Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/9iiv0M0HYOWf0jbIgTH-XkyeUQY.roa
File:                     9iiv0M0HYOWf0jbIgTH-XkyeUQY.roa (raw, json)
Hash identifier:          hcWMVB0eZ9u/obX6KzjXaqNhPT4irQmHeRDQJUFN+sY=
Subject key identifier:   F6:28:AF:D0:CD:07:60:E5:9F:D2:36:C8:81:31:FE:5E:4C:9E:51:06
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E912C804C3B6C520DC41899F085A
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/9iiv0M0HYOWf0jbIgTH-XkyeUQY.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207414
IP address blocks:        2a0c:9a40:8280::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e9:12:c8:04:c3:b6:c5:20:dc:41:89:9f:08:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f628afd0cd0760e59fd236c88131fe5e4c9e5106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e3:a6:6d:a2:a7:ab:7e:51:53:4b:5e:b0:ca:
                    7d:47:90:7e:b7:69:80:18:1e:ec:1d:2e:cb:9b:14:
                    82:b9:6e:29:e0:c1:f3:c2:cb:7f:4d:2e:31:65:28:
                    e2:58:6f:b1:35:74:85:27:ce:d2:6c:78:b8:36:aa:
                    ef:f7:ae:82:9d:53:40:ef:33:6d:7d:ee:e1:59:b3:
                    34:80:66:6b:4d:74:80:85:cc:b8:fc:1b:77:71:de:
                    36:30:92:35:da:c9:6a:b3:19:c9:96:d8:09:58:9a:
                    d7:9b:e6:7c:8d:1c:d2:02:be:83:f0:41:38:ac:cb:
                    52:b8:7c:bf:13:fe:87:2c:b8:fd:79:55:22:64:32:
                    f1:b1:57:70:1d:11:7a:b4:e7:c8:50:48:b5:f7:c1:
                    b3:a0:8c:20:94:1b:0f:0c:a0:1c:33:55:2c:a3:a2:
                    d8:41:9f:a1:47:ad:4f:e5:58:89:66:08:d0:7b:88:
                    f6:9a:2c:54:d0:fc:ab:b2:e0:b0:9e:b9:6c:68:0d:
                    82:5b:3e:00:ee:f7:b9:47:46:74:1e:be:d2:a7:51:
                    72:81:9c:aa:c9:e9:96:de:4b:54:de:13:f7:22:90:
                    29:67:b3:e6:e0:ac:f1:0f:ca:2e:13:e3:0b:eb:8c:
                    f6:3d:18:a7:42:51:22:7d:b8:16:e8:56:f8:c2:4a:
                    64:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:28:AF:D0:CD:07:60:E5:9F:D2:36:C8:81:31:FE:5E:4C:9E:51:06
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/9iiv0M0HYOWf0jbIgTH-XkyeUQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8280::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:e2:45:c3:7c:2e:c2:cd:cc:39:24:32:fc:e2:97:fc:a4:1c:
         31:d5:ae:23:75:9f:51:20:02:1d:af:f2:01:84:72:00:06:06:
         7a:f2:d7:50:27:2d:38:d9:35:4d:a7:ca:28:bc:0c:21:6f:5a:
         78:6e:eb:74:00:6f:d0:d1:15:7f:aa:19:10:1e:b3:38:68:9e:
         a9:ce:11:29:ed:72:9d:8e:f5:de:c0:12:74:07:87:75:8e:ed:
         a8:c5:09:35:d4:2e:53:19:db:44:1f:be:99:07:27:f4:d1:47:
         47:0f:14:d3:70:86:e3:2e:a9:e6:d3:6d:48:e0:6f:4d:e1:76:
         53:b6:1c:0a:67:f6:1b:6a:db:ba:e5:f3:96:63:de:71:ce:03:
         04:06:39:2a:40:22:e2:ba:6a:cf:09:7f:84:dc:42:1a:bf:42:
         07:3b:e7:09:52:97:40:99:1d:21:be:0d:2d:8e:ab:59:5c:d9:
         3b:0d:55:01:b7:91:2f:07:f8:7b:71:8e:dc:4f:bf:08:ba:7f:
         55:ea:32:34:36:ef:5e:4b:3e:b1:d0:53:23:58:29:ec:94:39:
         1d:51:99:e2:ce:00:53:15:55:14:43:c0:90:45:36:65:b3:95:
         15:05:2d:48:da:1d:13:f2:1a:37:10:66:dc:11:71:00:42:35:
         9a:81:80:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOkSyATDtsUg3EGJnwhaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjI4YWZkMGNkMDc2MGU1OWZkMjM2Yzg4MTMxZmU1ZTRjOWU1MTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+OmbaKnq35RU0tesMp9R5B+t2mA
GB7sHS7LmxSCuW4p4MHzwst/TS4xZSjiWG+xNXSFJ87SbHi4Nqrv966CnVNA7zNt
fe7hWbM0gGZrTXSAhcy4/Bt3cd42MJI12slqsxnJltgJWJrXm+Z8jRzSAr6D8EE4
rMtSuHy/E/6HLLj9eVUiZDLxsVdwHRF6tOfIUEi198GzoIwglBsPDKAcM1Uso6LY
QZ+hR61P5ViJZgjQe4j2mixU0PyrsuCwnrlsaA2CWz4A7ve5R0Z0Hr7Sp1FygZyq
yemW3ktU3hP3IpApZ7Pm4KzxD8ouE+ML64z2PRinQlEifbgW6Fb4wkpkLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPYor9DNB2Dln9I2yIEx/l5MnlEGMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvOWlpdjBNMEhZT1dmMGpiSWdUSC1Ya3llVVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIKA
MA0GCSqGSIb3DQEBCwUAA4IBAQA34kXDfC7Czcw5JDL84pf8pBwx1a4jdZ9RIAId
r/IBhHIABgZ68tdQJy042TVNp8oovAwhb1p4but0AG/Q0RV/qhkQHrM4aJ6pzhEp
7XKdjvXewBJ0B4d1ju2oxQk11C5TGdtEH76ZByf00UdHDxTTcIbjLqnm021I4G9N
4XZTthwKZ/Ybatu65fOWY95xzgMEBjkqQCLiumrPCX+E3EIav0IHO+cJUpdAmR0h
vg0tjqtZXNk7DVUBt5EvB/h7cY7cT78Iun9V6jI0Nu9eSz6x0FMjWCnslDkdUZni
zgBTFVUUQ8CQRTZls5UVBS1I2h0T8ho3EGbcEXEAQjWagYAp
-----END CERTIFICATE-----