Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4Y616HZRv5NBqtCB4uCK1aPn8Nw.roa
File:                     4Y616HZRv5NBqtCB4uCK1aPn8Nw.roa (raw, json)
Hash identifier:          H3t+DK71aQ7zOyFYHzur0bFuqVvLFfyvbdanaYH0Cr4=
Subject key identifier:   E1:8E:B5:E8:76:51:BF:93:41:AA:D0:81:E2:E0:8A:D5:A3:E7:F0:DC
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E992BED871753BF48204056E2988
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4Y616HZRv5NBqtCB4uCK1aPn8Nw.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207965
IP address blocks:        2a0c:9a40:8010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e9:92:be:d8:71:75:3b:f4:82:04:05:6e:29:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e18eb5e87651bf9341aad081e2e08ad5a3e7f0dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:28:85:65:cb:01:c2:96:22:27:3e:71:e1:2e:
                    d6:b9:bf:4e:f4:5d:c7:f3:dd:43:b1:7f:68:46:b6:
                    13:a1:2e:fc:37:65:94:8f:ba:ef:e6:c6:7c:74:92:
                    07:df:1e:6c:87:0f:e7:bb:4b:cf:2f:53:83:f2:27:
                    72:7f:53:a6:bc:fe:e2:53:a4:4b:28:c3:f3:99:38:
                    40:6b:16:0b:59:2d:17:e1:ce:35:28:0e:ef:17:af:
                    10:6f:9c:eb:d3:6e:66:ca:b6:ca:02:49:91:73:dd:
                    d9:0c:ba:af:c8:41:f3:90:1e:81:52:b6:db:ce:73:
                    c8:ca:22:d6:c3:1f:bf:1c:4a:3a:47:13:12:41:76:
                    36:eb:02:f8:25:8e:1c:de:93:2a:5e:5b:91:16:f3:
                    c6:cc:af:d7:a1:86:e5:69:d1:57:6f:9b:c7:be:51:
                    d3:34:6f:e3:ec:ac:f6:d2:e8:fb:c8:8e:28:e5:1a:
                    a5:fe:1f:2f:aa:fd:49:f7:c1:4c:e1:1b:f4:f4:dd:
                    24:26:cf:2f:f9:74:41:a1:a4:01:2b:a6:00:c5:31:
                    8a:87:cf:db:d1:37:b7:86:34:df:23:3f:02:56:37:
                    25:63:48:de:85:a1:15:81:6c:33:aa:f8:00:37:01:
                    d6:29:69:de:0f:8d:44:96:21:a9:b3:ab:2e:85:77:
                    11:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:8E:B5:E8:76:51:BF:93:41:AA:D0:81:E2:E0:8A:D5:A3:E7:F0:DC
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4Y616HZRv5NBqtCB4uCK1aPn8Nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8010::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:70:2a:25:1c:aa:a4:b7:ca:1d:2c:0e:b6:75:5d:91:ec:95:
         a9:4f:70:d6:56:1c:04:04:51:b5:19:95:d3:b3:9c:26:3f:3b:
         69:fb:47:b6:d8:25:50:8a:3c:85:23:9e:7f:52:b5:4f:58:54:
         b2:29:89:2b:c4:8c:bd:ca:ae:5e:01:b7:72:8f:fb:80:03:c6:
         1f:2c:cc:6c:a1:fe:7c:2c:7e:db:e0:90:24:9d:1b:1f:e8:44:
         76:02:6a:b3:8d:d0:c8:0b:49:ed:8c:a8:6a:87:5d:04:11:c7:
         69:47:28:b4:f3:79:ab:38:ac:9e:b1:e6:72:ba:cb:6c:72:71:
         ea:7c:04:3c:f3:b3:3c:9f:9f:24:7b:36:6d:af:ee:e6:02:ad:
         9d:fd:0e:9e:f1:32:c2:ac:10:e4:bf:6d:b2:60:0a:6d:99:d9:
         34:95:6e:da:b7:fd:fc:5f:57:9d:91:93:3f:f8:22:c8:41:f2:
         f6:0d:8f:42:4b:59:04:3d:0d:a9:0e:5a:61:c0:2c:d1:92:e9:
         91:79:58:86:b2:2c:7c:dc:04:b5:82:79:38:ce:ad:b4:78:77:
         88:9b:34:11:7f:43:7e:e4:78:5f:18:f3:80:90:83:9a:5d:87:
         0e:f6:94:60:b3:fe:02:f4:c8:5d:04:a9:ff:df:6a:83:c3:5d:
         34:69:35:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOmSvthxdTv0ggQFbimIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMThlYjVlODc2NTFiZjkzNDFhYWQwODFlMmUwOGFkNWEzZTdmMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSiFZcsBwpYiJz5x4S7Wub9O9F3H
891DsX9oRrYToS78N2WUj7rv5sZ8dJIH3x5shw/nu0vPL1OD8idyf1OmvP7iU6RL
KMPzmThAaxYLWS0X4c41KA7vF68Qb5zr025myrbKAkmRc93ZDLqvyEHzkB6BUrbb
znPIyiLWwx+/HEo6RxMSQXY26wL4JY4c3pMqXluRFvPGzK/XoYbladFXb5vHvlHT
NG/j7Kz20uj7yI4o5Rql/h8vqv1J98FM4Rv09N0kJs8v+XRBoaQBK6YAxTGKh8/b
0Te3hjTfIz8CVjclY0jehaEVgWwzqvgANwHWKWneD41EliGps6suhXcRZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOGOteh2Ub+TQarQgeLgitWj5/DcMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvNFk2MTZIWlJ2NU5CcXRDQjR1Q0sxYVBuOE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAHcColHKqkt8odLA62dV2R7JWpT3DWVhwEBFG1
GZXTs5wmPztp+0e22CVQijyFI55/UrVPWFSyKYkrxIy9yq5eAbdyj/uAA8YfLMxs
of58LH7b4JAknRsf6ER2AmqzjdDIC0ntjKhqh10EEcdpRyi083mrOKyeseZyusts
cnHqfAQ887M8n58kezZtr+7mAq2d/Q6e8TLCrBDkv22yYAptmdk0lW7at/38X1ed
kZM/+CLIQfL2DY9CS1kEPQ2pDlphwCzRkumReViGsix83AS1gnk4zq20eHeImzQR
f0N+5HhfGPOAkIOaXYcO9pRgs/4C9MhdBKn/32qDw100aTW5
-----END CERTIFICATE-----