Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/98953otLwcclZxPPdZqEEkwJHC8.roa
File:                     98953otLwcclZxPPdZqEEkwJHC8.roa (raw, json)
Hash identifier:          yVY+yiwmOKsdn87DixQ5uHw/0edEd+3QOaMecFMsqzQ=
Subject key identifier:   F7:CF:79:DE:8B:4B:C1:C7:25:67:13:CF:75:9A:84:12:4C:09:1C:2F
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0194B6A83DD922979044FFA471E97BB2A060
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/98953otLwcclZxPPdZqEEkwJHC8.roa
Signing time:             Thu 30 Jan 2025 10:01:06 +0000
ROA not before:           Thu 30 Jan 2025 10:01:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210199
IP address blocks:        2a0c:9a40:85b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b6:a8:3d:d9:22:97:90:44:ff:a4:71:e9:7b:b2:a0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan 30 10:01:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7cf79de8b4bc1c7256713cf759a84124c091c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:59:b9:5f:22:3b:85:aa:ac:c9:e1:d2:a0:9c:
                    67:1b:bd:62:d8:84:1a:95:a6:48:ee:8d:39:27:11:
                    f4:73:89:0b:41:11:9f:21:35:8b:6e:71:20:87:42:
                    a9:c6:52:2a:9f:91:4a:4f:e3:1e:57:db:23:d6:6a:
                    8b:27:e9:84:49:71:e0:9a:9f:72:b5:c9:c0:22:a7:
                    8c:cf:fa:97:14:6d:da:b4:54:d9:a7:de:45:a5:7b:
                    73:fa:4a:82:2f:be:c0:f0:c8:1c:08:87:e2:27:d7:
                    41:4b:47:d7:e6:ae:77:6d:55:84:60:fa:be:2d:ca:
                    e3:c7:17:eb:52:aa:7c:61:a7:77:96:d2:28:b1:3b:
                    f2:22:85:86:5a:86:77:2d:2d:3e:54:a2:0e:9f:1e:
                    3f:37:9e:bd:b7:8e:0c:77:ce:0d:c6:9b:81:35:fd:
                    94:d1:69:02:7a:f9:29:2b:15:19:78:73:e7:00:f7:
                    10:9a:56:94:7f:3b:1b:b6:0f:0b:a1:7d:ee:44:54:
                    6b:c9:5e:c8:7a:45:d8:16:45:3b:43:27:a6:e0:e6:
                    6d:b0:4a:45:7f:89:47:32:15:3a:0a:a3:a2:c1:e8:
                    bb:45:20:d1:81:6e:e8:f7:be:c6:09:55:b4:09:b3:
                    24:a1:e2:90:06:7d:d8:05:28:2f:e9:53:26:7e:cb:
                    0c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:CF:79:DE:8B:4B:C1:C7:25:67:13:CF:75:9A:84:12:4C:09:1C:2F
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/98953otLwcclZxPPdZqEEkwJHC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:85b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:4d:32:ef:a2:57:6f:fe:fe:3e:53:25:3c:84:8a:ec:b9:63:
         d4:e5:d4:d7:ce:94:2e:fc:bd:b3:85:d1:07:af:a6:59:b1:52:
         f3:19:1a:b4:e8:6c:5e:65:47:12:f6:2d:7c:25:24:7a:68:27:
         79:d5:8d:02:4f:1d:26:5d:ca:e6:7d:4c:b5:43:a6:c1:ff:a6:
         06:e5:cd:56:ee:10:c9:3f:21:6f:97:d5:ec:8f:72:05:aa:36:
         6f:79:f4:06:77:da:13:a3:b9:65:40:06:5d:ad:7a:fb:e4:18:
         05:24:a6:97:24:a7:b4:5a:ba:a4:79:cc:bc:ad:15:f9:d5:e3:
         11:9e:39:c8:95:9f:93:de:b4:cb:4b:88:6f:c3:8c:bc:ea:94:
         69:c3:5b:5a:3e:f1:5c:48:2c:1d:c6:6d:2d:37:3b:a0:3e:c4:
         86:11:fc:16:86:43:b8:7e:ac:65:d0:5f:61:54:68:13:f9:4e:
         9f:99:44:47:84:be:5c:33:80:06:e2:4b:34:2b:43:be:60:5b:
         9c:1c:91:89:8c:95:1f:ca:06:63:5a:f0:4d:98:6f:0a:fd:54:
         e5:0e:c8:bd:8d:45:b7:2f:96:4c:ce:74:0c:ff:ee:58:ae:1b:
         c6:6e:58:dd:14:2d:b7:95:20:ed:05:55:b4:ea:62:93:c9:22:
         51:d8:7f:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZS2qD3ZIpeQRP+kcel7sqBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTMwMTAwMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2NmNzlkZThiNGJjMWM3MjU2NzEzY2Y3NTlhODQxMjRjMDkxYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlm5XyI7haqsyeHSoJxnG71i2IQa
laZI7o05JxH0c4kLQRGfITWLbnEgh0KpxlIqn5FKT+MeV9sj1mqLJ+mESXHgmp9y
tcnAIqeMz/qXFG3atFTZp95FpXtz+kqCL77A8MgcCIfiJ9dBS0fX5q53bVWEYPq+
LcrjxxfrUqp8Yad3ltIosTvyIoWGWoZ3LS0+VKIOnx4/N569t44Md84NxpuBNf2U
0WkCevkpKxUZeHPnAPcQmlaUfzsbtg8LoX3uRFRryV7IekXYFkU7Qyem4OZtsEpF
f4lHMhU6CqOiwei7RSDRgW7o977GCVW0CbMkoeKQBn3YBSgv6VMmfssMkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPfPed6LS8HHJWcTz3WahBJMCRwvMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvOTg5NTNvdEx3Y2NsWnhQUGRacUVFa3dKSEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIWw
MA0GCSqGSIb3DQEBCwUAA4IBAQBkTTLvoldv/v4+UyU8hIrsuWPU5dTXzpQu/L2z
hdEHr6ZZsVLzGRq06GxeZUcS9i18JSR6aCd51Y0CTx0mXcrmfUy1Q6bB/6YG5c1W
7hDJPyFvl9Xsj3IFqjZvefQGd9oTo7llQAZdrXr75BgFJKaXJKe0Wrqkecy8rRX5
1eMRnjnIlZ+T3rTLS4hvw4y86pRpw1taPvFcSCwdxm0tNzugPsSGEfwWhkO4fqxl
0F9hVGgT+U6fmURHhL5cM4AG4ks0K0O+YFucHJGJjJUfygZjWvBNmG8K/VTlDsi9
jUW3L5ZMznQM/+5YrhvGbljdFC23lSDtBVW06mKTySJR2H+U
-----END CERTIFICATE-----