Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/V50wcn1r2iTO3Oq2DC9Rpx1JMW4.roa
File:                     V50wcn1r2iTO3Oq2DC9Rpx1JMW4.roa (raw, json)
Hash identifier:          x/tPyOAXbFDTumoqSSdJe9cfHM0ZZSRhSxsdMxLzbqQ=
Subject key identifier:   57:9D:30:72:7D:6B:DA:24:CE:DC:EA:B6:0C:2F:51:A7:1D:49:31:6E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018D5C9E131AD51D31DB04E67764A0F988F6
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/V50wcn1r2iTO3Oq2DC9Rpx1JMW4.roa
Signing time:             Tue 30 Jan 2024 23:04:39 +0000
ROA not before:           Tue 30 Jan 2024 23:04:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215615
IP address blocks:        2a0c:9a40:8000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5c:9e:13:1a:d5:1d:31:db:04:e6:77:64:a0:f9:88:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan 30 23:04:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=579d30727d6bda24cedceab60c2f51a71d49316e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:87:1c:0c:68:c7:8b:53:c9:f2:85:d5:13:5d:
                    82:30:1f:40:dd:ba:fb:90:2f:74:ac:9b:4d:24:e7:
                    75:fb:00:c3:5b:af:1c:f3:67:ad:a3:57:2c:f2:65:
                    07:d8:03:aa:55:ac:00:78:23:d8:34:8e:49:1f:81:
                    ff:ec:e9:4e:b6:5f:38:93:ce:23:f3:ac:88:8d:a9:
                    41:06:99:e2:85:6d:0a:69:cf:c5:48:47:40:69:d5:
                    df:a4:7a:cb:fb:36:b1:52:67:2f:98:58:29:6f:23:
                    0d:06:42:96:a1:df:26:54:5f:7f:ab:11:58:b0:89:
                    b4:75:ee:f8:d8:13:dd:23:97:c7:95:13:fd:a4:0d:
                    f7:b5:7e:07:4b:b6:8d:04:00:e8:9d:23:7b:62:d9:
                    d3:a4:4c:41:e2:86:c9:22:d7:10:dc:74:8b:3f:02:
                    44:38:18:a6:d5:f0:f5:62:07:8b:ab:31:e2:d1:2d:
                    c9:3b:1b:9b:87:cc:73:5a:85:c5:15:21:50:e5:2c:
                    c2:0d:d9:77:c7:fb:d0:77:bc:4e:b4:ab:16:99:eb:
                    15:53:d2:88:bb:2f:be:79:e2:3d:96:e9:55:0a:8d:
                    55:30:e3:4e:0a:15:05:d0:1a:b7:e4:8d:f6:c7:b4:
                    b5:2f:de:7f:8a:7e:ad:3e:aa:ea:c1:1e:c3:d9:49:
                    ac:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:9D:30:72:7D:6B:DA:24:CE:DC:EA:B6:0C:2F:51:A7:1D:49:31:6E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/V50wcn1r2iTO3Oq2DC9Rpx1JMW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8000::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:f1:de:61:11:55:27:7e:2c:38:5a:fe:87:f9:f7:a8:05:ed:
         ca:39:5c:71:c5:bc:fc:07:e5:09:08:42:04:b7:4e:5b:94:79:
         f7:b8:68:90:ee:45:eb:3b:78:8e:7f:d2:5f:6a:c4:07:50:b3:
         d6:a4:59:e2:27:14:f3:16:2d:59:63:11:84:e2:6c:40:4e:b5:
         ab:45:cc:1c:75:38:e9:10:3d:54:d5:d6:c8:d2:42:69:15:19:
         70:58:2a:bd:0b:01:26:da:05:6b:82:39:d9:99:b4:fe:f7:26:
         7f:80:10:8c:95:f9:76:0e:11:ea:c0:33:d7:0d:f9:27:41:d5:
         f7:75:75:00:7b:b8:49:bb:0e:5d:7d:11:1e:63:21:1b:2b:9f:
         c8:2b:d9:91:43:2d:c0:b3:a0:c4:73:2b:5a:3e:26:43:38:f8:
         07:b0:35:f3:f1:9d:2c:25:27:1a:ce:75:fc:83:5e:7d:7d:f7:
         62:28:22:4b:87:93:ff:9c:07:77:7c:d6:bb:8b:b6:7a:54:9d:
         74:18:6d:cd:5f:6d:b6:5e:e0:12:eb:84:09:e7:57:c3:1f:a9:
         64:85:a1:22:72:7b:ad:69:11:70:a9:fd:9c:15:d4:0a:c4:19:
         aa:38:e2:0f:0b:87:6c:37:6f:f4:f7:b3:c3:c3:e1:2d:9e:fd:
         61:0c:ab:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1cnhMa1R0x2wTmd2Sg+Yj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTMwMjMwNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzlkMzA3MjdkNmJkYTI0Y2VkY2VhYjYwYzJmNTFhNzFkNDkzMTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoccDGjHi1PJ8oXVE12CMB9A3br7
kC90rJtNJOd1+wDDW68c82eto1cs8mUH2AOqVawAeCPYNI5JH4H/7OlOtl84k84j
86yIjalBBpnihW0Kac/FSEdAadXfpHrL+zaxUmcvmFgpbyMNBkKWod8mVF9/qxFY
sIm0de742BPdI5fHlRP9pA33tX4HS7aNBADonSN7YtnTpExB4obJItcQ3HSLPwJE
OBim1fD1YgeLqzHi0S3JOxubh8xzWoXFFSFQ5SzCDdl3x/vQd7xOtKsWmesVU9KI
uy++eeI9lulVCo1VMONOChUF0Bq35I32x7S1L95/in6tPqrqwR7D2UmsIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFedMHJ9a9okztzqtgwvUacdSTFuMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvVjUwd2NuMXIyaVRPM09xMkRDOVJweDFKTVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAE8d5hEVUnfiw4Wv6H+feoBe3KOVxxxbz8B+UJ
CEIEt05blHn3uGiQ7kXrO3iOf9JfasQHULPWpFniJxTzFi1ZYxGE4mxATrWrRcwc
dTjpED1U1dbI0kJpFRlwWCq9CwEm2gVrgjnZmbT+9yZ/gBCMlfl2DhHqwDPXDfkn
QdX3dXUAe7hJuw5dfREeYyEbK5/IK9mRQy3As6DEcytaPiZDOPgHsDXz8Z0sJSca
znX8g159ffdiKCJLh5P/nAd3fNa7i7Z6VJ10GG3NX222XuAS64QJ51fDH6lkhaEi
cnutaRFwqf2cFdQKxBmqOOIPC4dsN2/097PDw+Etnv1hDKt/
-----END CERTIFICATE-----