Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/BB2c0fSKZ5tfiL3FeZ-8lEs9sxg.roa
File:                     BB2c0fSKZ5tfiL3FeZ-8lEs9sxg.roa (raw, json)
Hash identifier:          8v9AcpXzC8XP5MtEppdKlI0MA1FpjV5EhvUeQVdjsOQ=
Subject key identifier:   04:1D:9C:D1:F4:8A:67:9B:5F:88:BD:C5:79:9F:BC:94:4B:3D:B3:18
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D8F2ED654CDB6370CBF5574214D1
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/BB2c0fSKZ5tfiL3FeZ-8lEs9sxg.roa
Signing time:             Mon 01 Jan 2024 20:30:52 +0000
ROA not before:           Mon 01 Jan 2024 20:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60404
IP address blocks:        2a0c:9a40:808e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 06:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d8:f2:ed:65:4c:db:63:70:cb:f5:57:42:14:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=041d9cd1f48a679b5f88bdc5799fbc944b3db318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:78:7d:dd:7f:6d:3a:72:07:93:09:57:e7:c6:
                    de:18:64:50:09:ad:6d:f6:90:79:03:4a:37:c4:81:
                    22:c1:15:61:40:f3:1d:4d:fc:32:1f:f4:89:db:71:
                    f9:31:f3:67:d6:a1:a2:48:df:6e:b4:7a:67:53:29:
                    95:fc:72:f5:d6:8c:cc:03:70:9e:40:97:c1:a3:f7:
                    2b:c1:bd:6c:c7:e7:a4:d7:37:5b:6c:a8:78:f3:31:
                    84:aa:b5:1c:75:81:e3:9e:7e:3e:4c:66:9c:aa:35:
                    7b:ae:09:5a:01:8f:dd:69:e7:c6:ac:1e:a0:be:c9:
                    5d:eb:11:94:4c:ac:6b:11:5a:d1:41:79:ba:94:5b:
                    9d:55:dc:a2:10:2a:15:34:8d:6f:dd:ed:28:fe:da:
                    13:39:8b:c1:03:d6:f5:68:cc:09:51:06:fe:f3:35:
                    09:28:55:b4:32:ce:65:65:f6:17:d7:b8:60:55:bf:
                    0f:3b:f7:03:dc:f1:67:ac:81:32:ee:24:89:1d:bf:
                    0c:86:ef:87:25:b6:83:70:60:00:6c:05:4a:45:2f:
                    ff:c5:29:7f:23:15:91:58:9f:6e:b9:88:0e:58:09:
                    f8:ba:0f:21:c7:89:d6:18:72:4b:10:4b:bc:cd:9a:
                    a4:ea:f3:d0:69:39:d9:f1:4a:f3:aa:0c:d2:c4:82:
                    37:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1D:9C:D1:F4:8A:67:9B:5F:88:BD:C5:79:9F:BC:94:4B:3D:B3:18
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/BB2c0fSKZ5tfiL3FeZ-8lEs9sxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:808e::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:df:a2:d9:f3:e7:57:2e:78:0a:ed:20:af:b8:14:bf:0e:9e:
         8f:29:fd:6d:8e:fd:0f:5f:9a:29:04:86:e3:4a:42:af:83:29:
         e8:29:6b:b0:82:44:cc:c1:f1:78:93:e1:d8:b4:9b:78:d6:41:
         66:6d:af:11:7b:49:0e:a7:c9:45:f7:17:7b:17:bf:ff:b0:26:
         2d:64:7a:12:c7:3a:6f:46:78:53:0a:14:7f:42:9e:4b:35:24:
         15:b5:e4:56:52:ef:37:00:fb:a2:8d:ab:32:7e:f7:be:54:a9:
         43:a4:f1:90:f2:27:50:82:83:13:6f:80:de:60:3e:48:e5:e2:
         a9:56:f0:96:d6:87:64:ee:4a:9b:9c:53:cc:3d:07:92:a6:dd:
         89:ea:d8:f1:c2:45:09:23:52:b9:3a:09:79:1e:20:72:a4:46:
         f3:0a:fb:93:48:a9:bd:fb:87:36:6b:cb:03:29:e3:1a:82:98:
         8b:dd:02:eb:06:ad:b5:1b:27:b7:8c:4d:c8:dc:13:81:2d:55:
         8e:84:01:e1:ee:47:24:a1:a6:65:28:19:18:c6:b2:12:fe:38:
         fb:34:b7:55:20:19:fb:c5:46:3b:62:21:5e:55:e0:db:04:45:
         07:84:97:75:ba:56:b4:71:d5:f9:d8:0c:12:af:c7:f7:c4:1d:
         a3:79:c7:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNjy7WVM22Nwy/VXQhTRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDFkOWNkMWY0OGE2NzliNWY4OGJkYzU3OTlmYmM5NDRiM2RiMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13h93X9tOnIHkwlX58beGGRQCa1t
9pB5A0o3xIEiwRVhQPMdTfwyH/SJ23H5MfNn1qGiSN9utHpnUymV/HL11ozMA3Ce
QJfBo/crwb1sx+ek1zdbbKh48zGEqrUcdYHjnn4+TGacqjV7rglaAY/daefGrB6g
vsld6xGUTKxrEVrRQXm6lFudVdyiECoVNI1v3e0o/toTOYvBA9b1aMwJUQb+8zUJ
KFW0Ms5lZfYX17hgVb8PO/cD3PFnrIEy7iSJHb8Mhu+HJbaDcGAAbAVKRS//xSl/
IxWRWJ9uuYgOWAn4ug8hx4nWGHJLEEu8zZqk6vPQaTnZ8UrzqgzSxII3dwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAQdnNH0imebX4i9xXmfvJRLPbMYMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvQkIyYzBmU0taNXRmaUwzRmVaLThsRXM5c3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQICO
MA0GCSqGSIb3DQEBCwUAA4IBAQCG36LZ8+dXLngK7SCvuBS/Dp6PKf1tjv0PX5op
BIbjSkKvgynoKWuwgkTMwfF4k+HYtJt41kFmba8Re0kOp8lF9xd7F7//sCYtZHoS
xzpvRnhTChR/Qp5LNSQVteRWUu83APuijasyfve+VKlDpPGQ8idQgoMTb4DeYD5I
5eKpVvCW1odk7kqbnFPMPQeSpt2J6tjxwkUJI1K5Ogl5HiBypEbzCvuTSKm9+4c2
a8sDKeMagpiL3QLrBq21Gye3jE3I3BOBLVWOhAHh7kckoaZlKBkYxrIS/jj7NLdV
IBn7xUY7YiFeVeDbBEUHhJd1ula0cdX52AwSr8f3xB2jecdT
-----END CERTIFICATE-----