Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/gqg5m9QIAmBwUF5KLiNiQGXxEn0.roa
File:                     gqg5m9QIAmBwUF5KLiNiQGXxEn0.roa (raw, json)
Hash identifier:          AAHe72sGg03cIdxNutnXzheue6mHYCQ21jTzJ/c+ZHU=
Subject key identifier:   82:A8:39:9B:D4:08:02:60:70:50:5E:4A:2E:23:62:40:65:F1:12:7D
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8EE503565F61D9CF7DAF55DB99735
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/gqg5m9QIAmBwUF5KLiNiQGXxEn0.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211758
IP address blocks:        2a0c:9a40:8260::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ee:50:35:65:f6:1d:9c:f7:da:f5:5d:b9:97:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82a8399bd408026070505e4a2e23624065f1127d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e5:ec:e8:12:59:24:e9:52:a6:c4:5c:c5:1a:
                    b7:3f:fc:40:f6:63:cf:4c:e1:13:3e:a1:81:b5:9b:
                    b0:77:e9:60:77:ac:3d:db:66:ce:0d:65:80:e3:19:
                    a3:fc:0a:3b:7e:ae:12:4f:99:57:3f:b5:3d:68:94:
                    12:ce:30:38:4e:24:be:27:8e:43:c7:d0:f8:d0:4b:
                    12:bf:97:e1:67:4e:ab:19:ba:41:39:05:c3:b0:a2:
                    25:78:24:0a:5e:a8:ee:b0:52:83:70:39:05:81:74:
                    67:40:b8:4f:df:2a:2f:a6:16:6e:b6:ed:97:0b:e1:
                    2d:d7:40:c7:93:e4:61:ec:6c:a1:6a:e0:9b:04:82:
                    a8:b4:7f:be:be:79:ca:d2:a6:5d:b6:1b:ef:96:62:
                    c0:9a:c5:31:86:a9:1d:6c:d9:60:af:f8:b9:de:54:
                    4a:73:bd:e9:85:ee:8d:d0:4c:cb:a1:37:47:6a:26:
                    fa:7f:92:b6:f3:75:38:f8:83:50:f6:6f:37:b9:bc:
                    9d:c1:34:23:29:25:d7:8a:a2:80:eb:50:c6:f2:39:
                    a4:9d:40:2b:ce:f1:98:e8:bc:f0:54:28:24:93:93:
                    b7:7b:b4:99:99:17:91:a8:da:54:09:72:18:30:17:
                    63:5e:7a:17:b0:88:77:7c:29:06:43:52:b8:dd:04:
                    55:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:A8:39:9B:D4:08:02:60:70:50:5E:4A:2E:23:62:40:65:F1:12:7D
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/gqg5m9QIAmBwUF5KLiNiQGXxEn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8260::/44

    Signature Algorithm: sha256WithRSAEncryption
         19:46:7e:0f:6a:69:c4:7d:2b:ad:d5:16:7c:ac:54:2b:e6:f3:
         81:4c:5d:74:e3:a9:15:83:98:00:5e:e1:bb:6a:07:4f:c3:3a:
         fb:50:91:99:bf:03:65:16:8d:bc:4f:23:73:02:63:ac:78:e2:
         51:f8:c8:64:79:c6:df:7e:c1:92:75:57:5f:df:03:79:97:28:
         ce:2c:83:19:68:f0:48:50:0e:93:da:28:cf:a0:84:55:12:b4:
         de:32:c6:62:46:8f:40:bf:db:c9:c4:86:66:82:ab:4a:8f:fe:
         7d:41:79:91:07:f6:d0:c8:a3:08:94:ee:af:d2:6a:59:f4:a7:
         17:6c:64:4e:23:95:0c:57:0d:d2:19:b7:a7:d3:10:2f:bd:a3:
         db:8c:b8:ce:40:b5:41:26:24:95:67:99:6f:c9:73:6d:3a:42:
         07:1b:85:7e:64:9d:3c:c1:59:2a:5a:2f:90:0c:80:d7:5d:28:
         5d:cb:e6:c9:1e:44:59:d8:a1:d7:58:de:9a:7c:6b:65:66:aa:
         6e:93:ca:f0:5e:d4:35:b4:12:3d:d4:88:0b:2c:89:6a:43:49:
         e4:91:09:f5:66:01:e0:7c:a6:f5:eb:51:c0:14:fa:be:76:e2:
         9e:3d:9d:fe:01:f5:ff:8b:ee:8f:b8:2d:64:2c:0f:bd:f0:58:
         cc:dd:d1:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuO5QNWX2HZz32vVduZc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmE4Mzk5YmQ0MDgwMjYwNzA1MDVlNGEyZTIzNjI0MDY1ZjExMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+Xs6BJZJOlSpsRcxRq3P/xA9mPP
TOETPqGBtZuwd+lgd6w922bODWWA4xmj/Ao7fq4ST5lXP7U9aJQSzjA4TiS+J45D
x9D40EsSv5fhZ06rGbpBOQXDsKIleCQKXqjusFKDcDkFgXRnQLhP3yovphZutu2X
C+Et10DHk+Rh7GyhauCbBIKotH++vnnK0qZdthvvlmLAmsUxhqkdbNlgr/i53lRK
c73phe6N0EzLoTdHaib6f5K283U4+INQ9m83ubydwTQjKSXXiqKA61DG8jmknUAr
zvGY6LzwVCgkk5O3e7SZmReRqNpUCXIYMBdjXnoXsIh3fCkGQ1K43QRVFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIKoOZvUCAJgcFBeSi4jYkBl8RJ9MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvZ3FnNW05UUlBbUJ3VUY1S0xpTmlRR1h4RW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIJg
MA0GCSqGSIb3DQEBCwUAA4IBAQAZRn4PamnEfSut1RZ8rFQr5vOBTF1046kVg5gA
XuG7agdPwzr7UJGZvwNlFo28TyNzAmOseOJR+MhkecbffsGSdVdf3wN5lyjOLIMZ
aPBIUA6T2ijPoIRVErTeMsZiRo9Av9vJxIZmgqtKj/59QXmRB/bQyKMIlO6v0mpZ
9KcXbGROI5UMVw3SGben0xAvvaPbjLjOQLVBJiSVZ5lvyXNtOkIHG4V+ZJ08wVkq
Wi+QDIDXXShdy+bJHkRZ2KHXWN6afGtlZqpuk8rwXtQ1tBI91IgLLIlqQ0nkkQn1
ZgHgfKb161HAFPq+duKePZ3+AfX/i+6PuC1kLA+98FjM3dEr
-----END CERTIFICATE-----