Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/XmonHa-6lFXHda3nRcJnhKE38sk.roa
File:                     XmonHa-6lFXHda3nRcJnhKE38sk.roa (raw, json)
Hash identifier:          SQ0i3USFv1gHSHxqYwVRWD+pUlprBdykb+caB2QXS2M=
Subject key identifier:   5E:6A:27:1D:AF:BA:94:55:C7:75:AD:E7:45:C2:67:84:A1:37:F2:C9
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBFF0A3AA836BBC4EB54A98C6C42C4
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/XmonHa-6lFXHda3nRcJnhKE38sk.roa
Signing time:             Wed 01 Jan 2025 17:48:47 +0000
ROA not before:           Wed 01 Jan 2025 17:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216339
IP address blocks:        2a0c:9a40:8310::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ff:0a:3a:a8:36:bb:c4:eb:54:a9:8c:6c:42:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e6a271dafba9455c775ade745c26784a137f2c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:10:97:f7:93:53:48:cb:24:3e:03:e2:46:
                    27:64:e7:7f:2f:e8:14:40:18:05:7d:e5:26:3d:f2:
                    95:48:1d:5f:72:4e:ed:6c:31:36:d8:72:08:f0:7c:
                    58:4f:4b:46:f7:1d:c4:9a:13:e1:16:dd:4f:63:fb:
                    29:8d:c9:6d:0b:fd:45:fc:7f:3a:7d:93:17:a6:5d:
                    9a:d6:c5:aa:22:22:1a:e7:90:f3:bd:11:7e:87:3f:
                    7b:75:18:18:73:f9:b5:43:51:85:98:50:09:7b:95:
                    0a:c0:fd:4a:d0:99:ce:9c:89:ff:48:7d:81:54:46:
                    7f:a2:fc:43:32:52:8c:02:c4:69:d6:49:3e:02:2d:
                    81:f2:85:8f:bc:46:f5:5a:3f:7e:f6:51:26:84:90:
                    f1:f2:ce:d7:ac:e1:46:3a:49:eb:2e:29:25:ee:eb:
                    64:df:2e:79:12:76:d2:70:20:14:81:f6:df:b1:97:
                    7f:27:6f:d1:cb:1f:d4:6b:15:2c:a2:86:e7:06:44:
                    72:0b:f2:62:7e:6d:5f:a6:bb:c8:79:fc:9f:16:b5:
                    36:d9:b6:8c:c7:80:0a:5c:0e:00:cd:7f:28:3f:a6:
                    b2:f8:6b:26:51:b9:2f:fd:bc:bf:de:23:85:79:40:
                    fd:b2:3f:70:d2:88:42:c7:45:13:a9:a5:b5:fa:09:
                    a0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6A:27:1D:AF:BA:94:55:C7:75:AD:E7:45:C2:67:84:A1:37:F2:C9
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/XmonHa-6lFXHda3nRcJnhKE38sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8310::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:80:78:81:85:ee:95:48:12:32:22:1c:fc:3d:e8:63:b5:ea:
         d9:16:b1:5d:d9:cc:bd:e2:63:62:39:f8:9c:d6:7f:58:b1:27:
         38:90:2e:6f:39:ab:81:24:b6:77:fd:4a:48:31:de:70:d3:74:
         83:a4:d8:b3:68:30:03:8e:65:04:5c:de:ff:91:40:90:ef:5b:
         e8:09:76:08:d8:36:45:c0:42:00:56:37:22:0c:4e:49:35:f1:
         70:7d:d2:a6:03:68:da:7e:f8:a3:a8:5f:5b:10:e4:74:e7:96:
         11:58:35:35:63:2a:47:61:05:04:03:09:9c:10:47:56:a3:a1:
         e4:bd:0e:6e:2c:68:ef:f0:ce:0c:5a:3e:77:7d:e5:10:94:15:
         bf:d7:d2:6d:d8:3a:89:6e:1d:14:bd:c5:ad:cf:e8:2f:76:a8:
         e4:08:61:85:f1:c0:2d:22:1a:e9:30:ed:c2:59:eb:73:7a:72:
         15:85:99:33:6f:6e:26:e0:d4:c5:59:e6:0e:27:02:61:d5:1c:
         ca:68:d8:0d:db:65:82:6c:28:c8:88:24:e0:c4:69:03:3f:8f:
         a2:94:0d:ef:83:4b:01:6e:a5:7a:58:c7:89:b2:fd:e3:3b:b9:
         f7:e0:87:b9:c6:b3:ca:2e:fb:21:2e:3e:b6:66:7f:2a:87:b6:
         eb:2c:4e:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+/8KOqg2u8TrVKmMbELEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTZhMjcxZGFmYmE5NDU1Yzc3NWFkZTc0NWMyNjc4NGExMzdmMmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1wQl/eTU0jLJD4D4kYnZOd/L+gU
QBgFfeUmPfKVSB1fck7tbDE22HII8HxYT0tG9x3EmhPhFt1PY/spjcltC/1F/H86
fZMXpl2a1sWqIiIa55DzvRF+hz97dRgYc/m1Q1GFmFAJe5UKwP1K0JnOnIn/SH2B
VEZ/ovxDMlKMAsRp1kk+Ai2B8oWPvEb1Wj9+9lEmhJDx8s7XrOFGOknrLikl7utk
3y55EnbScCAUgfbfsZd/J2/Ryx/UaxUsoobnBkRyC/Jifm1fprvIefyfFrU22baM
x4AKXA4AzX8oP6ay+GsmUbkv/by/3iOFeUD9sj9w0ohCx0UTqaW1+gmguQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF5qJx2vupRVx3Wt50XCZ4ShN/LJMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvWG1vbkhhLTZsRlhIZGEzblJjSm5oS0UzOHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIMQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDHgHiBhe6VSBIyIhz8PehjterZFrFd2cy94mNi
Ofic1n9YsSc4kC5vOauBJLZ3/UpIMd5w03SDpNizaDADjmUEXN7/kUCQ71voCXYI
2DZFwEIAVjciDE5JNfFwfdKmA2jafvijqF9bEOR055YRWDU1YypHYQUEAwmcEEdW
o6HkvQ5uLGjv8M4MWj53feUQlBW/19Jt2DqJbh0UvcWtz+gvdqjkCGGF8cAtIhrp
MO3CWetzenIVhZkzb24m4NTFWeYOJwJh1RzKaNgN22WCbCjIiCTgxGkDP4+ilA3v
g0sBbqV6WMeJsv3jO7n34Ie5xrPKLvshLj62Zn8qh7brLE6S
-----END CERTIFICATE-----