Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HvVmmneWbbNT6l6aR-tgcqdsySc.roa
File:                     HvVmmneWbbNT6l6aR-tgcqdsySc.roa (raw, json)
Hash identifier:          4dcUx90vObLByiImlxeacMJDCIDQiNiY9q7qFsjhL2Y=
Subject key identifier:   1E:F5:66:9A:77:96:6D:B3:53:EA:5E:9A:47:EB:60:72:A7:6C:C9:27
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0192B3D1162AC3D736AD71709DC4AB40724B
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HvVmmneWbbNT6l6aR-tgcqdsySc.roa
Signing time:             Tue 22 Oct 2024 10:41:17 +0000
ROA not before:           Tue 22 Oct 2024 10:41:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213990
IP address blocks:        2a0c:9a40:8630::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b3:d1:16:2a:c3:d7:36:ad:71:70:9d:c4:ab:40:72:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Oct 22 10:41:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ef5669a77966db353ea5e9a47eb6072a76cc927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f5:ee:6e:c9:20:b3:91:bb:ed:a1:c0:6f:c0:
                    74:10:c9:fe:ba:66:0e:61:09:3b:af:5f:ef:6e:f0:
                    06:c5:3b:03:44:70:75:3c:71:a9:ca:4a:dc:c8:ef:
                    2c:34:31:70:af:08:8a:47:fe:04:4b:b9:7b:8b:d2:
                    bc:0a:76:0c:9f:9f:95:0d:51:8a:9b:6c:d1:81:a4:
                    8e:04:1c:60:d8:1f:d5:fc:9f:aa:b2:70:87:3f:24:
                    17:38:d9:31:34:6d:e7:df:1d:36:6e:59:14:b3:47:
                    b3:8a:9b:53:f0:5c:07:60:2f:e0:42:6c:72:d7:fd:
                    59:fb:bf:8b:df:99:42:1e:bc:4d:2c:74:57:79:39:
                    51:21:7b:25:1e:9d:bf:94:e7:0f:fb:27:c0:8b:f7:
                    77:b3:9f:bd:ff:9b:31:88:68:29:ba:e5:3c:25:82:
                    3a:60:56:1e:29:f6:64:9f:4c:02:5b:e0:07:62:31:
                    af:0b:94:ef:f7:a6:b5:11:d0:95:78:25:3d:9f:91:
                    2f:86:2b:06:ee:3e:6a:43:f3:ae:c8:0b:72:79:9e:
                    6b:c0:5f:28:c4:a5:f2:3e:31:d9:8b:76:d2:a5:f3:
                    1a:d6:ab:a9:f6:98:ee:3c:30:b3:1b:f5:0d:85:72:
                    5b:f5:33:e3:dd:22:14:8d:fa:dd:b3:97:70:ea:f3:
                    bf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:F5:66:9A:77:96:6D:B3:53:EA:5E:9A:47:EB:60:72:A7:6C:C9:27
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HvVmmneWbbNT6l6aR-tgcqdsySc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8630::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:11:5e:ae:1b:d6:bd:a7:ff:ab:5b:31:08:01:04:c5:14:9c:
         8f:20:d1:d2:de:b5:3b:a1:fc:21:ca:1b:b7:00:b7:6f:1a:61:
         63:f6:cf:ce:81:73:94:23:c0:69:4b:5f:af:ca:93:9d:7a:80:
         b5:c3:83:9c:41:34:7e:d5:3b:bc:81:71:02:4b:f2:af:c3:f5:
         d6:66:ef:0f:13:7b:13:d1:44:f6:74:db:dd:21:35:68:ce:b1:
         c5:4f:d6:3f:28:e6:5f:40:24:f1:81:42:fe:df:38:da:36:03:
         fe:10:ce:eb:73:19:46:ee:48:f6:84:39:f3:3f:6d:b0:4f:83:
         02:be:51:4f:e6:16:05:c7:ee:77:fe:05:51:58:2a:f8:1a:b8:
         23:41:f5:6c:ea:ad:b3:0b:29:31:3a:6a:60:d5:e6:aa:cd:25:
         33:e9:58:56:45:22:92:1a:85:6d:eb:f1:ee:3b:78:ac:cd:34:
         e2:ab:b6:fd:af:5a:d4:82:92:ba:e3:25:60:59:ea:e6:bc:97:
         2a:74:d7:9d:94:08:77:e7:5b:2b:e9:11:cf:80:c2:be:c2:76:
         c9:1d:bb:b8:4b:72:c5:3c:89:79:a7:1c:88:4e:62:15:a4:ed:
         ca:f9:76:ef:f5:54:db:9b:b9:0d:34:bd:da:1c:06:bb:e2:03:
         49:87:4f:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZKz0RYqw9c2rXFwncSrQHJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQxMDIyMTA0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWY1NjY5YTc3OTY2ZGIzNTNlYTVlOWE0N2ViNjA3MmE3NmNjOTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/Xubskgs5G77aHAb8B0EMn+umYO
YQk7r1/vbvAGxTsDRHB1PHGpykrcyO8sNDFwrwiKR/4ES7l7i9K8CnYMn5+VDVGK
m2zRgaSOBBxg2B/V/J+qsnCHPyQXONkxNG3n3x02blkUs0eziptT8FwHYC/gQmxy
1/1Z+7+L35lCHrxNLHRXeTlRIXslHp2/lOcP+yfAi/d3s5+9/5sxiGgpuuU8JYI6
YFYeKfZkn0wCW+AHYjGvC5Tv96a1EdCVeCU9n5EvhisG7j5qQ/OuyAtyeZ5rwF8o
xKXyPjHZi3bSpfMa1qup9pjuPDCzG/UNhXJb9TPj3SIUjfrds5dw6vO/6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB71Zpp3lm2zU+pemkfrYHKnbMknMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvSHZWbW1uZVdiYk5UNmw2YVItdGdjcWRzeVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIYw
MA0GCSqGSIb3DQEBCwUAA4IBAQA9EV6uG9a9p/+rWzEIAQTFFJyPINHS3rU7ofwh
yhu3ALdvGmFj9s/OgXOUI8BpS1+vypOdeoC1w4OcQTR+1Tu8gXECS/Kvw/XWZu8P
E3sT0UT2dNvdITVozrHFT9Y/KOZfQCTxgUL+3zjaNgP+EM7rcxlG7kj2hDnzP22w
T4MCvlFP5hYFx+53/gVRWCr4GrgjQfVs6q2zCykxOmpg1eaqzSUz6VhWRSKSGoVt
6/HuO3iszTTiq7b9r1rUgpK64yVgWermvJcqdNedlAh351sr6RHPgMK+wnbJHbu4
S3LFPIl5pxyITmIVpO3K+Xbv9VTbm7kNNL3aHAa74gNJh09+
-----END CERTIFICATE-----