Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bAGJ3im7KMHf9RcbCCC7i8lbJZM.roa
File:                     bAGJ3im7KMHf9RcbCCC7i8lbJZM.roa (raw, json)
Hash identifier:          4OkZFU8M+7okwnOPLEuhwynuorFDq3pB8d6CMT3DO+o=
Subject key identifier:   6C:01:89:DE:29:BB:28:C1:DF:F5:17:1B:08:20:BB:8B:C9:5B:25:93
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8F09F861C87177F7337234DBC89AC
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bAGJ3im7KMHf9RcbCCC7i8lbJZM.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212996
IP address blocks:        2a0c:9a40:8d00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f0:9f:86:1c:87:17:7f:73:37:23:4d:bc:89:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c0189de29bb28c1dff5171b0820bb8bc95b2593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:23:6c:2a:74:fd:e4:f5:b0:5a:8d:13:81:05:
                    0c:91:37:3c:cd:db:c2:ab:5f:c4:03:41:1e:f6:38:
                    eb:c3:62:6e:01:31:5f:96:fe:fe:2b:a8:f7:8d:fc:
                    d4:48:76:86:e1:b2:2f:7e:46:c5:17:4d:0f:44:a7:
                    da:ea:99:74:3b:d3:67:c9:e1:e8:ac:8f:a8:49:79:
                    33:08:2c:16:11:2a:a2:fc:be:f3:2a:67:41:26:f0:
                    fa:8e:70:2f:f0:c2:e3:02:22:a6:1c:7c:f4:36:3e:
                    34:78:8a:b2:fe:3b:9d:b2:e5:2d:05:de:c1:22:1b:
                    aa:57:56:21:86:62:e2:a4:6e:35:dd:4d:c3:a6:6e:
                    4b:63:de:6e:1f:10:df:62:e0:86:a8:32:95:11:a7:
                    b5:0e:49:ef:12:ea:b7:1a:42:20:55:dc:05:ea:a8:
                    8c:05:de:21:f7:14:b6:c9:a7:b7:df:ff:e1:1e:29:
                    62:8c:fc:61:b8:ff:80:b7:f8:44:60:17:92:74:c1:
                    54:6a:2e:37:12:7f:f3:a5:dc:4e:57:19:f7:4c:86:
                    62:86:3e:85:75:25:ba:1f:26:2f:a6:02:99:d2:0e:
                    74:39:44:ca:05:3a:fb:a9:7f:17:aa:32:0b:80:d7:
                    45:3b:8a:a8:4f:17:69:a8:a2:19:c0:f5:91:99:bc:
                    8c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:01:89:DE:29:BB:28:C1:DF:F5:17:1B:08:20:BB:8B:C9:5B:25:93
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bAGJ3im7KMHf9RcbCCC7i8lbJZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:62:81:a1:fc:79:a0:79:4d:b0:a9:ea:d5:e0:e2:2e:35:18:
         a4:4b:7a:42:76:7e:67:77:cd:87:b5:6c:ad:02:f4:a6:12:86:
         94:80:f7:02:2c:e6:60:36:37:de:3a:d3:bf:0b:4c:2a:36:3d:
         c8:e0:fd:12:37:25:d7:2b:02:cc:86:b9:a7:6b:52:b8:01:17:
         f3:b6:cd:1e:83:21:c3:90:5d:34:7b:b3:eb:50:1e:ba:c5:b7:
         ca:2a:e9:f3:94:94:16:1b:2f:a0:26:30:e1:b4:b8:a6:72:9b:
         af:d1:4a:36:0b:f2:97:a9:ef:d6:e9:35:dd:44:18:0e:57:ad:
         a3:58:b4:f9:28:2a:56:4e:ad:e8:16:36:6d:88:3a:34:61:65:
         f9:2b:2b:70:cd:f1:f6:3d:f2:6c:72:00:a4:26:84:cc:69:0d:
         d9:38:ff:22:4d:21:a7:d0:8b:9b:bb:2e:82:52:10:da:38:96:
         a4:b9:1c:bc:3a:ab:05:74:b7:70:fd:d0:50:8b:8b:a3:c4:66:
         b0:ee:bd:7c:01:96:69:29:1c:18:0c:9e:90:5d:a4:30:18:49:
         bb:cd:ad:fe:4c:0d:ff:54:c9:82:85:9e:31:ad:87:e2:05:96:
         9e:0f:b0:d7:a1:82:ae:2b:45:4a:6a:d3:a1:ef:7d:7c:ad:d6:
         ac:0d:93:dc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuPCfhhyHF39zNyNNvImsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzAxODlkZTI5YmIyOGMxZGZmNTE3MWIwODIwYmI4YmM5NWIyNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCNsKnT95PWwWo0TgQUMkTc8zdvC
q1/EA0Ee9jjrw2JuATFflv7+K6j3jfzUSHaG4bIvfkbFF00PRKfa6pl0O9NnyeHo
rI+oSXkzCCwWESqi/L7zKmdBJvD6jnAv8MLjAiKmHHz0Nj40eIqy/judsuUtBd7B
IhuqV1YhhmLipG413U3Dpm5LY95uHxDfYuCGqDKVEae1DknvEuq3GkIgVdwF6qiM
Bd4h9xS2yae33//hHilijPxhuP+At/hEYBeSdMFUai43En/zpdxOVxn3TIZihj6F
dSW6HyYvpgKZ0g50OUTKBTr7qX8XqjILgNdFO4qoTxdpqKIZwPWRmbyMfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGwBid4puyjB3/UXGwggu4vJWyWTMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvYkFHSjNpbTdLTUhmOVJjYkNDQzdpOGxiSlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQI0w
DQYJKoZIhvcNAQELBQADggEBAGFigaH8eaB5TbCp6tXg4i41GKRLekJ2fmd3zYe1
bK0C9KYShpSA9wIs5mA2N946078LTCo2Pcjg/RI3JdcrAsyGuadrUrgBF/O2zR6D
IcOQXTR7s+tQHrrFt8oq6fOUlBYbL6AmMOG0uKZym6/RSjYL8pep79bpNd1EGA5X
raNYtPkoKlZOregWNm2IOjRhZfkrK3DN8fY98mxyAKQmhMxpDdk4/yJNIafQi5u7
LoJSENo4lqS5HLw6qwV0t3D90FCLi6PEZrDuvXwBlmkpHBgMnpBdpDAYSbvNrf5M
Df9UyYKFnjGth+IFlp4PsNehgq4rRUpq06HvfXyt1qwNk9w=
-----END CERTIFICATE-----