Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/dPB63Zj5y1ua-nd7Jmpol8cypP0.roa
File:                     dPB63Zj5y1ua-nd7Jmpol8cypP0.roa (raw, json)
Hash identifier:          9s/gVBTZ0sKzzL1eswL5dWWIvEFAk+MjPiRUgX1hPeQ=
Subject key identifier:   74:F0:7A:DD:98:F9:CB:5B:9A:FA:77:7B:26:6A:68:97:C7:32:A4:FD
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       01904EC2E86F0B848E966BD3FD0ED48CC25A
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/dPB63Zj5y1ua-nd7Jmpol8cypP0.roa
Signing time:             Tue 25 Jun 2024 09:38:34 +0000
ROA not before:           Tue 25 Jun 2024 09:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215362
IP address blocks:        2a0c:9a40:8610::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:c2:e8:6f:0b:84:8e:96:6b:d3:fd:0e:d4:8c:c2:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jun 25 09:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74f07add98f9cb5b9afa777b266a6897c732a4fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:bc:08:db:79:a7:04:4e:d6:2d:e1:fb:2e:42:
                    c2:a5:3e:78:43:bc:75:e0:96:34:9f:d7:0f:c6:53:
                    f8:af:e4:f2:c3:21:01:c9:3b:f1:4f:01:c5:aa:94:
                    a7:1e:0e:f9:ab:10:9d:82:22:9d:99:0c:57:91:e3:
                    a4:13:ed:2d:3b:4c:3c:07:fd:df:93:82:62:e5:1e:
                    1a:c7:5a:41:85:9a:cb:96:fb:6c:8d:e5:a6:b8:91:
                    40:42:71:4e:17:f1:45:44:79:92:83:7d:63:5f:ef:
                    2e:12:ac:ec:e7:b3:1b:1f:63:fd:b3:a7:47:22:86:
                    5f:10:b2:a6:97:74:ad:00:d9:80:f4:1c:60:34:2a:
                    33:d9:45:bb:2b:c9:a1:7c:68:25:fd:18:63:0b:87:
                    8e:ab:d6:58:47:63:22:95:70:9b:04:8b:d9:9f:65:
                    4e:df:54:10:ea:ee:69:7d:7a:dd:2f:ae:0e:cd:31:
                    7b:db:4d:01:b3:3b:8b:76:89:15:d4:6b:77:a8:8d:
                    c5:26:0d:07:a4:81:d8:5e:4f:11:0e:0e:96:f3:b9:
                    b1:1a:45:f5:dc:78:e0:cd:e4:ca:31:f8:59:89:cb:
                    81:f1:65:68:c2:1d:88:b0:85:0e:13:2b:c2:3e:e1:
                    f5:36:d8:ab:b1:e2:f6:eb:e8:43:cd:1b:91:b0:49:
                    84:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F0:7A:DD:98:F9:CB:5B:9A:FA:77:7B:26:6A:68:97:C7:32:A4:FD
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/dPB63Zj5y1ua-nd7Jmpol8cypP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8610::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:06:d2:7d:20:0b:df:e4:bf:11:41:90:fd:a5:a5:e1:0c:23:
         f4:c0:12:3e:48:e4:c5:08:f0:c0:09:25:71:9d:ab:3a:77:7d:
         8f:05:c2:0b:0a:2c:80:45:59:58:fd:7e:38:26:77:24:ef:99:
         ef:9c:e2:51:04:ee:d2:16:e1:6f:a8:b5:ae:86:ce:cb:6b:c0:
         7a:6a:a0:55:fd:3f:f8:1b:06:38:6a:67:59:b0:a7:58:6c:3c:
         52:bf:30:76:a8:82:12:5d:0d:88:45:f6:fa:7b:84:5c:68:14:
         b1:0c:2c:c3:ec:ad:be:ed:a9:77:e5:3a:d3:a2:04:d2:2a:58:
         ba:64:a5:c8:ee:9f:f2:2a:c4:ba:52:54:2e:ed:33:1e:ac:2c:
         51:0d:f3:b4:3b:3a:6a:cb:18:4a:0f:cd:cd:3f:b7:24:3d:7d:
         61:8a:6a:81:48:91:2a:fa:2e:e7:c4:a0:b8:ab:74:b8:09:21:
         04:7a:8e:e6:9d:6a:7a:f1:41:ad:30:fd:20:6b:eb:dc:61:9f:
         25:d7:b9:57:ae:33:24:0e:ed:92:e3:ae:5b:99:8c:c4:19:37:
         d3:30:ec:5c:5d:4f:d1:e7:d3:1d:f1:29:27:5e:e5:43:88:c7:
         50:00:56:41:0b:df:25:23:2b:ad:12:c7:b9:16:31:e8:7f:7a:
         e3:43:ae:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBOwuhvC4SOlmvT/Q7UjMJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNjI1MDkzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGYwN2FkZDk4ZjljYjViOWFmYTc3N2IyNjZhNjg5N2M3MzJhNGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9LwI23mnBE7WLeH7LkLCpT54Q7x1
4JY0n9cPxlP4r+TywyEByTvxTwHFqpSnHg75qxCdgiKdmQxXkeOkE+0tO0w8B/3f
k4Ji5R4ax1pBhZrLlvtsjeWmuJFAQnFOF/FFRHmSg31jX+8uEqzs57MbH2P9s6dH
IoZfELKml3StANmA9BxgNCoz2UW7K8mhfGgl/RhjC4eOq9ZYR2MilXCbBIvZn2VO
31QQ6u5pfXrdL64OzTF7200BszuLdokV1Gt3qI3FJg0HpIHYXk8RDg6W87mxGkX1
3HjgzeTKMfhZicuB8WVowh2IsIUOEyvCPuH1NtirseL26+hDzRuRsEmECwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHTwet2Y+ctbmvp3eyZqaJfHMqT9MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvZFBCNjNaajV5MXVhLW5kN0ptcG9sOGN5cFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIYQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAWBtJ9IAvf5L8RQZD9paXhDCP0wBI+SOTFCPDA
CSVxnas6d32PBcILCiyARVlY/X44Jnck75nvnOJRBO7SFuFvqLWuhs7La8B6aqBV
/T/4GwY4amdZsKdYbDxSvzB2qIISXQ2IRfb6e4RcaBSxDCzD7K2+7al35TrTogTS
Kli6ZKXI7p/yKsS6UlQu7TMerCxRDfO0OzpqyxhKD83NP7ckPX1himqBSJEq+i7n
xKC4q3S4CSEEeo7mnWp68UGtMP0ga+vcYZ8l17lXrjMkDu2S465bmYzEGTfTMOxc
XU/R59Md8SknXuVDiMdQAFZBC98lIyutEse5FjHof3rjQ64u
-----END CERTIFICATE-----