Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/b_TL9Ds1fwzfSaCpWlgPMgBRnYU.roa
File:                     b_TL9Ds1fwzfSaCpWlgPMgBRnYU.roa (raw, json)
Hash identifier:          fiQKrAX+sGNINEzNyd/WQvsH5UrGZzSg4fI5u2/netM=
Subject key identifier:   6F:F4:CB:F4:3B:35:7F:0C:DF:49:A0:A9:5A:58:0F:32:00:51:9D:85
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D78A05DD5AF3A489D52221D7912D
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/b_TL9Ds1fwzfSaCpWlgPMgBRnYU.roa
Signing time:             Mon 01 Jan 2024 20:30:51 +0000
ROA not before:           Mon 01 Jan 2024 20:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50131
IP address blocks:        2a0c:9a40:808d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d7:8a:05:dd:5a:f3:a4:89:d5:22:21:d7:91:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ff4cbf43b357f0cdf49a0a95a580f3200519d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8d:1a:08:9f:55:b3:7d:47:3e:48:56:44:cf:
                    d9:ce:88:58:76:54:f2:1e:a8:93:64:1a:71:c4:aa:
                    f8:4b:ba:61:32:ee:f5:57:f5:4c:4a:3a:aa:4e:a5:
                    12:9e:74:df:37:a6:aa:88:17:d4:22:da:3e:96:90:
                    59:57:7a:31:2e:39:23:32:a0:c8:dc:ec:d2:48:4a:
                    c0:9a:63:a5:01:d1:d4:a5:03:7c:59:c3:24:f7:d1:
                    85:46:1d:f0:8c:c6:72:b2:f3:42:6a:71:f7:99:54:
                    43:60:e0:34:cb:22:39:11:a3:c0:30:6a:63:fe:c0:
                    18:c7:a6:91:ad:a9:89:02:e2:be:7a:ab:bb:63:31:
                    81:66:1a:a3:f0:6d:99:f4:a1:26:42:06:8b:76:17:
                    ea:b4:65:1d:93:a4:da:1e:7b:77:7f:14:80:2a:dc:
                    f1:b2:61:ef:44:7b:d3:f7:6f:0b:e2:35:63:f5:77:
                    3d:62:ee:7e:ec:83:f1:30:35:aa:a3:db:d3:f7:46:
                    90:0b:1d:f0:f3:7f:0f:9d:a6:59:e3:12:77:48:8e:
                    59:c2:27:e1:b4:0a:9f:05:70:38:78:d8:09:b4:4e:
                    8b:d6:ee:86:f4:71:ba:b5:9e:6c:a3:92:06:71:a7:
                    4a:04:48:29:fb:31:f3:66:66:ec:3e:3f:ce:fa:33:
                    6f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F4:CB:F4:3B:35:7F:0C:DF:49:A0:A9:5A:58:0F:32:00:51:9D:85
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/b_TL9Ds1fwzfSaCpWlgPMgBRnYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:808d::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:ee:7f:e3:22:8b:fe:bf:30:d7:1f:40:31:7b:33:bb:d2:9d:
         39:6e:dd:58:54:40:95:ff:b9:69:ad:c7:94:f7:30:1a:54:b1:
         e6:7f:ed:02:e0:f5:fd:9f:6e:6e:52:1f:f5:e8:98:47:9e:82:
         b2:a4:df:ff:77:eb:52:43:aa:19:9c:e1:18:49:1d:6a:82:c4:
         0b:6d:19:92:b3:e2:0f:1c:52:27:21:27:22:6f:c4:5e:4b:8c:
         03:9a:86:80:16:89:0d:97:dd:72:4a:67:f7:93:fa:ff:91:d9:
         6c:64:db:bb:ca:17:2d:81:76:9f:45:83:bd:25:22:0c:fa:b7:
         de:a4:46:ef:d8:c1:ce:fa:1c:e8:c7:2b:71:c5:fb:ec:4a:7c:
         04:46:44:57:b0:0b:6f:f2:1a:e3:81:36:3b:dc:4e:2c:ec:b5:
         e1:8f:92:ac:59:b0:41:2e:e8:be:8c:54:df:65:a8:d1:af:89:
         13:3c:7c:56:5b:bd:d1:37:e9:e9:11:0d:fc:1f:b8:1a:eb:de:
         e1:b0:02:43:4a:74:6a:d5:90:83:ec:c2:1a:8a:9d:25:31:21:
         cc:b9:c6:52:7d:2b:f2:d0:90:ae:58:e9:04:80:6e:45:4b:43:
         46:dd:ec:23:a1:dd:ff:7e:c0:59:f2:22:f1:d9:a4:9f:34:20:
         37:5e:ef:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNeKBd1a86SJ1SIh15EtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmY0Y2JmNDNiMzU3ZjBjZGY0OWEwYTk1YTU4MGYzMjAwNTE5ZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo0aCJ9Vs31HPkhWRM/ZzohYdlTy
HqiTZBpxxKr4S7phMu71V/VMSjqqTqUSnnTfN6aqiBfUIto+lpBZV3oxLjkjMqDI
3OzSSErAmmOlAdHUpQN8WcMk99GFRh3wjMZysvNCanH3mVRDYOA0yyI5EaPAMGpj
/sAYx6aRramJAuK+equ7YzGBZhqj8G2Z9KEmQgaLdhfqtGUdk6TaHnt3fxSAKtzx
smHvRHvT928L4jVj9Xc9Yu5+7IPxMDWqo9vT90aQCx3w838PnaZZ4xJ3SI5Zwifh
tAqfBXA4eNgJtE6L1u6G9HG6tZ5so5IGcadKBEgp+zHzZmbsPj/O+jNvnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG/0y/Q7NX8M30mgqVpYDzIAUZ2FMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvYl9UTDlEczFmd3pmU2FDcFdsZ1BNZ0JSbllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQICN
MA0GCSqGSIb3DQEBCwUAA4IBAQA97n/jIov+vzDXH0AxezO70p05bt1YVECV/7lp
rceU9zAaVLHmf+0C4PX9n25uUh/16JhHnoKypN//d+tSQ6oZnOEYSR1qgsQLbRmS
s+IPHFInIScib8ReS4wDmoaAFokNl91ySmf3k/r/kdlsZNu7yhctgXafRYO9JSIM
+rfepEbv2MHO+hzoxytxxfvsSnwERkRXsAtv8hrjgTY73E4s7LXhj5KsWbBBLui+
jFTfZajRr4kTPHxWW73RN+npEQ38H7ga697hsAJDSnRq1ZCD7MIaip0lMSHMucZS
fSvy0JCuWOkEgG5FS0NG3ewjod3/fsBZ8iLx2aSfNCA3Xu/b
-----END CERTIFICATE-----