Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Autjq4K7CbRYg02FbfTBKfeESWo.roa
File:                     Autjq4K7CbRYg02FbfTBKfeESWo.roa (raw, json)
Hash identifier:          miFkKwWiDQawLuflfEM6kIX4fmE8VfWfR8ow4HsimoM=
Subject key identifier:   02:EB:63:AB:82:BB:09:B4:58:83:4D:85:6D:F4:C1:29:F7:84:49:6A
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBD58CF9B73566B628D1AA80543080
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Autjq4K7CbRYg02FbfTBKfeESWo.roa
Signing time:             Wed 01 Jan 2025 17:48:36 +0000
ROA not before:           Wed 01 Jan 2025 17:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199762
IP address blocks:        2a0c:9a40:9a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 06:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d5:8c:f9:b7:35:66:b6:28:d1:aa:80:54:30:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02eb63ab82bb09b458834d856df4c129f784496a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:23:eb:b6:1a:fc:e1:fa:b8:a8:d0:53:18:b6:
                    a8:1e:92:ed:2c:64:4c:2d:60:e4:df:fe:d9:19:fc:
                    45:da:7e:7d:82:32:4d:76:8d:df:00:13:1c:0d:e8:
                    d5:15:47:5a:a5:1b:6e:41:ca:a4:3f:3b:aa:bb:a4:
                    06:67:9d:b2:39:70:08:93:89:50:7f:b0:5c:b2:0c:
                    f6:a6:43:39:64:46:9c:da:34:8e:d4:83:b7:da:66:
                    27:0d:e1:f5:92:0b:19:f0:f3:eb:5d:40:84:1f:2e:
                    05:2e:84:60:f0:5d:0d:74:5d:be:34:7f:b2:a8:24:
                    18:0f:24:a5:ae:bc:43:79:b0:7f:e5:5f:90:2a:63:
                    65:bc:bf:94:52:b0:8f:19:0d:db:66:4c:83:03:dc:
                    94:37:8d:29:84:f9:c3:97:1c:95:68:11:37:d6:d3:
                    75:e3:ff:73:36:d8:a9:02:75:5e:ac:bf:f0:91:42:
                    73:ac:9f:ba:75:64:96:d7:61:79:6f:69:59:0f:81:
                    db:06:5e:d9:f8:0b:79:3c:7f:76:58:4b:fc:16:1f:
                    91:7b:c2:b6:af:5f:02:c0:76:6d:ca:04:70:63:86:
                    8b:9a:3f:01:a7:8c:f7:37:89:b1:e5:92:40:18:70:
                    5b:ab:17:72:c8:63:99:a9:88:98:c0:09:94:7e:e5:
                    0e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:EB:63:AB:82:BB:09:B4:58:83:4D:85:6D:F4:C1:29:F7:84:49:6A
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Autjq4K7CbRYg02FbfTBKfeESWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:9a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         1b:60:6c:e6:0d:cf:34:87:8c:f0:ac:24:25:3a:2f:82:32:4a:
         dc:d7:3f:a4:42:ea:dc:78:be:8b:47:47:63:14:12:d8:94:e7:
         cc:2d:8f:24:88:ae:5a:87:19:28:61:ad:fa:3d:e1:23:9f:e7:
         c6:f9:fa:77:a3:90:6e:9f:c1:77:51:fb:ea:63:40:b4:ab:61:
         08:32:c5:7e:66:7d:9b:b5:d5:03:c6:59:d9:6c:16:64:b1:56:
         d5:93:d6:e4:ab:82:b5:8e:9b:c9:ce:b2:46:3a:ab:d8:a0:e2:
         fc:ca:54:22:d0:ca:e0:a0:53:a6:23:0d:0f:83:ec:28:04:08:
         f3:df:9f:6d:c5:b5:ce:48:81:29:ce:99:90:20:76:d3:f6:a5:
         4c:63:92:21:ec:ea:a2:43:0f:f0:75:d5:8a:f0:26:56:ff:95:
         1e:01:2f:62:ae:d3:7f:52:5a:8e:13:0e:23:d8:da:b3:a9:97:
         61:d5:06:d2:64:fb:7e:bb:a5:67:1f:c1:3d:c3:3d:59:e3:60:
         ce:0f:98:89:e4:55:4a:99:be:28:19:b1:e7:a0:63:fd:ee:7d:
         c7:3f:fa:c4:28:4d:09:d1:85:dc:f6:bf:97:87:e2:fb:e2:ab:
         8f:31:05:85:d7:66:d3:32:af:dd:eb:c4:f4:4d:8b:e1:00:c3:
         de:00:62:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQi+9WM+bc1ZrYo0aqAVDCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmViNjNhYjgyYmIwOWI0NTg4MzRkODU2ZGY0YzEyOWY3ODQ0OTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiPrthr84fq4qNBTGLaoHpLtLGRM
LWDk3/7ZGfxF2n59gjJNdo3fABMcDejVFUdapRtuQcqkPzuqu6QGZ52yOXAIk4lQ
f7Bcsgz2pkM5ZEac2jSO1IO32mYnDeH1kgsZ8PPrXUCEHy4FLoRg8F0NdF2+NH+y
qCQYDySlrrxDebB/5V+QKmNlvL+UUrCPGQ3bZkyDA9yUN40phPnDlxyVaBE31tN1
4/9zNtipAnVerL/wkUJzrJ+6dWSW12F5b2lZD4HbBl7Z+At5PH92WEv8Fh+Re8K2
r18CwHZtygRwY4aLmj8Bp4z3N4mx5ZJAGHBbqxdyyGOZqYiYwAmUfuUO9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFALrY6uCuwm0WINNhW30wSn3hElqMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvQXV0anE0SzdDYlJZZzAyRmJmVEJLZmVFU1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQJow
DQYJKoZIhvcNAQELBQADggEBABtgbOYNzzSHjPCsJCU6L4IyStzXP6RC6tx4votH
R2MUEtiU58wtjySIrlqHGShhrfo94SOf58b5+nejkG6fwXdR++pjQLSrYQgyxX5m
fZu11QPGWdlsFmSxVtWT1uSrgrWOm8nOskY6q9ig4vzKVCLQyuCgU6YjDQ+D7CgE
CPPfn23Ftc5IgSnOmZAgdtP2pUxjkiHs6qJDD/B11YrwJlb/lR4BL2Ku039SWo4T
DiPY2rOpl2HVBtJk+367pWcfwT3DPVnjYM4PmInkVUqZvigZseegY/3ufcc/+sQo
TQnRhdz2v5eH4vviq48xBYXXZtMyr93rxPRNi+EAw94AYoQ=
-----END CERTIFICATE-----