Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bT_3YD4KLWzS-SGE6tJcglTAJ0Y.roa
File:                     bT_3YD4KLWzS-SGE6tJcglTAJ0Y.roa (raw, json)
Hash identifier:          PMuKtuAzXNqWLnqXDFhgYC0ghuLrYd+/8QwcFI2IsCY=
Subject key identifier:   6D:3F:F7:60:3E:0A:2D:6C:D2:F9:21:84:EA:D2:5C:82:54:C0:27:46
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E1800329D1E6D7282FC041C1F9E4
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bT_3YD4KLWzS-SGE6tJcglTAJ0Y.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199705
IP address blocks:        2a0c:9a40:8210::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e1:80:03:29:d1:e6:d7:28:2f:c0:41:c1:f9:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d3ff7603e0a2d6cd2f92184ead25c8254c02746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c1:a8:17:f9:3f:9c:98:c9:2f:c5:c9:35:ca:
                    d9:44:4f:23:7f:df:24:ac:da:cb:83:11:c4:aa:f0:
                    95:99:2f:90:56:3b:e9:85:dd:48:74:91:d3:db:77:
                    af:df:a6:a5:fe:e6:a1:88:c9:d6:09:a3:7e:a5:d6:
                    5f:7d:f5:09:e1:64:b0:28:55:28:79:0c:92:03:36:
                    e8:2f:00:42:de:4e:74:4e:2c:70:4a:a5:dc:34:0c:
                    f4:ee:a9:12:ce:6b:bf:db:56:5f:70:91:bb:dd:4d:
                    9b:29:c0:20:ef:40:50:92:41:f9:24:e3:f5:a4:a2:
                    54:cb:a7:67:2d:21:c9:ab:98:70:ce:ff:ba:aa:53:
                    4b:3a:49:f5:63:dc:94:b4:1b:ca:d5:99:d9:f1:a9:
                    be:82:2e:da:fe:25:bb:2a:d8:54:60:44:84:73:9b:
                    7b:78:fc:3e:b2:b6:51:eb:b3:f7:b9:3a:c2:ff:c1:
                    54:02:6f:aa:bf:e1:a2:59:6c:2b:02:c7:05:0d:1e:
                    e5:6d:d5:8f:b1:21:fd:38:cd:3d:98:94:e7:58:9c:
                    27:53:95:90:d8:46:7b:fb:86:2b:ed:45:c9:60:db:
                    ee:02:c9:1e:e0:0f:6c:ff:fe:8b:a6:df:9e:d6:a4:
                    05:bb:0b:7b:4d:82:1e:84:35:ba:eb:cc:c8:c0:99:
                    13:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:3F:F7:60:3E:0A:2D:6C:D2:F9:21:84:EA:D2:5C:82:54:C0:27:46
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bT_3YD4KLWzS-SGE6tJcglTAJ0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8210::/44

    Signature Algorithm: sha256WithRSAEncryption
         53:90:c5:93:34:33:a4:ed:5a:e7:4b:19:0d:78:b4:4b:25:13:
         1d:48:00:25:e4:5f:51:20:eb:3f:72:45:31:77:93:b4:7f:25:
         bd:d9:c2:a7:95:04:95:a1:5b:c0:4c:d5:98:72:b0:4d:ac:7e:
         19:78:a9:40:09:ca:22:09:0b:65:5e:dc:48:70:a1:4c:84:35:
         78:eb:90:c2:f2:24:41:3b:a4:8b:99:de:08:38:53:5e:10:c7:
         ea:a0:e8:72:e3:e8:c1:02:9f:61:42:8f:55:c2:4d:0d:cf:20:
         9b:06:00:4a:0a:99:ce:37:7b:e1:b2:3b:f2:d2:fb:f9:9c:2c:
         54:5e:ba:cf:62:5c:f1:5b:31:62:f7:ec:f2:04:99:e4:d0:ec:
         3f:29:83:a7:3e:1f:82:39:1c:16:be:1d:12:7e:36:1c:88:a3:
         ce:d8:5b:b1:0f:66:ad:0a:ab:6a:bc:8a:88:80:f2:42:02:7a:
         3b:8e:e2:f9:6d:71:d7:01:2e:91:84:76:3d:f2:2a:5e:9e:44:
         a0:df:cb:99:5c:dc:49:72:ae:00:3f:09:5c:95:b3:86:27:b4:
         e9:c4:94:cf:50:b3:63:f7:3e:d2:8f:47:c7:6b:5a:47:d0:1b:
         65:e9:e5:98:e9:5a:7e:08:ec:f8:64:4e:04:34:cb:80:53:eb:
         e7:6e:33:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOGAAynR5tcoL8BBwfnkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDNmZjc2MDNlMGEyZDZjZDJmOTIxODRlYWQyNWM4MjU0YzAyNzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcGoF/k/nJjJL8XJNcrZRE8jf98k
rNrLgxHEqvCVmS+QVjvphd1IdJHT23ev36al/uahiMnWCaN+pdZfffUJ4WSwKFUo
eQySAzboLwBC3k50TixwSqXcNAz07qkSzmu/21ZfcJG73U2bKcAg70BQkkH5JOP1
pKJUy6dnLSHJq5hwzv+6qlNLOkn1Y9yUtBvK1ZnZ8am+gi7a/iW7KthUYESEc5t7
ePw+srZR67P3uTrC/8FUAm+qv+GiWWwrAscFDR7lbdWPsSH9OM09mJTnWJwnU5WQ
2EZ7+4Yr7UXJYNvuAske4A9s//6Lpt+e1qQFuwt7TYIehDW668zIwJkTdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG0/92A+Ci1s0vkhhOrSXIJUwCdGMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvYlRfM1lENEtMV3pTLVNHRTZ0SmNnbFRBSjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIIQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBTkMWTNDOk7VrnSxkNeLRLJRMdSAAl5F9RIOs/
ckUxd5O0fyW92cKnlQSVoVvATNWYcrBNrH4ZeKlACcoiCQtlXtxIcKFMhDV465DC
8iRBO6SLmd4IOFNeEMfqoOhy4+jBAp9hQo9Vwk0NzyCbBgBKCpnON3vhsjvy0vv5
nCxUXrrPYlzxWzFi9+zyBJnk0Ow/KYOnPh+CORwWvh0SfjYciKPO2FuxD2atCqtq
vIqIgPJCAno7juL5bXHXAS6RhHY98ipenkSg38uZXNxJcq4APwlclbOGJ7TpxJTP
ULNj9z7Sj0fHa1pH0Btl6eWY6Vp+COz4ZE4ENMuAU+vnbjMz
-----END CERTIFICATE-----