Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Vaa6QliA_9O2apgM3hDvUJLNrrI.roa
File:                     Vaa6QliA_9O2apgM3hDvUJLNrrI.roa (raw, json)
Hash identifier:          csXPiTWCCqQvVWAY+Ik5khHHqNFNpU3vKegdCR4lGjg=
Subject key identifier:   55:A6:BA:42:58:80:FF:D3:B6:6A:98:0C:DE:10:EF:50:92:CD:AE:B2
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018E250073089B721189CBBBFA2E268DF8CB
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Vaa6QliA_9O2apgM3hDvUJLNrrI.roa
Signing time:             Sat 09 Mar 2024 20:56:10 +0000
ROA not before:           Sat 09 Mar 2024 20:56:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215363
IP address blocks:        2a0c:9a40:8450::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:25:00:73:08:9b:72:11:89:cb:bb:fa:2e:26:8d:f8:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Mar  9 20:56:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55a6ba425880ffd3b66a980cde10ef5092cdaeb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3a:79:0f:4a:81:bf:94:13:64:f1:6b:16:09:
                    7c:9b:2f:97:17:c1:54:18:66:3b:21:17:e2:d5:a3:
                    00:93:cd:a8:92:e6:79:50:ba:4c:9f:9f:0d:4c:0b:
                    20:37:55:0a:8a:a7:52:2b:e6:ae:c7:68:9d:5a:ab:
                    02:e6:6c:7a:9c:17:52:f3:42:67:f0:0d:ad:c0:cf:
                    9c:da:5e:7a:43:4c:8c:23:6e:06:bc:8d:ad:ae:ab:
                    c5:73:91:5f:45:9b:78:d1:dd:74:74:fc:3f:1d:65:
                    6c:5d:27:cb:04:8b:0d:df:7b:79:28:ad:00:70:63:
                    c4:dd:32:84:1d:71:97:52:eb:b1:06:0d:92:ab:e1:
                    31:2a:a4:41:22:ca:d5:d8:41:03:a2:0e:91:56:bf:
                    ad:30:8c:aa:43:f3:af:b0:a1:1b:10:04:fd:67:b5:
                    69:13:81:a8:01:89:ee:35:cc:96:de:e8:06:ea:f2:
                    bf:e5:df:ce:d0:69:6e:ae:b3:1b:9a:1d:4a:94:44:
                    6c:dd:f9:c1:3d:d6:9d:a1:71:73:6b:1f:70:38:bb:
                    f9:ab:b0:3e:5a:8c:1a:82:5f:7d:46:b4:5b:15:f7:
                    4c:23:5e:68:17:55:e9:98:ce:eb:b4:55:53:5f:a9:
                    b6:29:45:41:f0:2c:45:e3:2f:cf:31:bd:97:d7:a0:
                    eb:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A6:BA:42:58:80:FF:D3:B6:6A:98:0C:DE:10:EF:50:92:CD:AE:B2
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Vaa6QliA_9O2apgM3hDvUJLNrrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8450::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:13:f5:cf:d1:eb:a3:60:5e:29:ae:1d:8a:3d:43:92:56:01:
         ec:e6:f6:27:9d:ab:c9:a7:dd:1d:f3:1b:e8:c7:06:0b:bb:1d:
         4a:3e:0d:5c:89:7e:28:80:ba:92:7d:bc:b1:01:73:53:d8:c5:
         8c:22:23:a6:02:a6:8f:c9:c6:68:6e:bf:2b:ed:8f:f4:ee:7b:
         17:c8:81:5b:0b:00:d9:d7:7a:63:b3:9b:9e:48:fe:02:e0:4c:
         e2:18:9e:bd:20:0f:e4:69:36:8a:bd:bb:89:15:8f:b9:fe:5e:
         49:87:1b:72:4f:f1:f0:f7:58:8f:21:5b:36:ed:c4:23:3f:40:
         8e:01:9b:0a:00:67:d1:a5:6f:33:1d:05:70:16:53:92:90:f5:
         c3:5a:26:70:d4:b0:3b:67:28:70:6a:de:cb:50:18:43:44:be:
         c0:dc:c2:24:99:a8:a6:61:26:29:95:ff:52:b3:28:37:c4:14:
         8d:f8:df:50:e1:be:31:c1:da:1c:1f:54:8c:5b:06:62:8c:30:
         9b:f2:a9:84:d0:6d:ab:be:54:da:84:17:8e:e6:6e:e2:e2:b5:
         41:3a:be:b2:79:22:aa:a1:d8:ca:ec:18:ca:b9:17:29:aa:ad:
         e7:70:2d:66:49:b0:7b:0c:e2:5e:60:67:58:36:70:13:37:6e:
         1f:97:a5:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4lAHMIm3IRicu7+i4mjfjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMzA5MjA1NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWE2YmE0MjU4ODBmZmQzYjY2YTk4MGNkZTEwZWY1MDkyY2RhZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzp5D0qBv5QTZPFrFgl8my+XF8FU
GGY7IRfi1aMAk82okuZ5ULpMn58NTAsgN1UKiqdSK+aux2idWqsC5mx6nBdS80Jn
8A2twM+c2l56Q0yMI24GvI2trqvFc5FfRZt40d10dPw/HWVsXSfLBIsN33t5KK0A
cGPE3TKEHXGXUuuxBg2Sq+ExKqRBIsrV2EEDog6RVr+tMIyqQ/OvsKEbEAT9Z7Vp
E4GoAYnuNcyW3ugG6vK/5d/O0GlurrMbmh1KlERs3fnBPdadoXFzax9wOLv5q7A+
Wowagl99RrRbFfdMI15oF1XpmM7rtFVTX6m2KUVB8CxF4y/PMb2X16DruwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFWmukJYgP/TtmqYDN4Q71CSza6yMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvVmFhNlFsaUFfOU8yYXBnTTNoRHZVSkxOcnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAgE/XP0eujYF4prh2KPUOSVgHs5vYnnavJp90d
8xvoxwYLux1KPg1ciX4ogLqSfbyxAXNT2MWMIiOmAqaPycZobr8r7Y/07nsXyIFb
CwDZ13pjs5ueSP4C4EziGJ69IA/kaTaKvbuJFY+5/l5JhxtyT/Hw91iPIVs27cQj
P0COAZsKAGfRpW8zHQVwFlOSkPXDWiZw1LA7Zyhwat7LUBhDRL7A3MIkmaimYSYp
lf9Ssyg3xBSN+N9Q4b4xwdocH1SMWwZijDCb8qmE0G2rvlTahBeO5m7i4rVBOr6y
eSKqodjK7BjKuRcpqq3ncC1mSbB7DOJeYGdYNnATN24fl6U4
-----END CERTIFICATE-----