Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/YhJinrQAmzpHKOKMlWE0_ok0wEI.roa
File:                     YhJinrQAmzpHKOKMlWE0_ok0wEI.roa (raw, json)
Hash identifier:          UzABo5f87x7CGo8lS8mCfVrl27jsW94oElnCh1AM2e0=
Subject key identifier:   62:12:62:9E:B4:00:9B:3A:47:28:E2:8C:95:61:34:FE:89:34:C0:42
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E066A6A44177851F1D12FD713F08
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/YhJinrQAmzpHKOKMlWE0_ok0wEI.roa
Signing time:             Mon 01 Jan 2024 20:30:53 +0000
ROA not before:           Mon 01 Jan 2024 20:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199307
IP address blocks:        2a0c:9a40:8cf0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e0:66:a6:a4:41:77:85:1f:1d:12:fd:71:3f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6212629eb4009b3a4728e28c956134fe8934c042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d7:fc:87:d6:2b:31:7d:f2:3d:a2:2d:a1:59:
                    88:30:44:16:c6:5b:06:57:46:0b:22:8e:2e:a0:57:
                    9e:c6:11:8e:e6:17:76:7b:ca:9f:5f:c6:89:5b:ac:
                    ce:56:51:79:c1:f1:f6:eb:90:87:c6:e1:e8:b0:f1:
                    3f:48:c0:2b:90:c5:2c:77:a8:b1:49:68:ea:f1:ab:
                    4f:c9:83:5d:3a:a2:ed:f3:17:12:6a:52:68:1a:c8:
                    97:13:51:75:7c:4c:19:b3:25:84:8f:5b:29:43:eb:
                    4c:26:af:72:8d:5c:d9:21:de:0f:e0:14:1a:85:2a:
                    78:1c:b5:4f:84:db:fc:57:10:c9:03:6e:bf:3e:34:
                    b8:39:13:e9:da:bd:7c:b0:89:8e:b9:f8:e5:e1:fe:
                    ba:ef:e6:6e:f7:42:da:00:22:e4:14:72:63:09:8f:
                    22:a2:48:43:de:77:e3:55:90:80:c9:e1:35:b6:51:
                    3d:b7:5b:65:d6:34:64:7b:7f:e0:0b:48:eb:b9:71:
                    94:db:36:24:a8:b9:b2:54:62:96:61:64:78:b2:ac:
                    0b:63:3e:c1:1e:8a:38:bc:9f:ff:c4:8b:27:d3:aa:
                    70:52:77:21:57:76:59:09:08:1d:a3:73:38:fa:9c:
                    8e:d8:6e:b3:a0:1c:ae:f5:45:be:85:ab:bc:c0:53:
                    f9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:12:62:9E:B4:00:9B:3A:47:28:E2:8C:95:61:34:FE:89:34:C0:42
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/YhJinrQAmzpHKOKMlWE0_ok0wEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8cf0::/48

    Signature Algorithm: sha256WithRSAEncryption
         d0:87:3e:89:b6:ee:2d:47:aa:44:94:b4:6d:91:ea:64:01:30:
         6f:e5:cb:57:76:08:75:d5:39:77:0f:02:2d:64:92:2a:2d:ff:
         c0:96:c2:2c:5d:8c:ab:c2:af:b1:68:0c:70:b9:ec:56:d8:fc:
         f1:2b:03:dc:4b:15:53:ec:73:c2:e7:43:7b:e5:8d:bf:7e:71:
         04:6f:21:e8:c7:87:de:11:be:b2:e8:f3:7d:e2:1f:7e:40:af:
         bb:ec:b7:ff:f6:b6:7a:77:68:5f:8d:dd:ef:e7:dd:2e:d2:77:
         76:fa:6f:8a:25:9c:21:28:52:4b:b4:0e:da:04:85:03:80:b5:
         0a:dd:04:8c:96:af:c4:35:e9:e7:b6:eb:95:aa:94:ba:85:f7:
         28:66:29:09:78:67:0b:1f:4c:cf:2a:79:86:61:8e:9c:42:c9:
         4a:0d:19:91:c4:ae:b1:a5:35:15:bb:60:3b:e3:41:4d:ff:7f:
         13:6b:23:42:4e:52:a3:f7:42:57:de:6e:cb:9a:9e:a8:72:20:
         ed:63:91:37:e3:3c:bd:a7:b8:c0:61:96:6e:ca:08:a6:d6:ec:
         a9:f1:fd:49:82:4b:8f:4d:07:0a:94:b1:ec:4a:20:c2:e5:e9:
         dd:53:c9:0b:c1:1a:9c:8e:0f:81:e7:8c:d0:0f:86:ce:36:91:
         74:61:c3:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOBmpqRBd4UfHRL9cT8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjEyNjI5ZWI0MDA5YjNhNDcyOGUyOGM5NTYxMzRmZTg5MzRjMDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNf8h9YrMX3yPaItoVmIMEQWxlsG
V0YLIo4uoFeexhGO5hd2e8qfX8aJW6zOVlF5wfH265CHxuHosPE/SMArkMUsd6ix
SWjq8atPyYNdOqLt8xcSalJoGsiXE1F1fEwZsyWEj1spQ+tMJq9yjVzZId4P4BQa
hSp4HLVPhNv8VxDJA26/PjS4ORPp2r18sImOufjl4f667+Zu90LaACLkFHJjCY8i
okhD3nfjVZCAyeE1tlE9t1tl1jRke3/gC0jruXGU2zYkqLmyVGKWYWR4sqwLYz7B
Hoo4vJ//xIsn06pwUnchV3ZZCQgdo3M4+pyO2G6zoByu9UW+hau8wFP5fwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGISYp60AJs6RyjijJVhNP6JNMBCMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvWWhKaW5yUUFtenBIS09LTWxXRTBfb2swd0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIzw
MA0GCSqGSIb3DQEBCwUAA4IBAQDQhz6Jtu4tR6pElLRtkepkATBv5ctXdgh11Tl3
DwItZJIqLf/AlsIsXYyrwq+xaAxwuexW2PzxKwPcSxVT7HPC50N75Y2/fnEEbyHo
x4feEb6y6PN94h9+QK+77Lf/9rZ6d2hfjd3v590u0nd2+m+KJZwhKFJLtA7aBIUD
gLUK3QSMlq/ENenntuuVqpS6hfcoZikJeGcLH0zPKnmGYY6cQslKDRmRxK6xpTUV
u2A740FN/38TayNCTlKj90JX3m7Lmp6ociDtY5E34zy9p7jAYZZuygim1uyp8f1J
gkuPTQcKlLHsSiDC5endU8kLwRqcjg+B54zQD4bONpF0YcNq
-----END CERTIFICATE-----