Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/CQzcc1U3XEGtgs1jGmLcUQZ8L8Q.roa
File:                     CQzcc1U3XEGtgs1jGmLcUQZ8L8Q.roa (raw, json)
Hash identifier:          yaIAmq+sQOzJGp6pcyl2RrLT1sPQ3yk2kCx+Alh7QIY=
Subject key identifier:   09:0C:DC:73:55:37:5C:41:AD:82:CD:63:1A:62:DC:51:06:7C:2F:C4
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018DD079A07567057633DB40E30AC6294F8C
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/CQzcc1U3XEGtgs1jGmLcUQZ8L8Q.roa
Signing time:             Thu 22 Feb 2024 11:00:48 +0000
ROA not before:           Thu 22 Feb 2024 11:00:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215505
IP address blocks:        2a0c:9a40:80b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:79:a0:75:67:05:76:33:db:40:e3:0a:c6:29:4f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Feb 22 11:00:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=090cdc7355375c41ad82cd631a62dc51067c2fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:65:e9:7c:6a:f1:b1:55:37:4c:96:72:22:17:
                    f2:24:2d:8b:9d:b2:88:01:35:fe:b8:28:cf:d9:46:
                    01:79:ac:21:29:95:e0:2f:58:cf:58:e5:eb:5d:94:
                    d0:8c:1d:29:8f:9d:59:bb:bd:28:a4:8f:6e:1d:00:
                    38:51:c0:2d:a3:0c:9d:25:c2:c7:e3:2a:b7:7e:fc:
                    da:a8:bb:d4:7c:36:87:5b:ef:89:5d:34:65:f4:70:
                    01:4b:27:7c:12:1b:bf:9a:a7:51:2f:d7:5e:68:1f:
                    f2:32:5e:15:20:c9:3e:12:75:db:31:7d:fe:7b:85:
                    82:6a:fa:43:96:86:02:82:d8:20:e1:0b:99:5e:82:
                    49:83:ce:53:f9:20:a5:5e:52:d9:87:3c:d7:25:db:
                    13:d1:e9:55:fb:6d:ca:3c:c5:d7:f0:dc:9d:13:ed:
                    ab:74:8d:e9:05:cb:eb:ef:85:85:78:f1:c7:43:6b:
                    98:da:7b:af:ef:83:c9:87:af:e2:49:cb:41:a5:d2:
                    47:33:5d:6b:8c:66:15:a9:58:e0:17:02:ec:f3:b2:
                    90:8f:e0:f5:24:b8:68:0c:fc:9f:e4:a2:1e:5b:5e:
                    1d:c1:98:1a:69:f6:eb:a5:15:af:e2:0c:9e:9e:bc:
                    7b:76:97:d9:20:e3:40:4d:e1:d7:29:eb:ba:dd:9a:
                    27:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0C:DC:73:55:37:5C:41:AD:82:CD:63:1A:62:DC:51:06:7C:2F:C4
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/CQzcc1U3XEGtgs1jGmLcUQZ8L8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:80b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:9d:7c:11:f1:2e:a8:b5:31:9e:ec:6f:8f:51:9b:0b:f6:99:
         a3:db:e3:52:27:5a:6e:e5:f3:87:46:72:fc:51:64:b6:6e:7e:
         f9:f1:61:13:2f:7f:85:9c:80:0d:a9:d9:20:a7:4b:88:8e:05:
         60:1d:da:f8:48:8d:84:51:16:90:3f:25:61:fa:15:2d:5c:82:
         a0:7b:d0:0a:78:f8:6a:a9:93:c1:9c:06:e3:1a:f3:e9:ee:95:
         84:46:b2:04:12:df:01:60:9f:b0:1d:6e:dc:6e:1f:33:aa:e5:
         73:7d:79:b9:5c:c9:f1:81:13:c6:ee:73:bc:7e:c1:58:40:8a:
         30:c0:ae:c3:49:79:2d:c3:eb:c0:5d:d4:61:88:e3:35:bf:b9:
         bf:c9:9c:5b:f0:e3:ad:c8:b1:00:60:78:dc:7f:d5:ce:72:76:
         6d:42:7d:0b:27:3e:c2:39:8f:55:b8:98:45:08:55:f8:19:e0:
         c3:81:0b:fd:7e:ed:2f:9d:ac:74:55:81:9e:77:14:0b:60:1b:
         62:78:28:dc:dd:42:e6:94:4c:16:e4:cc:bc:e7:80:e1:a9:a8:
         91:d8:d0:79:88:9e:0b:4e:ec:ff:33:6c:97:6d:7b:14:0b:6b:
         c1:d8:d1:06:70:86:1f:96:46:19:1e:bb:02:53:a4:5f:8f:b3:
         15:e7:09:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3QeaB1ZwV2M9tA4wrGKU+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMjIyMTEwMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBjZGM3MzU1Mzc1YzQxYWQ4MmNkNjMxYTYyZGM1MTA2N2MyZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGXpfGrxsVU3TJZyIhfyJC2LnbKI
ATX+uCjP2UYBeawhKZXgL1jPWOXrXZTQjB0pj51Zu70opI9uHQA4UcAtowydJcLH
4yq3fvzaqLvUfDaHW++JXTRl9HABSyd8Ehu/mqdRL9deaB/yMl4VIMk+EnXbMX3+
e4WCavpDloYCgtgg4QuZXoJJg85T+SClXlLZhzzXJdsT0elV+23KPMXX8NydE+2r
dI3pBcvr74WFePHHQ2uY2nuv74PJh6/iSctBpdJHM11rjGYVqVjgFwLs87KQj+D1
JLhoDPyf5KIeW14dwZgaafbrpRWv4gyenrx7dpfZIONATeHXKeu63ZonIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAkM3HNVN1xBrYLNYxpi3FEGfC/EMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvQ1F6Y2MxVTNYRUd0Z3MxakdtTGNVUVo4TDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQICw
MA0GCSqGSIb3DQEBCwUAA4IBAQAqnXwR8S6otTGe7G+PUZsL9pmj2+NSJ1pu5fOH
RnL8UWS2bn758WETL3+FnIANqdkgp0uIjgVgHdr4SI2EURaQPyVh+hUtXIKge9AK
ePhqqZPBnAbjGvPp7pWERrIEEt8BYJ+wHW7cbh8zquVzfXm5XMnxgRPG7nO8fsFY
QIowwK7DSXktw+vAXdRhiOM1v7m/yZxb8OOtyLEAYHjcf9XOcnZtQn0LJz7COY9V
uJhFCFX4GeDDgQv9fu0vnax0VYGedxQLYBtieCjc3ULmlEwW5My854DhqaiR2NB5
iJ4LTuz/M2yXbXsUC2vB2NEGcIYflkYZHrsCU6Rfj7MV5wnk
-----END CERTIFICATE-----