Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/_4BAobMjuNQZCG9_EbKiFXMInO0.roa
File:                     _4BAobMjuNQZCG9_EbKiFXMInO0.roa (raw, json)
Hash identifier:          BJCCXg8ONDdToc/Cu0oMcJLtBb2R5d2beUm7BcJvhww=
Subject key identifier:   FF:80:40:A1:B3:23:B8:D4:19:08:6F:7F:11:B2:A2:15:73:08:9C:ED
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8EC3A4FB741A87B99DD68DEAA62FD
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/_4BAobMjuNQZCG9_EbKiFXMInO0.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210445
IP address blocks:        2a0c:9a40:821a::/48 maxlen: 48
                          2a0c:9a40:9300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ec:3a:4f:b7:41:a8:7b:99:dd:68:de:aa:62:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff8040a1b323b8d419086f7f11b2a21573089ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c2:c2:59:37:29:3f:2d:28:26:49:f2:45:b6:
                    cf:aa:1c:1f:70:97:29:f8:4c:a0:3a:d6:b7:23:2e:
                    58:af:12:57:80:82:32:9f:7c:a0:a4:46:c9:47:e3:
                    02:3c:12:bf:1e:24:36:b0:6b:44:48:f1:0b:1b:c0:
                    a0:be:7b:3d:f8:9d:39:c5:75:a4:39:67:79:55:0c:
                    38:5b:aa:28:32:65:a7:31:15:3c:d9:de:bf:7b:62:
                    30:fb:17:28:9d:6f:50:7e:cb:fd:3b:62:96:22:d8:
                    7e:e2:d2:19:b1:bb:1c:f6:c3:5e:72:7b:49:f1:ab:
                    c9:c3:9a:8c:4f:27:ee:45:84:64:85:0f:3a:84:b2:
                    4e:07:79:25:64:c8:86:93:10:3f:bc:d1:46:5c:97:
                    5c:24:bd:a0:86:32:5c:97:68:f3:10:c0:02:4c:97:
                    85:e0:53:de:41:70:8d:66:99:bf:ce:7d:86:e0:ca:
                    d9:e5:78:6f:89:71:3a:41:36:e3:0d:d2:b3:6b:35:
                    7b:b7:fa:83:18:d5:9a:e7:26:73:77:5f:9c:b7:c6:
                    6e:10:a3:70:1f:8f:a9:d1:12:31:61:51:58:84:b8:
                    e1:23:35:4e:ae:2d:0a:21:2c:5a:da:f5:d1:85:36:
                    2c:6a:de:e7:84:d9:3b:30:db:b5:26:d8:18:9f:e1:
                    0e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:80:40:A1:B3:23:B8:D4:19:08:6F:7F:11:B2:A2:15:73:08:9C:ED
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/_4BAobMjuNQZCG9_EbKiFXMInO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:821a::/48
                  2a0c:9a40:9300::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:c5:6f:79:83:2c:34:0a:b2:08:b1:95:ba:64:27:00:0d:cc:
         a6:fc:40:13:9e:46:ce:ef:07:75:27:a2:3d:26:70:51:8f:cb:
         f6:39:e5:e9:53:54:b7:c8:dc:2a:ef:d5:31:b1:77:24:ef:23:
         45:45:21:5b:48:1c:73:81:da:30:ab:f7:f2:7d:63:4d:15:69:
         ec:cd:6b:69:3c:e2:b7:76:2f:93:5f:30:24:73:a1:4c:62:b3:
         cd:05:ae:26:aa:b3:5d:21:1d:33:bd:b3:dd:20:03:e8:9e:54:
         00:9d:26:a1:b9:f1:b3:0f:30:5f:87:e9:6a:39:44:fc:fc:6b:
         ba:2d:fe:e0:13:32:32:63:e4:3f:41:42:0e:9f:e8:88:79:c2:
         7e:df:e6:86:f2:e0:66:32:c9:1f:cd:19:d5:3b:47:c6:fc:fe:
         85:e2:bf:02:a9:a4:4d:6b:9e:f7:53:d7:96:eb:51:ce:ed:0b:
         78:64:8d:06:3a:c7:fc:24:06:cd:62:50:75:f5:87:dc:fa:85:
         95:8e:48:97:cd:10:d4:52:12:14:48:52:80:da:78:4a:53:54:
         0f:79:13:87:b3:89:b3:59:04:d2:65:63:8a:14:7c:40:a4:18:
         e4:0b:32:38:6f:f6:1f:c4:77:b2:8d:b1:30:0c:dc:7a:34:7b:
         79:74:93:5c
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzGuOw6T7dBqHuZ3WjeqmL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjgwNDBhMWIzMjNiOGQ0MTkwODZmN2YxMWIyYTIxNTczMDg5Y2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsLCWTcpPy0oJknyRbbPqhwfcJcp
+EygOta3Iy5YrxJXgIIyn3ygpEbJR+MCPBK/HiQ2sGtESPELG8Cgvns9+J05xXWk
OWd5VQw4W6ooMmWnMRU82d6/e2Iw+xconW9Qfsv9O2KWIth+4tIZsbsc9sNecntJ
8avJw5qMTyfuRYRkhQ86hLJOB3klZMiGkxA/vNFGXJdcJL2ghjJcl2jzEMACTJeF
4FPeQXCNZpm/zn2G4MrZ5XhviXE6QTbjDdKzazV7t/qDGNWa5yZzd1+ct8ZuEKNw
H4+p0RIxYVFYhLjhIzVOri0KISxa2vXRhTYsat7nhNk7MNu1JtgYn+EO8wIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFP+AQKGzI7jUGQhvfxGyohVzCJztMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvXzRCQW9iTWp1TlFaQ0c5X0ViS2lGWE1Jbk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgyaQIIa
AwYAKgyaQJMwDQYJKoZIhvcNAQELBQADggEBADLFb3mDLDQKsgixlbpkJwANzKb8
QBOeRs7vB3Unoj0mcFGPy/Y55elTVLfI3Crv1TGxdyTvI0VFIVtIHHOB2jCr9/J9
Y00VaezNa2k84rd2L5NfMCRzoUxis80Friaqs10hHTO9s90gA+ieVACdJqG58bMP
MF+H6Wo5RPz8a7ot/uATMjJj5D9BQg6f6Ih5wn7f5oby4GYyyR/NGdU7R8b8/oXi
vwKppE1rnvdT15brUc7tC3hkjQY6x/wkBs1iUHX1h9z6hZWOSJfNENRSEhRIUoDa
eEpTVA95E4ezibNZBNJlY4oUfECkGOQLMjhv9h/Ed7KNsTAM3Ho0e3l0k1w=
-----END CERTIFICATE-----