Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HwNjYB1qaxSmA8qr1v2oxQ0Jt0M.roa
File:                     HwNjYB1qaxSmA8qr1v2oxQ0Jt0M.roa (raw, json)
Hash identifier:          9TSYQSJpoIPjRPWLFJxp0NevykWm1VEgFlknTNA1IkA=
Subject key identifier:   1F:03:63:60:1D:6A:6B:14:A6:03:CA:AB:D6:FD:A8:C5:0D:09:B7:43
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018FC5CFD3D1B123DDDB8F21453267A5AF4A
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HwNjYB1qaxSmA8qr1v2oxQ0Jt0M.roa
Signing time:             Wed 29 May 2024 19:24:42 +0000
ROA not before:           Wed 29 May 2024 19:24:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215129
IP address blocks:        2a0c:9a40:8560::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c5:cf:d3:d1:b1:23:dd:db:8f:21:45:32:67:a5:af:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May 29 19:24:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f0363601d6a6b14a603caabd6fda8c50d09b743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:82:db:fe:b6:d7:bf:11:70:df:aa:b9:43:14:
                    00:61:43:89:06:a7:23:3b:6d:22:f2:a4:cd:02:06:
                    50:2a:07:76:d3:a1:ce:87:7d:17:2f:d3:5f:95:92:
                    b6:b4:53:14:3c:40:92:23:3e:4a:29:1e:35:36:a8:
                    6c:59:91:43:b5:85:86:92:fc:3b:24:17:3f:63:7a:
                    55:83:8d:30:a1:17:1d:0f:08:2c:14:1c:90:51:66:
                    bd:b5:3f:76:85:4e:0d:54:79:61:8a:72:94:ff:4b:
                    e2:2a:64:e0:e7:30:79:98:72:ec:f8:64:0c:7f:95:
                    01:2b:86:e3:b0:c9:13:4b:72:e0:fb:92:a5:5f:68:
                    c2:5d:b8:df:60:a1:7a:da:9f:c3:f6:cd:c5:89:37:
                    98:62:83:dc:48:3b:3d:30:43:e4:8e:e6:c1:19:bf:
                    25:50:84:94:a6:4a:cf:57:24:39:4a:5e:69:9e:10:
                    8c:c0:bb:65:cb:6c:88:0f:91:a1:15:8c:4c:00:cb:
                    74:6c:29:39:83:4d:fc:4e:be:fa:2c:c8:a0:f2:a1:
                    ef:45:79:62:81:22:57:3d:cd:61:86:7a:a6:1b:15:
                    98:12:e4:f1:24:8c:dd:19:84:a7:f7:08:e7:5c:7d:
                    57:f3:aa:25:86:a4:85:20:81:b7:c4:46:4a:ae:92:
                    7b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:03:63:60:1D:6A:6B:14:A6:03:CA:AB:D6:FD:A8:C5:0D:09:B7:43
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/HwNjYB1qaxSmA8qr1v2oxQ0Jt0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8560::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:73:0f:c7:72:13:62:da:d6:c5:74:b2:46:13:f5:19:52:c7:
         92:f5:f6:79:06:2f:02:59:e1:db:f9:eb:e5:2e:19:50:c3:a6:
         0a:9a:31:d4:25:6a:4b:f3:a3:6b:5b:a9:9b:38:cf:8c:6a:c6:
         87:ee:b9:2e:b4:83:4c:aa:19:42:83:e0:9a:b4:a6:60:4a:de:
         0f:2d:06:df:52:cd:3f:25:e1:32:26:2b:ad:2a:d4:a9:41:6d:
         0b:8f:65:fe:22:5d:6d:68:6a:3b:b0:89:73:b4:c8:43:cf:a4:
         25:77:13:1f:ce:de:17:3c:8f:b1:74:65:b2:b4:4b:cc:d8:18:
         37:a6:e2:8a:21:d8:5f:6c:0b:bd:58:5e:6d:d2:cb:76:51:84:
         82:17:7a:1a:61:3c:da:d1:e2:d9:32:18:19:f6:60:81:4b:97:
         36:f5:f7:97:b4:2f:e9:eb:7c:ca:23:04:6b:75:50:c8:2b:49:
         18:81:e5:ee:6b:6b:b8:37:62:41:12:99:37:93:cd:42:82:db:
         a2:ff:8e:be:6f:02:71:ce:56:99:8d:e5:e3:d7:4b:d7:c2:4f:
         7c:14:2e:f9:26:75:de:2e:9a:43:35:10:63:fa:17:8f:5a:ff:
         a2:a6:97:46:0b:6d:9a:20:56:15:88:86:ec:7e:87:ed:ef:f2:
         6e:89:8a:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/Fz9PRsSPd248hRTJnpa9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNTI5MTkyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjAzNjM2MDFkNmE2YjE0YTYwM2NhYWJkNmZkYThjNTBkMDliNzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04Lb/rbXvxFw36q5QxQAYUOJBqcj
O20i8qTNAgZQKgd206HOh30XL9NflZK2tFMUPECSIz5KKR41NqhsWZFDtYWGkvw7
JBc/Y3pVg40woRcdDwgsFByQUWa9tT92hU4NVHlhinKU/0viKmTg5zB5mHLs+GQM
f5UBK4bjsMkTS3Lg+5KlX2jCXbjfYKF62p/D9s3FiTeYYoPcSDs9MEPkjubBGb8l
UISUpkrPVyQ5Sl5pnhCMwLtly2yID5GhFYxMAMt0bCk5g038Tr76LMig8qHvRXli
gSJXPc1hhnqmGxWYEuTxJIzdGYSn9wjnXH1X86olhqSFIIG3xEZKrpJ7RQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB8DY2AdamsUpgPKq9b9qMUNCbdDMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvSHdOallCMXFheFNtQThxcjF2Mm94UTBKdDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIVg
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcw/HchNi2tbFdLJGE/UZUseS9fZ5Bi8CWeHb
+evlLhlQw6YKmjHUJWpL86NrW6mbOM+MasaH7rkutINMqhlCg+CatKZgSt4PLQbf
Us0/JeEyJiutKtSpQW0Lj2X+Il1taGo7sIlztMhDz6QldxMfzt4XPI+xdGWytEvM
2Bg3puKKIdhfbAu9WF5t0st2UYSCF3oaYTza0eLZMhgZ9mCBS5c29feXtC/p63zK
IwRrdVDIK0kYgeXua2u4N2JBEpk3k81Cgtui/46+bwJxzlaZjeXj10vXwk98FC75
JnXeLppDNRBj+hePWv+ippdGC22aIFYViIbsfoft7/JuiYod
-----END CERTIFICATE-----