b8:66:1b:86:c3:df:27:44:6d:e6:38:82:73:ee:da:6f:f5:57:
         55:e3:a3:1e:8c:df:1a:e8:88:ac:c6:fc:26:23:56:c3:50:90:
         98:b5:1e:c1:55:6e:92:fc:77:61:4b:c9:7c:c4:0d:0f:c8:04:
         34:95:06:42:fd:81:67:16:11:9b:b4:a3:df:40:a6:4f:3d:d5:
         d6:8e:bb:be:ed:98:0a:11:fc:08:89:33:2e:1f:fb:5e:46:40:
         21:3d:0f:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5wy8CNez5fZ4F5jLWA6bONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMzI0MTQwOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmZmZTE3NjEyYTYzNWMxYjc4M2QzYzM5NTNhNmQ0N2U2ZmE0OGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm8PJPcVrn59WRllSHSuA9+hel64
T5YsxDlEzW67TQ37Wq6DnOTGNYJ7CW9SoWrmYJOpzAzQZDQEj7e3N+Qm46gW9Zcp
G0ZQCgXTqoY8Oa586DSzL9+KuOciA5NAEEiPzKRosWk0mrPPwBjJuHzK/P8jmH3j
LkqNsT5ytMIvHZQCqJX/TkRRF+8/H+MfM1qklDP2x0YlLFUElF9y91Nq4oJJHWS5
QquEdx/Cx+8FLT8P2VGksrRP3XDLnrGHp9zFFU1ZGxqSubcjyxnOOj1pBjGGrQ61
YTT3ah9qc0ljOKgOoRzAsPTK2YTFtWPM9+EZ2C3KxhsYeoNFuIGHLrfzlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHb/4XYSpjXBt4PTw5U6bUfm+kjSMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvZHZfaGRoS21OY0czZzlQRGxUcHRSLWI2U05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIPg
MA0GCSqGSIb3DQEBCwUAA4IBAQACktkYaZGFWtYlIA9oViPvNYJ/6AoYdtKyfz8p
2I8vw63iqwgbr3kXDaJt7wYq5g6S1U0fMgo4t9yprRznVr225k7M6i2NQrRSAmsD
dDPs0NcbXcz9HgMWyK1A5Tc0+Ymsi8gf6pgA51Mlp0L0G2q/0weAlTdMLQKRXU8i
pLDt9zDJ8DzeLpZqPsRdHBpTefnfbmcSZ4/H/UdlLZoiWrETYxa4ZhuGw98nRG3m
OIJz7tpv9VdV46MejN8a6IisxvwmI1bDUJCYtR7BVW6S/HdhS8l8xA0PyAQ0lQZC
/YFnFhGbtKPfQKZPPdXWjru+7ZgKEfwIiTMuH/teRkAhPQ/C
-----END CERTIFICATE-----