Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/JL3bpe6kQTydXEGptBrbh5jz3po.roa
File:                     JL3bpe6kQTydXEGptBrbh5jz3po.roa (raw, json)
Hash identifier:          jmCcsEkb2vEuqBtKMnKhvI8SWlyQlJ3yFNScl4hGozc=
Subject key identifier:   24:BD:DB:A5:EE:A4:41:3C:9D:5C:41:A9:B4:1A:DB:87:98:F3:DE:9A
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0191F06927546B05FF3491EA7A35A6FE3EC1
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/JL3bpe6kQTydXEGptBrbh5jz3po.roa
Signing time:             Sat 14 Sep 2024 12:01:48 +0000
ROA not before:           Sat 14 Sep 2024 12:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214242
IP address blocks:        2a0c:9a46:300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f0:69:27:54:6b:05:ff:34:91:ea:7a:35:a6:fe:3e:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Sep 14 12:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24bddba5eea4413c9d5c41a9b41adb8798f3de9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4d:f3:83:c4:be:e5:8d:99:1f:92:38:85:4e:
                    9d:b8:64:3d:a4:a1:a3:c7:1f:f4:41:bd:77:cb:cc:
                    b9:6e:b6:ad:0d:92:a7:1b:2f:1e:81:85:87:02:94:
                    99:f0:a6:26:4f:cf:c4:b7:3f:8c:3b:c8:ac:28:3b:
                    5f:df:a6:ef:11:f5:35:6b:36:f5:83:d4:9e:60:5e:
                    0d:6b:16:4c:5a:26:d9:16:df:6f:a4:bc:c4:a3:d5:
                    63:c5:21:2b:7e:6e:7c:1b:98:42:ce:8c:9b:b7:ce:
                    6d:c7:13:f9:20:ff:89:99:1d:dc:d6:8c:a3:62:5e:
                    26:01:21:de:36:5e:42:d5:44:13:78:85:e7:ee:9e:
                    a9:57:a6:6c:97:97:1d:48:8c:76:f6:f3:aa:4c:03:
                    bb:e0:bd:74:54:07:93:3a:ea:fc:6f:30:4d:fb:61:
                    82:ef:f8:70:72:05:b9:7c:d0:fe:63:60:71:40:19:
                    e4:98:51:ea:2d:27:47:f2:cf:d7:09:c6:85:d7:1a:
                    9f:36:bd:20:03:6d:9f:3d:b1:9b:5f:7e:10:ca:48:
                    81:8d:25:64:36:5b:18:cb:29:3c:50:54:b1:42:3c:
                    9c:9f:da:29:28:fb:51:6f:73:bc:c0:f7:5a:56:03:
                    57:ed:56:c9:8d:0e:20:41:da:36:61:64:63:a5:66:
                    57:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:BD:DB:A5:EE:A4:41:3C:9D:5C:41:A9:B4:1A:DB:87:98:F3:DE:9A
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/JL3bpe6kQTydXEGptBrbh5jz3po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a46:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         b4:b6:0f:4f:4b:3b:35:20:f3:8f:da:01:b1:cd:15:b4:d9:d4:
         04:16:41:27:f8:8e:f6:e3:5a:99:b5:84:f1:19:ce:3f:f4:45:
         a6:09:f7:cd:3e:36:c1:85:eb:e3:06:f4:ff:d1:12:ba:cc:e3:
         32:84:26:eb:66:f5:0c:92:00:22:04:ec:8f:e0:ff:7d:a1:f7:
         56:20:25:f7:3e:4e:83:a5:c0:87:30:37:a2:94:19:a7:94:a8:
         18:a4:b6:16:c1:1e:72:b9:79:3d:df:3d:28:32:88:b4:ae:9c:
         55:5b:3a:7e:04:60:3e:d2:03:2b:3e:c3:63:4e:b1:21:c8:c7:
         b0:65:12:e7:70:f6:a1:bc:86:e1:bd:bd:86:cf:1d:78:37:2a:
         4b:d3:88:ea:05:ab:8c:da:f3:d0:0b:d7:13:12:e7:8d:b1:ea:
         ed:77:ad:fa:b3:5a:d8:f2:f5:26:b1:60:02:5d:ce:fc:9c:83:
         11:44:30:fb:0d:b9:ff:0b:00:83:3f:e5:88:be:d6:14:05:75:
         0c:61:4e:ad:17:e7:9f:92:03:00:d3:01:d3:96:35:47:9e:85:
         7a:63:3e:de:1f:f4:f1:16:19:83:af:ec:4b:fe:4b:ee:45:75:
         3a:fb:f0:c6:59:7c:89:c1:4e:13:cf:1b:2c:84:83:82:5c:d4:
         b3:a1:97:47
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZHwaSdUawX/NJHqejWm/j7BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwOTE0MTIwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGJkZGJhNWVlYTQ0MTNjOWQ1YzQxYTliNDFhZGI4Nzk4ZjNkZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE3zg8S+5Y2ZH5I4hU6duGQ9pKGj
xx/0Qb13y8y5bratDZKnGy8egYWHApSZ8KYmT8/Etz+MO8isKDtf36bvEfU1azb1
g9SeYF4NaxZMWibZFt9vpLzEo9VjxSErfm58G5hCzoybt85txxP5IP+JmR3c1oyj
Yl4mASHeNl5C1UQTeIXn7p6pV6Zsl5cdSIx29vOqTAO74L10VAeTOur8bzBN+2GC
7/hwcgW5fND+Y2BxQBnkmFHqLSdH8s/XCcaF1xqfNr0gA22fPbGbX34QykiBjSVk
NlsYyyk8UFSxQjycn9opKPtRb3O8wPdaVgNX7VbJjQ4gQdo2YWRjpWZXnwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCS926XupEE8nVxBqbQa24eY896aMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvSkwzYnBlNmtRVHlkWEVHcHRCcmJoNWp6M3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaRgMw
DQYJKoZIhvcNAQELBQADggEBALS2D09LOzUg84/aAbHNFbTZ1AQWQSf4jvbjWpm1
hPEZzj/0RaYJ980+NsGF6+MG9P/RErrM4zKEJutm9QySACIE7I/g/32h91YgJfc+
ToOlwIcwN6KUGaeUqBikthbBHnK5eT3fPSgyiLSunFVbOn4EYD7SAys+w2NOsSHI
x7BlEudw9qG8huG9vYbPHXg3KkvTiOoFq4za89AL1xMS542x6u13rfqzWtjy9Sax
YAJdzvycgxFEMPsNuf8LAIM/5Yi+1hQFdQxhTq0X55+SAwDTAdOWNUeehXpjPt4f
9PEWGYOv7Ev+S+5FdTr78MZZfInBThPPGyyEg4Jc1LOhl0c=
-----END CERTIFICATE-----