Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Q_RW79VRTS4gMIskMMTvLZkmTok.roa
File:                     Q_RW79VRTS4gMIskMMTvLZkmTok.roa (raw, json)
Hash identifier:          nIZc9/aAAsKaO0qDeDdkH1xCoDie/lw5wQCe8IEa5Ys=
Subject key identifier:   43:F4:56:EF:D5:51:4D:2E:20:30:8B:24:30:C4:EF:2D:99:26:4E:89
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D604AD412913FF86C6EBDF01C1B9
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Q_RW79VRTS4gMIskMMTvLZkmTok.roa
Signing time:             Mon 01 Jan 2024 20:30:51 +0000
ROA not before:           Mon 01 Jan 2024 20:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48646
IP address blocks:        2a0c:9a40:808a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 06:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d6:04:ad:41:29:13:ff:86:c6:eb:df:01:c1:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43f456efd5514d2e20308b2430c4ef2d99264e89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:85:7f:c0:34:a6:f9:13:db:6a:a7:7a:0b:ea:
                    c2:12:f4:8f:70:7e:48:b8:2d:1e:94:91:d4:c2:b5:
                    1e:d6:72:3b:54:ee:a1:21:57:b9:0e:7c:2d:e7:bc:
                    9e:30:94:fb:30:c2:08:c9:b7:2b:8f:81:2a:ea:7e:
                    88:33:46:86:31:4c:a8:c4:37:c9:60:ea:9e:f9:1a:
                    c0:8b:9f:88:ed:d9:78:64:46:cd:3f:ee:34:c8:18:
                    5e:da:1f:d0:b7:d2:20:38:8b:56:11:f5:01:54:6d:
                    4f:85:26:21:8d:b8:a0:bb:ff:d6:15:ba:e7:54:a0:
                    2e:52:30:e6:8b:88:d4:f8:a2:de:59:c5:0c:84:7b:
                    64:1e:55:79:05:06:05:c7:18:05:46:79:b3:32:c2:
                    99:55:99:8c:db:84:7f:89:ce:aa:a0:e3:da:11:eb:
                    ac:fe:0a:a5:ba:71:7e:ad:3d:6c:d9:68:d2:15:0b:
                    ca:cb:7e:45:3a:bf:5e:71:7e:28:f9:06:db:f0:27:
                    10:6e:0a:b3:d2:e6:af:eb:c3:32:a3:e9:d0:b6:c8:
                    6b:17:cd:08:b0:80:95:7f:ca:b1:97:07:94:6e:1c:
                    f2:70:03:da:fd:98:c9:06:ab:55:0a:e3:55:9f:1c:
                    b4:f4:c7:6a:29:db:da:1f:c3:57:2b:63:db:a1:4a:
                    da:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F4:56:EF:D5:51:4D:2E:20:30:8B:24:30:C4:EF:2D:99:26:4E:89
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Q_RW79VRTS4gMIskMMTvLZkmTok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:808a::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:ba:37:0b:b2:c3:aa:ab:11:68:96:fd:55:4b:eb:81:9f:1c:
         12:12:5b:34:c1:a2:43:c5:6d:c5:da:e8:4c:03:aa:dc:54:20:
         7d:13:6e:3b:43:35:64:bb:eb:6f:9b:68:ec:53:ce:c6:13:b9:
         f3:8d:a0:a2:9d:3f:f0:4f:96:00:63:e6:40:ab:5c:1a:af:c8:
         4a:d5:76:b4:7e:f6:97:e7:18:93:1d:db:e5:35:9e:63:8e:99:
         b9:88:ec:49:6e:31:90:1f:8b:6f:14:0d:bd:59:9c:a8:ea:d9:
         51:91:1a:db:19:1e:01:13:0a:07:cf:49:d5:37:cf:69:13:c1:
         18:df:63:7c:9a:cf:cc:c5:48:6b:60:9c:c9:69:db:83:e8:9f:
         a7:b2:24:50:27:68:4e:f8:4e:03:8e:e3:0e:b8:3d:9e:c2:aa:
         c6:38:42:14:2c:5a:14:94:8b:7a:f9:e1:9d:f3:74:19:70:54:
         28:f0:c1:6d:66:4f:b3:47:77:5b:b5:ad:94:c5:58:7b:2e:4f:
         8d:5e:b1:b1:be:e1:65:d7:c8:f4:c9:33:01:a2:7d:6e:ba:93:
         85:f0:71:5e:80:e9:97:50:fe:4e:81:a5:a5:a5:08:9f:3d:c9:
         8d:99:3d:66:5c:6c:69:67:a9:b6:62:9f:79:a3:ee:2b:8c:90:
         a3:51:b1:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNYErUEpE/+GxuvfAcG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Y0NTZlZmQ1NTE0ZDJlMjAzMDhiMjQzMGM0ZWYyZDk5MjY0ZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIV/wDSm+RPbaqd6C+rCEvSPcH5I
uC0elJHUwrUe1nI7VO6hIVe5Dnwt57yeMJT7MMIIybcrj4Eq6n6IM0aGMUyoxDfJ
YOqe+RrAi5+I7dl4ZEbNP+40yBhe2h/Qt9IgOItWEfUBVG1PhSYhjbigu//WFbrn
VKAuUjDmi4jU+KLeWcUMhHtkHlV5BQYFxxgFRnmzMsKZVZmM24R/ic6qoOPaEeus
/gqlunF+rT1s2WjSFQvKy35FOr9ecX4o+Qbb8CcQbgqz0uav68Myo+nQtshrF80I
sICVf8qxlweUbhzycAPa/ZjJBqtVCuNVnxy09MdqKdvaH8NXK2PboUrarQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEP0Vu/VUU0uIDCLJDDE7y2ZJk6JMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvUV9SVzc5VlJUUzRnTUlza01NVHZMWmttVG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQICK
MA0GCSqGSIb3DQEBCwUAA4IBAQBhujcLssOqqxFolv1VS+uBnxwSEls0waJDxW3F
2uhMA6rcVCB9E247QzVku+tvm2jsU87GE7nzjaCinT/wT5YAY+ZAq1war8hK1Xa0
fvaX5xiTHdvlNZ5jjpm5iOxJbjGQH4tvFA29WZyo6tlRkRrbGR4BEwoHz0nVN89p
E8EY32N8ms/MxUhrYJzJaduD6J+nsiRQJ2hO+E4DjuMOuD2ewqrGOEIULFoUlIt6
+eGd83QZcFQo8MFtZk+zR3dbta2UxVh7Lk+NXrGxvuFl18j0yTMBon1uupOF8HFe
gOmXUP5OgaWlpQifPcmNmT1mXGxpZ6m2Yp95o+4rjJCjUbEw
-----END CERTIFICATE-----