Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HRiJuY6N4DMG9-81c4oJP5V_NS0.roa
File:                     HRiJuY6N4DMG9-81c4oJP5V_NS0.roa (raw, json)
Hash identifier:          EZoSQ6VuAcnNOlnGfUgvUz/7MWeq16edARL8egRU1Jk=
Subject key identifier:   1D:18:89:B9:8E:8D:E0:33:06:F7:EF:35:73:8A:09:3F:95:7F:35:2D
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018D55709BC86142D863B4B94632F4D0A0E3
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HRiJuY6N4DMG9-81c4oJP5V_NS0.roa
Signing time:             Mon 29 Jan 2024 13:37:39 +0000
ROA not before:           Mon 29 Jan 2024 13:37:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215660
IP address blocks:        2a0e:7d44::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:70:9b:c8:61:42:d8:63:b4:b9:46:32:f4:d0:a0:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan 29 13:37:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d1889b98e8de03306f7ef35738a093f957f352d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d3:99:6c:20:5a:ca:ec:ab:55:5b:b6:30:f6:
                    83:a2:32:55:0c:db:95:b5:bb:cc:f0:d0:96:99:dd:
                    41:f3:e5:66:86:86:cb:bb:d5:9a:60:42:d3:fc:42:
                    93:58:f2:d1:97:00:e5:1a:1c:1b:d4:0d:92:69:12:
                    1f:36:4e:01:70:7f:c1:e8:59:ee:dd:d4:93:b6:a3:
                    2f:31:3f:57:e5:1d:bb:35:a4:d1:e9:4e:b3:1a:a6:
                    a1:e9:10:57:18:0f:2f:4f:01:90:1c:6a:d4:a0:fe:
                    48:b5:93:8d:ae:e1:bd:ec:c5:ea:1b:0b:69:8c:99:
                    ea:07:fa:38:f7:10:1d:d5:ab:be:1c:7d:c5:de:06:
                    1a:90:96:7f:09:e4:c9:72:5d:28:1b:3a:cb:f8:9e:
                    16:1b:5e:e6:30:0f:97:ec:e9:6c:93:70:9e:76:0b:
                    07:a9:15:cc:f4:a3:f5:75:c6:b0:d3:f4:fd:12:75:
                    19:f1:48:31:fe:7a:49:ad:08:02:a0:8c:a2:2c:01:
                    33:06:f0:ca:f5:b3:10:33:f1:cb:20:8c:cd:75:1a:
                    bf:7a:94:1f:76:6c:61:1a:42:66:70:f8:76:c6:ae:
                    7d:a9:09:75:c6:45:f0:98:fd:63:06:e9:c2:7a:a5:
                    de:d1:ed:c6:9d:31:d0:b5:ef:5a:cc:d9:35:9f:77:
                    d4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:18:89:B9:8E:8D:E0:33:06:F7:EF:35:73:8A:09:3F:95:7F:35:2D
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HRiJuY6N4DMG9-81c4oJP5V_NS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7d44::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:31:39:81:d9:16:84:e8:ea:4a:06:ea:30:17:9d:aa:6d:a3:
         e5:9b:23:d5:f7:99:0e:6b:7c:24:4d:e6:1f:f0:66:27:af:f1:
         2c:cc:16:ad:c3:49:6e:c3:22:ba:dc:bf:cd:e6:90:15:34:32:
         0f:08:fa:29:fd:1e:1d:64:bc:36:45:a6:b6:8a:02:09:0f:aa:
         75:83:a8:40:49:f6:44:85:64:2d:7d:67:ac:37:a2:3a:64:36:
         53:28:c2:c1:68:fb:68:3d:fd:4f:9e:e4:fa:08:8f:86:2b:fe:
         ad:55:8f:f6:2a:84:75:5b:ee:f2:1e:6f:87:1e:7d:d9:90:41:
         af:aa:87:d8:c2:e7:c9:38:3e:cd:90:20:e7:23:61:12:da:30:
         2a:ae:b6:54:43:69:a8:03:af:a2:b6:df:ab:92:df:55:37:d5:
         a2:76:68:77:06:ef:83:20:4d:ff:d6:65:53:3d:0b:7f:16:32:
         aa:db:4f:9a:a0:43:06:35:2a:f1:45:b1:39:4f:d2:c5:92:55:
         ec:6a:86:dd:c3:0f:fe:47:39:86:af:78:96:ff:75:2b:08:be:
         d9:b9:95:74:b0:ec:b7:cc:16:97:13:dc:ae:60:b3:ec:54:2b:
         24:52:68:5a:da:61:46:b6:0a:ad:52:95:92:98:bd:5a:d8:cc:
         f0:4d:7f:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1VcJvIYULYY7S5RjL00KDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTI5MTMzNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDE4ODliOThlOGRlMDMzMDZmN2VmMzU3MzhhMDkzZjk1N2YzNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NOZbCBayuyrVVu2MPaDojJVDNuV
tbvM8NCWmd1B8+VmhobLu9WaYELT/EKTWPLRlwDlGhwb1A2SaRIfNk4BcH/B6Fnu
3dSTtqMvMT9X5R27NaTR6U6zGqah6RBXGA8vTwGQHGrUoP5ItZONruG97MXqGwtp
jJnqB/o49xAd1au+HH3F3gYakJZ/CeTJcl0oGzrL+J4WG17mMA+X7Olsk3CedgsH
qRXM9KP1dcaw0/T9EnUZ8Ugx/npJrQgCoIyiLAEzBvDK9bMQM/HLIIzNdRq/epQf
dmxhGkJmcPh2xq59qQl1xkXwmP1jBunCeqXe0e3GnTHQte9azNk1n3fUEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB0YibmOjeAzBvfvNXOKCT+VfzUtMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvSFJpSnVZNk40RE1HOS04MWM0b0pQNVZfTlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg59RAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAWMTmB2RaE6OpKBuowF52qbaPlmyPV95kOa3wk
TeYf8GYnr/EszBatw0luwyK63L/N5pAVNDIPCPop/R4dZLw2Raa2igIJD6p1g6hA
SfZEhWQtfWesN6I6ZDZTKMLBaPtoPf1PnuT6CI+GK/6tVY/2KoR1W+7yHm+HHn3Z
kEGvqofYwufJOD7NkCDnI2ES2jAqrrZUQ2moA6+itt+rkt9VN9Widmh3Bu+DIE3/
1mVTPQt/FjKq20+aoEMGNSrxRbE5T9LFklXsaobdww/+RzmGr3iW/3UrCL7ZuZV0
sOy3zBaXE9yuYLPsVCskUmha2mFGtgqtUpWSmL1a2MzwTX+x
-----END CERTIFICATE-----