Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Z9GGX1IdcUd49ScSJXPYo9g-nIY.roa
File:                     Z9GGX1IdcUd49ScSJXPYo9g-nIY.roa (raw, json)
Hash identifier:          5OHmVtya9UCHzFH67dkSUeGmmMVsKHk5zOJD87Eyvno=
Subject key identifier:   67:D1:86:5F:52:1D:71:47:78:F5:27:12:25:73:D8:A3:D8:3E:9C:86
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       01919B3712136CE48BB0C75C3940A383659A
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Z9GGX1IdcUd49ScSJXPYo9g-nIY.roa
Signing time:             Wed 28 Aug 2024 22:59:23 +0000
ROA not before:           Wed 28 Aug 2024 22:59:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        2a0c:9a40:8a90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9b:37:12:13:6c:e4:8b:b0:c7:5c:39:40:a3:83:65:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Aug 28 22:59:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67d1865f521d714778f527122573d8a3d83e9c86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:70:94:fc:9e:4d:5f:4a:22:7e:1e:87:cc:bf:
                    59:3c:4f:a8:d7:39:4b:a2:8d:2b:a1:ed:4b:f4:f2:
                    66:1e:1f:9b:91:23:20:e0:27:66:d8:61:c7:39:41:
                    e9:48:bb:59:c2:ae:9b:1e:28:5d:bc:2b:0e:a6:3f:
                    40:f1:19:35:2b:d6:39:50:14:38:77:99:ce:02:a2:
                    a7:81:ff:66:d4:91:c4:00:36:7a:7d:e3:cd:cb:9b:
                    ce:ce:0a:06:42:f4:3b:da:3c:7d:24:ef:c9:8e:f0:
                    3f:4e:c0:24:bd:77:f4:b9:85:49:d8:4b:ca:7b:db:
                    8e:b6:32:95:a8:09:43:55:89:6b:93:d2:d1:10:0c:
                    33:db:8f:d6:0d:96:31:1c:07:10:70:73:4e:3a:33:
                    14:ce:e5:00:4b:ab:95:b4:5f:8c:04:b7:89:5b:91:
                    4b:2a:17:92:d3:3d:4f:9f:4c:c5:0b:d4:1c:85:fe:
                    bc:ff:0e:35:bf:51:51:9a:34:b0:3c:80:75:64:fd:
                    28:45:88:fc:41:22:bf:14:29:f8:2b:07:d1:92:54:
                    a2:d6:ca:83:2c:93:e4:a4:f8:22:5e:5f:d7:7f:a9:
                    2a:22:49:cd:22:ea:e8:64:7d:18:db:23:6d:5b:b2:
                    52:92:13:24:70:9e:d3:7c:2f:64:9b:e2:9a:e9:f6:
                    73:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D1:86:5F:52:1D:71:47:78:F5:27:12:25:73:D8:A3:D8:3E:9C:86
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Z9GGX1IdcUd49ScSJXPYo9g-nIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8a90::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:bc:02:a4:b4:d0:1f:54:c1:6e:9d:9a:6f:31:87:38:38:b3:
         ad:e2:f5:24:fe:b2:cb:e6:22:85:1a:b3:b1:c1:7a:5e:c8:a7:
         5e:51:20:ea:2e:59:56:62:a2:52:14:22:87:56:2c:da:77:04:
         d2:ec:49:34:02:ec:62:a1:c4:2c:48:76:89:e6:ec:94:6b:d9:
         6e:29:08:22:67:0d:7b:9c:ed:7e:17:b7:a1:e6:e7:e7:23:46:
         75:a9:9a:11:a9:4f:df:d1:3f:17:b9:d5:53:ae:d2:e0:7b:69:
         bd:a1:b4:d7:cf:b9:fb:bf:60:d2:c3:17:63:1a:9b:2c:9f:78:
         af:37:95:37:04:cb:fd:9e:9f:b7:a7:68:63:74:c5:0b:59:d2:
         25:90:89:a1:2f:1e:ee:94:ac:1d:f1:32:c2:78:ce:c8:bf:e2:
         70:97:41:6d:95:38:af:28:cf:81:58:2b:16:5a:26:d2:d3:d9:
         33:aa:af:ef:89:cd:94:1a:09:49:e8:2d:db:f9:bf:fc:bf:ed:
         98:17:44:8a:95:77:9f:a0:6f:26:a5:1e:59:c5:03:6e:6f:c1:
         84:c5:b7:ed:0c:d3:2e:77:08:46:93:b3:73:2a:ef:2f:14:9f:
         12:6b:49:db:35:00:f0:c7:ca:ed:d4:cf:8a:15:e8:ab:c5:b0:
         58:1d:09:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGbNxITbOSLsMdcOUCjg2WaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwODI4MjI1OTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2QxODY1ZjUyMWQ3MTQ3NzhmNTI3MTIyNTczZDhhM2Q4M2U5Yzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3CU/J5NX0oifh6HzL9ZPE+o1zlL
oo0roe1L9PJmHh+bkSMg4Cdm2GHHOUHpSLtZwq6bHihdvCsOpj9A8Rk1K9Y5UBQ4
d5nOAqKngf9m1JHEADZ6fePNy5vOzgoGQvQ72jx9JO/JjvA/TsAkvXf0uYVJ2EvK
e9uOtjKVqAlDVYlrk9LREAwz24/WDZYxHAcQcHNOOjMUzuUAS6uVtF+MBLeJW5FL
KheS0z1Pn0zFC9Qchf68/w41v1FRmjSwPIB1ZP0oRYj8QSK/FCn4KwfRklSi1sqD
LJPkpPgiXl/Xf6kqIknNIuroZH0Y2yNtW7JSkhMkcJ7TfC9km+Ka6fZzCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGfRhl9SHXFHePUnEiVz2KPYPpyGMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvWjlHR1gxSWRjVWQ0OVNjU0pYUFlvOWctbklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA8vAKktNAfVMFunZpvMYc4OLOt4vUk/rLL5iKF
GrOxwXpeyKdeUSDqLllWYqJSFCKHVizadwTS7Ek0AuxiocQsSHaJ5uyUa9luKQgi
Zw17nO1+F7eh5ufnI0Z1qZoRqU/f0T8XudVTrtLge2m9obTXz7n7v2DSwxdjGpss
n3ivN5U3BMv9np+3p2hjdMULWdIlkImhLx7ulKwd8TLCeM7Iv+Jwl0FtlTivKM+B
WCsWWibS09kzqq/vic2UGglJ6C3b+b/8v+2YF0SKlXefoG8mpR5ZxQNub8GExbft
DNMudwhGk7NzKu8vFJ8Sa0nbNQDwx8rt1M+KFeirxbBYHQkF
-----END CERTIFICATE-----