Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/RKap0BzC3k1jn-1ZamsVZwcjLDE.roa
File:                     RKap0BzC3k1jn-1ZamsVZwcjLDE.roa (raw, json)
Hash identifier:          zo/BduJPY2EXMkCGpYozUG0oJAnXNWu0/hmxYVxHRcE=
Subject key identifier:   44:A6:A9:D0:1C:C2:DE:4D:63:9F:ED:59:6A:6B:15:67:07:23:2C:31
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8F715A36E5A0BE79B7504B20CDB48
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/RKap0BzC3k1jn-1ZamsVZwcjLDE.roa
Signing time:             Mon 01 Jan 2024 20:30:59 +0000
ROA not before:           Mon 01 Jan 2024 20:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216101
IP address blocks:        2a0c:9a40:9b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f7:15:a3:6e:5a:0b:e7:9b:75:04:b2:0c:db:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44a6a9d01cc2de4d639fed596a6b156707232c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:98:63:04:04:66:27:37:d8:0f:04:a2:98:ec:
                    18:59:0a:cd:d5:7b:27:9c:2c:9a:55:d2:a3:6a:ac:
                    04:bb:d8:01:c1:99:d0:40:c3:9c:2c:24:07:7c:ec:
                    ba:67:fc:1a:8a:18:a6:ec:75:34:bf:eb:69:b6:80:
                    b5:24:f2:60:f5:99:a8:18:4d:49:99:de:32:45:99:
                    76:3e:92:93:5b:91:cf:47:cd:c0:28:ed:54:ce:75:
                    cb:4c:46:9a:66:d0:0b:c3:6b:a6:97:81:0a:8b:92:
                    84:a4:e2:e4:ff:30:f6:27:0a:9e:d1:78:74:d2:e0:
                    39:11:91:2a:d7:18:d3:9f:31:4d:52:d4:1c:17:21:
                    fa:fc:7e:90:0e:7f:4f:ef:7a:3b:0f:d3:09:67:2f:
                    22:6d:13:7a:a9:d0:e4:b7:9c:6b:e0:2e:e6:74:2e:
                    e7:fd:5e:56:af:f3:81:1f:ad:d0:ee:1f:ae:bc:26:
                    19:ef:d6:b7:61:66:03:b7:2e:d4:3b:e0:26:b3:fe:
                    a1:03:83:70:23:d9:40:18:c7:96:f8:71:95:bd:04:
                    77:37:99:0f:4c:85:8e:d2:7e:1b:d9:44:17:f2:15:
                    41:12:94:2b:c2:55:b5:cc:d1:b6:31:fe:e0:7a:c3:
                    20:d0:0c:64:cc:12:ce:88:7e:8b:c5:22:d0:c0:52:
                    f1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A6:A9:D0:1C:C2:DE:4D:63:9F:ED:59:6A:6B:15:67:07:23:2C:31
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/RKap0BzC3k1jn-1ZamsVZwcjLDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:9b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:8f:00:5e:eb:40:1a:f9:8b:79:e4:91:1f:3c:fc:20:e0:e5:
         95:a4:19:f4:c2:fa:1b:78:ae:84:02:89:f7:12:a1:ff:81:79:
         38:83:c4:e3:49:d3:4c:57:d8:5d:6f:09:b5:0e:1d:f6:c1:ad:
         4c:6f:fa:22:db:b0:56:79:51:e7:1c:cd:16:75:e1:8a:91:f4:
         31:87:c7:4e:a1:d2:40:8c:5f:5a:65:9b:f8:48:21:d0:fa:8f:
         bb:7b:8f:c9:ad:1e:ce:49:8f:50:48:a3:b9:0a:14:25:83:38:
         23:18:15:62:80:10:56:8a:b4:6c:e9:bc:88:e5:77:c9:ae:fc:
         c8:d6:27:bd:f9:9b:bf:93:2e:d6:6b:06:9f:19:85:3b:1c:28:
         be:32:5e:91:a4:68:99:b6:1a:00:34:fd:8b:96:15:65:32:72:
         a0:ad:34:61:32:18:4a:b1:78:78:80:11:8a:b6:6c:fb:99:a9:
         14:0f:71:75:01:f2:d0:05:c7:46:95:e4:14:7a:8f:ae:42:cc:
         80:16:eb:90:1a:b5:70:55:2d:f8:a2:a2:0b:97:3b:50:3b:f0:
         f6:1d:16:8e:85:82:56:9e:49:ca:6f:99:6a:08:2c:58:6d:97:
         91:fe:38:8e:67:65:f3:3b:8d:1f:63:b3:50:8a:cf:52:40:33:
         e8:c9:c2:8c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuPcVo25aC+ebdQSyDNtIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE2YTlkMDFjYzJkZTRkNjM5ZmVkNTk2YTZiMTU2NzA3MjMyYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhphjBARmJzfYDwSimOwYWQrN1Xsn
nCyaVdKjaqwEu9gBwZnQQMOcLCQHfOy6Z/waihim7HU0v+tptoC1JPJg9ZmoGE1J
md4yRZl2PpKTW5HPR83AKO1UznXLTEaaZtALw2uml4EKi5KEpOLk/zD2Jwqe0Xh0
0uA5EZEq1xjTnzFNUtQcFyH6/H6QDn9P73o7D9MJZy8ibRN6qdDkt5xr4C7mdC7n
/V5Wr/OBH63Q7h+uvCYZ79a3YWYDty7UO+Ams/6hA4NwI9lAGMeW+HGVvQR3N5kP
TIWO0n4b2UQX8hVBEpQrwlW1zNG2Mf7gesMg0AxkzBLOiH6LxSLQwFLxQwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFESmqdAcwt5NY5/tWWprFWcHIywxMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvUkthcDBCekMzazFqbi0xWmFtc1Zad2NqTERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQJsw
DQYJKoZIhvcNAQELBQADggEBAKiPAF7rQBr5i3nkkR88/CDg5ZWkGfTC+ht4roQC
ifcSof+BeTiDxONJ00xX2F1vCbUOHfbBrUxv+iLbsFZ5UecczRZ14YqR9DGHx06h
0kCMX1plm/hIIdD6j7t7j8mtHs5Jj1BIo7kKFCWDOCMYFWKAEFaKtGzpvIjld8mu
/MjWJ735m7+TLtZrBp8ZhTscKL4yXpGkaJm2GgA0/YuWFWUycqCtNGEyGEqxeHiA
EYq2bPuZqRQPcXUB8tAFx0aV5BR6j65CzIAW65AatXBVLfiioguXO1A78PYdFo6F
glaeScpvmWoILFhtl5H+OI5nZfM7jR9js1CKz1JAM+jJwow=
-----END CERTIFICATE-----