Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/RNRwuTglHIFUXeuiTwybiEs5zBw.roa
File:                     RNRwuTglHIFUXeuiTwybiEs5zBw.roa (raw, json)
Hash identifier:          ykdkIUgx9n6KvUclEaFb9RRiuhO0j0UbU3K8+J4nC4g=
Subject key identifier:   44:D4:70:B9:38:25:1C:81:54:5D:EB:A2:4F:0C:9B:88:4B:39:CC:1C
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E5AE2041895BC4F1190C567E4E97
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/RNRwuTglHIFUXeuiTwybiEs5zBw.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203062
IP address blocks:        2a0c:9a40:9100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e5:ae:20:41:89:5b:c4:f1:19:0c:56:7e:4e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44d470b938251c81545deba24f0c9b884b39cc1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:86:20:18:3a:6c:a0:2d:b4:ae:76:eb:e8:6b:
                    5d:67:b5:b4:15:bc:88:18:61:96:e6:99:8f:2d:d1:
                    cd:0f:32:95:08:24:ab:f8:cc:fa:de:48:d6:e6:4e:
                    4f:df:ca:2c:87:8c:dc:83:f8:67:db:43:b2:06:ca:
                    eb:52:28:0f:24:ee:b2:66:e1:2a:53:0c:12:2d:00:
                    52:58:53:91:16:bf:6b:c8:9e:6a:77:8e:2d:5f:92:
                    61:27:58:65:eb:c8:03:14:d3:45:71:cf:46:82:f5:
                    54:03:e5:6f:c8:48:91:11:d9:9f:32:bf:db:58:52:
                    c2:35:69:73:74:bf:28:09:cd:af:c4:6d:91:d3:6c:
                    2e:a6:31:b1:34:79:97:18:99:55:76:e8:7c:9e:4e:
                    f4:cb:82:58:1a:07:48:32:f3:a7:be:80:0c:a1:c8:
                    07:1c:c5:16:53:89:60:30:65:ac:16:0b:0e:5f:d5:
                    8f:c5:e5:0b:6f:84:a6:53:2f:26:c7:70:77:b0:3a:
                    a6:61:dc:ba:40:fb:95:34:fe:93:a5:05:9c:20:c6:
                    97:5f:ed:d9:b5:0e:30:39:a8:c6:e9:a1:39:78:d7:
                    e9:1f:bc:cc:51:df:7e:62:97:4d:c9:84:10:6a:9d:
                    8a:c8:ae:6a:1c:73:a3:61:d5:98:86:ac:fe:ba:f8:
                    0e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D4:70:B9:38:25:1C:81:54:5D:EB:A2:4F:0C:9B:88:4B:39:CC:1C
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/RNRwuTglHIFUXeuiTwybiEs5zBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:9100::/40

    Signature Algorithm: sha256WithRSAEncryption
         4c:27:6d:fd:99:57:bc:3b:9b:dd:34:21:40:c0:92:51:29:9e:
         7b:4f:af:57:d8:af:51:97:5f:4a:3f:c6:f4:0d:55:0b:9c:43:
         16:95:d2:65:18:cb:43:d6:c4:ea:98:c1:c1:ee:be:8d:0e:e7:
         3e:cf:21:cd:6b:fe:5f:8f:69:b8:31:8d:72:c0:05:5d:fe:fe:
         d4:10:a1:bb:f5:4d:7f:6f:65:04:70:9c:de:e4:84:fc:75:2a:
         fd:38:c6:f0:17:9c:8d:e3:69:25:01:1f:55:3f:13:e8:70:52:
         2e:d6:51:4b:a9:f5:81:4b:14:bc:98:3e:45:5d:7d:b7:50:d4:
         04:ad:e2:1f:02:25:ab:61:af:86:7a:74:b3:eb:5a:e5:da:c9:
         32:6b:3d:02:39:f0:4a:c7:82:4d:c2:b3:83:10:80:25:26:d7:
         39:f9:b5:02:3a:69:21:78:b1:46:7e:72:ae:84:8b:5d:61:9b:
         e7:31:03:75:1f:28:ad:46:6b:85:dc:7b:75:79:2f:73:0f:97:
         6f:ed:da:9e:38:29:dd:3b:bc:df:49:bc:c5:99:91:8b:fc:e9:
         5f:14:ee:ad:f4:67:b0:fc:d8:11:55:33:a2:11:12:ca:c0:08:
         32:e1:06:0a:e6:cf:f8:75:b1:c7:98:c4:ea:ee:3c:cd:1a:5b:
         db:3a:be:95
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuOWuIEGJW8TxGQxWfk6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGQ0NzBiOTM4MjUxYzgxNTQ1ZGViYTI0ZjBjOWI4ODRiMzljYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoYgGDpsoC20rnbr6GtdZ7W0FbyI
GGGW5pmPLdHNDzKVCCSr+Mz63kjW5k5P38osh4zcg/hn20OyBsrrUigPJO6yZuEq
UwwSLQBSWFORFr9ryJ5qd44tX5JhJ1hl68gDFNNFcc9GgvVUA+VvyEiREdmfMr/b
WFLCNWlzdL8oCc2vxG2R02wupjGxNHmXGJlVduh8nk70y4JYGgdIMvOnvoAMocgH
HMUWU4lgMGWsFgsOX9WPxeULb4SmUy8mx3B3sDqmYdy6QPuVNP6TpQWcIMaXX+3Z
tQ4wOajG6aE5eNfpH7zMUd9+YpdNyYQQap2KyK5qHHOjYdWYhqz+uvgOkQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFETUcLk4JRyBVF3rok8Mm4hLOcwcMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvUk5Sd3VUZ2xISUZVWGV1aVR3eWJpRXM1ekJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQJEw
DQYJKoZIhvcNAQELBQADggEBAEwnbf2ZV7w7m900IUDAklEpnntPr1fYr1GXX0o/
xvQNVQucQxaV0mUYy0PWxOqYwcHuvo0O5z7PIc1r/l+PabgxjXLABV3+/tQQobv1
TX9vZQRwnN7khPx1Kv04xvAXnI3jaSUBH1U/E+hwUi7WUUup9YFLFLyYPkVdfbdQ
1ASt4h8CJathr4Z6dLPrWuXayTJrPQI58ErHgk3Cs4MQgCUm1zn5tQI6aSF4sUZ+
cq6Ei11hm+cxA3UfKK1Ga4Xce3V5L3MPl2/t2p44Kd07vN9JvMWZkYv86V8U7q30
Z7D82BFVM6IREsrACDLhBgrmz/h1sceYxOruPM0aW9s6vpU=
-----END CERTIFICATE-----