Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/2mQMwP0p97Hr3YURGHo5Xd5V9NE.roa
File:                     2mQMwP0p97Hr3YURGHo5Xd5V9NE.roa (raw, json)
Hash identifier:          k61PjUSNm2qF0+lRZutvmeql7AaBGBSwHVRaRVRwYoE=
Subject key identifier:   DA:64:0C:C0:FD:29:F7:B1:EB:DD:85:11:18:7A:39:5D:DE:55:F4:D1
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018F2C7D08C1BC288A7A630A4D9F8C548CAC
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/2mQMwP0p97Hr3YURGHo5Xd5V9NE.roa
Signing time:             Tue 30 Apr 2024 00:52:22 +0000
ROA not before:           Tue 30 Apr 2024 00:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215120
IP address blocks:        2a0c:9a40:8570::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 06:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2c:7d:08:c1:bc:28:8a:7a:63:0a:4d:9f:8c:54:8c:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Apr 30 00:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da640cc0fd29f7b1ebdd8511187a395dde55f4d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e1:57:3b:74:8b:85:70:4d:eb:0c:94:92:aa:
                    0b:71:ff:94:7a:e9:1e:92:14:ce:30:0c:86:4f:e9:
                    d1:5f:e6:6d:60:a0:e1:43:98:80:8f:d5:91:4d:8a:
                    d3:a5:ad:9d:21:ed:55:df:3b:23:e6:c8:a2:41:d4:
                    1b:39:19:6d:dd:56:97:4f:a7:c2:45:87:26:47:a4:
                    33:42:b3:99:e2:9b:f8:ba:0e:1c:ef:f6:0a:65:26:
                    ba:c7:40:a3:25:fb:c1:14:ba:5e:23:38:15:25:ea:
                    bd:15:73:48:d5:4e:e9:d6:16:08:51:8b:95:cc:42:
                    05:45:4d:0e:f8:58:33:26:fa:d3:88:47:5b:98:32:
                    e4:f4:5c:dc:26:2e:92:c6:ce:82:1f:bd:a8:95:a3:
                    6e:74:64:a2:cf:f6:bb:0c:02:f3:4d:27:93:9b:73:
                    74:de:32:4e:05:f2:ec:13:5e:63:f3:7e:70:f7:1c:
                    c6:eb:35:03:71:75:4c:b0:87:7b:77:8b:82:a7:00:
                    9e:3c:e6:53:a2:e7:7c:a7:cf:39:5f:34:fa:0a:74:
                    54:1c:e1:f1:9e:00:43:8d:f4:c6:18:11:2d:fe:eb:
                    b1:18:fe:3a:d2:7e:e9:2b:16:79:66:be:30:b2:c1:
                    a6:46:04:61:e8:8b:2d:15:66:22:dc:7b:77:99:cc:
                    16:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:64:0C:C0:FD:29:F7:B1:EB:DD:85:11:18:7A:39:5D:DE:55:F4:D1
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/2mQMwP0p97Hr3YURGHo5Xd5V9NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8570::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:d9:24:38:32:4c:bb:a2:8f:7d:e6:fc:95:09:36:68:07:bd:
         b3:6f:a6:2c:ea:b8:63:3a:81:31:6f:00:77:f2:02:53:a2:8f:
         59:46:1c:10:69:03:14:c7:be:c7:12:66:da:c5:3e:5d:17:38:
         ab:31:f7:46:1b:e1:8e:bf:3b:3e:fb:30:45:ea:c6:b6:ac:cd:
         27:f2:79:47:87:51:1b:1e:ca:a8:86:ad:da:99:84:14:e7:3e:
         1d:fd:fb:88:b5:30:af:e0:76:d2:71:d7:c4:59:91:1e:95:98:
         ad:3f:79:b4:25:f9:ce:a6:18:71:f8:1d:9d:e2:bb:d5:d9:64:
         fa:2c:a9:b5:76:20:13:47:3b:20:bc:43:41:ad:1a:fd:ae:d1:
         4d:dc:72:09:f9:6e:e5:73:45:ad:c0:86:7a:f4:88:2c:4a:e0:
         6b:98:a3:99:34:91:98:03:f3:73:61:a4:05:35:48:75:f0:71:
         7c:58:b7:53:f0:05:1f:4b:d5:0b:4c:5b:ad:7f:31:92:49:89:
         01:5c:cc:0f:07:08:4f:e2:bf:91:42:c1:3b:2a:ec:c9:e9:6d:
         c1:de:29:8a:b1:c4:96:fb:b6:b6:e9:e0:e7:60:fd:83:e1:41:
         05:5b:eb:4e:99:05:a4:46:63:0c:ec:d2:78:b9:04:d6:df:93:
         76:98:2c:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8sfQjBvCiKemMKTZ+MVIysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNDMwMDA1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY0MGNjMGZkMjlmN2IxZWJkZDg1MTExODdhMzk1ZGRlNTVmNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+FXO3SLhXBN6wyUkqoLcf+Ueuke
khTOMAyGT+nRX+ZtYKDhQ5iAj9WRTYrTpa2dIe1V3zsj5siiQdQbORlt3VaXT6fC
RYcmR6QzQrOZ4pv4ug4c7/YKZSa6x0CjJfvBFLpeIzgVJeq9FXNI1U7p1hYIUYuV
zEIFRU0O+FgzJvrTiEdbmDLk9FzcJi6Sxs6CH72olaNudGSiz/a7DALzTSeTm3N0
3jJOBfLsE15j835w9xzG6zUDcXVMsId7d4uCpwCePOZToud8p885XzT6CnRUHOHx
ngBDjfTGGBEt/uuxGP460n7pKxZ5Zr4wssGmRgRh6IstFWYi3Ht3mcwWAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNpkDMD9Kfex692FERh6OV3eVfTRMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvMm1RTXdQMHA5N0hyM1lVUkdIbzVYZDVWOU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIVw
MA0GCSqGSIb3DQEBCwUAA4IBAQAM2SQ4Mky7oo995vyVCTZoB72zb6Ys6rhjOoEx
bwB38gJToo9ZRhwQaQMUx77HEmbaxT5dFzirMfdGG+GOvzs++zBF6sa2rM0n8nlH
h1EbHsqohq3amYQU5z4d/fuItTCv4HbScdfEWZEelZitP3m0JfnOphhx+B2d4rvV
2WT6LKm1diATRzsgvENBrRr9rtFN3HIJ+W7lc0WtwIZ69IgsSuBrmKOZNJGYA/Nz
YaQFNUh18HF8WLdT8AUfS9ULTFutfzGSSYkBXMwPBwhP4r+RQsE7KuzJ6W3B3imK
scSW+7a26eDnYP2D4UEFW+tOmQWkRmMM7NJ4uQTW35N2mCzQ
-----END CERTIFICATE-----