Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/SRKStIuApzBUaKStewjJqgMECE4.roa
File:                     SRKStIuApzBUaKStewjJqgMECE4.roa (raw, json)
Hash identifier:          g34WiWRJmwSFHiR3l7UqOPGum4eeWeEEVglpcxOIev4=
Subject key identifier:   49:12:92:B4:8B:80:A7:30:54:68:A4:AD:7B:08:C9:AA:03:04:08:4E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8DA952D5527AFF503692009E76DF9
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/SRKStIuApzBUaKStewjJqgMECE4.roa
Signing time:             Mon 01 Jan 2024 20:30:52 +0000
ROA not before:           Mon 01 Jan 2024 20:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139311
IP address blocks:        2a0c:9a40:82e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:da:95:2d:55:27:af:f5:03:69:20:09:e7:6d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=491292b48b80a7305468a4ad7b08c9aa0304084e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:0c:5b:93:67:e3:e2:b3:a0:ef:65:7c:51:43:
                    52:57:6d:82:a3:ff:95:54:46:5e:7e:21:98:cc:c9:
                    bd:07:14:c7:d5:fc:79:01:30:fd:bd:db:47:46:8e:
                    bd:e6:8e:93:e8:4c:6b:4b:84:81:2b:99:3d:5d:fc:
                    8d:81:ed:67:61:65:40:0d:c5:28:86:a9:ae:8a:cb:
                    53:56:99:f7:f4:53:54:d3:32:ef:08:ce:39:f6:f6:
                    69:7f:dc:47:ee:05:b9:cb:b4:90:40:0e:79:7d:85:
                    aa:31:1a:87:21:24:92:04:70:1f:e6:e0:2a:71:0f:
                    de:bd:7b:ef:26:20:0a:c2:cf:49:9e:0d:c1:61:bd:
                    9c:6b:77:56:90:63:10:35:9d:ae:37:2a:59:03:7a:
                    9e:b4:9d:ca:29:59:d9:d0:a7:02:ca:66:de:cf:d7:
                    df:00:01:ec:7e:83:7b:b2:a5:33:4e:37:39:16:0b:
                    0a:49:17:63:76:22:a7:48:6a:c6:b9:b9:5a:fd:20:
                    4a:18:05:93:99:3f:b5:c5:f8:26:a4:51:7d:8f:6e:
                    32:b0:69:9a:8f:b6:a9:57:ce:74:0f:c0:06:6a:71:
                    7c:c0:67:ed:72:98:e7:e5:27:2c:37:b6:7a:e7:fb:
                    30:a1:d5:14:be:6a:63:ef:99:be:e5:db:5b:87:26:
                    6c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:12:92:B4:8B:80:A7:30:54:68:A4:AD:7B:08:C9:AA:03:04:08:4E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/SRKStIuApzBUaKStewjJqgMECE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:82e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         ac:c6:f5:6e:b8:35:9e:91:e4:7e:67:8b:18:64:8e:05:82:e2:
         06:97:84:4c:1c:bb:5e:84:af:f0:e6:1d:80:54:0f:2a:3d:c5:
         61:34:8e:c9:0b:14:15:e1:80:dc:a3:bc:5a:12:28:7e:5a:94:
         34:c3:76:ec:df:4d:8f:55:20:22:3a:bd:d5:7d:17:c7:1a:5f:
         fc:19:74:fc:59:b0:25:73:73:23:8f:e2:fc:3c:22:34:9c:66:
         3f:c9:b9:b3:28:e2:99:31:20:f6:e6:f2:81:38:35:87:21:f9:
         32:02:f4:7e:8d:c9:cf:eb:47:53:6f:40:e3:4f:04:52:d6:96:
         ef:69:61:48:97:4b:ab:f3:58:95:2e:21:57:d0:8a:e2:b1:fc:
         36:bb:4c:df:20:df:b5:ac:8c:a0:70:5f:42:94:7d:61:4a:b0:
         d5:5d:3c:50:8d:91:7f:ee:1a:c1:e1:ae:48:b4:55:a2:b0:08:
         d7:c5:59:07:9d:a4:ed:83:1e:7c:a4:32:8a:2d:dd:97:dd:6f:
         1b:95:eb:5f:eb:bc:fc:97:4b:2e:f9:31:3f:77:76:76:e6:b1:
         ec:8e:87:11:d6:0f:e8:35:d6:54:7a:22:4b:b7:82:ba:33:c1:
         30:78:31:50:e2:a7:bc:31:26:57:ea:e9:e9:8d:bf:68:d2:27:
         52:44:3d:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNqVLVUnr/UDaSAJ5235MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTEyOTJiNDhiODBhNzMwNTQ2OGE0YWQ3YjA4YzlhYTAzMDQwODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Qxbk2fj4rOg72V8UUNSV22Co/+V
VEZefiGYzMm9BxTH1fx5ATD9vdtHRo695o6T6ExrS4SBK5k9XfyNge1nYWVADcUo
hqmuistTVpn39FNU0zLvCM459vZpf9xH7gW5y7SQQA55fYWqMRqHISSSBHAf5uAq
cQ/evXvvJiAKws9Jng3BYb2ca3dWkGMQNZ2uNypZA3qetJ3KKVnZ0KcCymbez9ff
AAHsfoN7sqUzTjc5FgsKSRdjdiKnSGrGubla/SBKGAWTmT+1xfgmpFF9j24ysGma
j7apV850D8AGanF8wGftcpjn5ScsN7Z65/swodUUvmpj75m+5dtbhyZsywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEkSkrSLgKcwVGikrXsIyaoDBAhOMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvU1JLU3RJdUFwekJVYUtTdGV3akpxZ01FQ0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQILg
MA0GCSqGSIb3DQEBCwUAA4IBAQCsxvVuuDWekeR+Z4sYZI4FguIGl4RMHLtehK/w
5h2AVA8qPcVhNI7JCxQV4YDco7xaEih+WpQ0w3bs302PVSAiOr3VfRfHGl/8GXT8
WbAlc3Mjj+L8PCI0nGY/ybmzKOKZMSD25vKBODWHIfkyAvR+jcnP60dTb0DjTwRS
1pbvaWFIl0ur81iVLiFX0Irisfw2u0zfIN+1rIygcF9ClH1hSrDVXTxQjZF/7hrB
4a5ItFWisAjXxVkHnaTtgx58pDKKLd2X3W8bletf67z8l0su+TE/d3Z25rHsjocR
1g/oNdZUeiJLt4K6M8EweDFQ4qe8MSZX6unpjb9o0idSRD0W
-----END CERTIFICATE-----