Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/OtbpO2YLG7P4bFvFPzExRyfOECg.roa
File:                     OtbpO2YLG7P4bFvFPzExRyfOECg.roa (raw, json)
Hash identifier:          whAscITfpXflic9ZB83DyDvJ29pUVwf40U4NS0ISGp4=
Subject key identifier:   3A:D6:E9:3B:66:0B:1B:B3:F8:6C:5B:C5:3F:31:31:47:27:CE:10:28
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8F237226DE89CF669B018C8D40911
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/OtbpO2YLG7P4bFvFPzExRyfOECg.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213253
IP address blocks:        2a0c:9a40:81fb::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f2:37:22:6d:e8:9c:f6:69:b0:18:c8:d4:09:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ad6e93b660b1bb3f86c5bc53f31314727ce1028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:1d:9a:bb:19:fa:e3:6c:4c:25:94:88:09:b4:
                    38:51:56:db:50:01:da:c9:0d:d3:93:5d:4f:18:d3:
                    89:bc:85:4d:1f:fb:04:a6:b6:cb:63:0a:0a:b1:a8:
                    4e:71:84:b1:e7:83:81:30:4f:e4:70:68:02:6b:03:
                    d7:88:81:20:06:7d:7a:f8:cc:da:b7:a0:5a:ad:e5:
                    e0:81:aa:c8:87:fa:6f:5b:9b:9a:e5:a0:42:1e:7c:
                    3e:3c:ba:66:59:1f:c2:73:9e:f7:3a:47:54:06:db:
                    e3:ab:a5:80:d7:73:e2:5c:b3:99:dc:b3:dc:ce:bf:
                    03:53:45:d3:ed:95:c4:f8:0e:1f:0d:bf:66:0d:7b:
                    c8:25:56:5d:5e:96:06:8c:9c:a6:48:d0:9c:38:f4:
                    c2:c8:4c:07:ca:fe:30:d6:b9:e5:99:26:b3:f2:1a:
                    43:11:b6:1f:37:ee:34:2b:10:6f:45:a3:84:92:ff:
                    86:17:33:da:9a:9b:95:75:20:3e:6e:dd:c5:0e:ab:
                    c4:77:c0:0f:f8:9a:83:26:c4:e5:7f:a2:08:21:ea:
                    11:09:54:2c:21:f7:53:79:57:bf:bb:43:e7:58:56:
                    71:ed:c2:7c:8f:d3:e8:a9:6f:47:bf:b5:ef:c5:be:
                    6d:0a:5d:c6:88:74:7f:7b:53:ff:33:de:3f:56:1a:
                    5d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D6:E9:3B:66:0B:1B:B3:F8:6C:5B:C5:3F:31:31:47:27:CE:10:28
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/OtbpO2YLG7P4bFvFPzExRyfOECg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:81fb::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:12:f8:5b:80:fb:79:41:3a:b4:13:bd:79:d6:ce:d0:63:00:
         85:7e:00:a5:23:87:bf:8f:df:4c:ec:12:cd:26:c8:48:19:6b:
         3b:44:80:f2:9e:ab:92:04:bd:a4:24:f7:d4:08:60:32:aa:f5:
         cc:cf:d5:b3:e8:f5:09:54:f8:17:97:f9:69:48:ad:ff:e5:07:
         8a:32:da:8c:81:a9:30:fc:35:c1:cb:03:d7:63:15:d2:29:78:
         78:df:17:4e:97:93:8f:37:a8:61:97:1f:29:3f:0a:05:72:21:
         08:f8:70:37:89:06:83:15:c1:a3:d1:0a:bb:8f:2e:3b:6c:99:
         a7:7c:f9:c7:50:85:b0:f0:51:31:21:49:90:8c:3c:30:c1:c3:
         bb:89:84:42:b6:a4:03:ae:d2:1f:d3:26:de:ef:81:5b:c2:bc:
         94:1a:e0:7d:ef:98:f2:6f:92:1a:70:3e:c1:a2:be:2f:64:ac:
         99:ee:d0:e7:79:8b:a6:22:b6:51:d4:df:e5:d1:0b:89:ba:12:
         63:13:48:29:d4:95:f6:78:37:d5:77:06:db:36:41:7c:f3:fc:
         57:6c:db:2c:92:da:55:4a:3d:cf:8e:fd:9b:6f:b3:33:26:2e:
         32:bf:9c:06:86:67:7e:0c:b1:4c:43:1d:7a:ff:02:76:d0:25:
         75:9e:fc:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuPI3Im3onPZpsBjI1AkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQ2ZTkzYjY2MGIxYmIzZjg2YzViYzUzZjMxMzE0NzI3Y2UxMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB2auxn642xMJZSICbQ4UVbbUAHa
yQ3Tk11PGNOJvIVNH/sEprbLYwoKsahOcYSx54OBME/kcGgCawPXiIEgBn16+Mza
t6BareXggarIh/pvW5ua5aBCHnw+PLpmWR/Cc573OkdUBtvjq6WA13PiXLOZ3LPc
zr8DU0XT7ZXE+A4fDb9mDXvIJVZdXpYGjJymSNCcOPTCyEwHyv4w1rnlmSaz8hpD
EbYfN+40KxBvRaOEkv+GFzPampuVdSA+bt3FDqvEd8AP+JqDJsTlf6IIIeoRCVQs
IfdTeVe/u0PnWFZx7cJ8j9PoqW9Hv7Xvxb5tCl3GiHR/e1P/M94/VhpdzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDrW6TtmCxuz+GxbxT8xMUcnzhAoMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvT3RicE8yWUxHN1A0YkZ2RlB6RXhSeWZPRUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIH7
MA0GCSqGSIb3DQEBCwUAA4IBAQAzEvhbgPt5QTq0E7151s7QYwCFfgClI4e/j99M
7BLNJshIGWs7RIDynquSBL2kJPfUCGAyqvXMz9Wz6PUJVPgXl/lpSK3/5QeKMtqM
gakw/DXBywPXYxXSKXh43xdOl5OPN6hhlx8pPwoFciEI+HA3iQaDFcGj0Qq7jy47
bJmnfPnHUIWw8FExIUmQjDwwwcO7iYRCtqQDrtIf0ybe74FbwryUGuB975jyb5Ia
cD7Bor4vZKyZ7tDneYumIrZR1N/l0QuJuhJjE0gp1JX2eDfVdwbbNkF88/xXbNss
ktpVSj3Pjv2bb7MzJi4yv5wGhmd+DLFMQx16/wJ20CV1nvzu
-----END CERTIFICATE-----