Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ed3rwGIa0vvrQk9ipZn-p7hVuB4.roa
File:                     ed3rwGIa0vvrQk9ipZn-p7hVuB4.roa (raw, json)
Hash identifier:          s0hSuilcILGP04/vjC9s+swqnHnnRNcFSdGXBfZKDac=
Subject key identifier:   79:DD:EB:C0:62:1A:D2:FB:EB:42:4F:62:A5:99:FE:A7:B8:55:B8:1E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8DBFAAEBA693442BF508E6BF15C3F
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ed3rwGIa0vvrQk9ipZn-p7hVuB4.roa
Signing time:             Mon 01 Jan 2024 20:30:52 +0000
ROA not before:           Mon 01 Jan 2024 20:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149476
IP address blocks:        2a0c:9a40:9c00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:db:fa:ae:ba:69:34:42:bf:50:8e:6b:f1:5c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79ddebc0621ad2fbeb424f62a599fea7b855b81e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c5:ba:0c:17:2c:e7:08:d5:32:8c:20:f5:d9:
                    7e:d9:30:21:50:7d:d7:dd:d7:5f:2b:d0:54:79:83:
                    96:6f:e9:11:eb:c3:78:34:dd:87:31:0a:76:46:93:
                    bb:f4:86:d5:69:05:d2:54:a5:6c:61:66:8d:07:21:
                    be:11:47:e8:d5:42:3d:01:23:68:2c:7e:79:82:d4:
                    a8:9a:c0:de:34:d1:c3:51:d9:21:a2:2d:e1:e6:df:
                    bb:15:42:19:2a:00:c6:f8:67:73:47:c7:7b:05:92:
                    bb:46:e3:2f:c8:f1:80:a4:01:d3:80:57:8e:dd:61:
                    c0:a5:6f:b0:09:2a:8e:d3:e9:00:b5:3a:97:c2:28:
                    87:07:cc:3a:7b:d7:26:f9:e6:d9:86:bf:5a:db:16:
                    21:72:09:aa:ca:10:04:d7:17:ef:31:b8:e8:ed:78:
                    15:44:84:84:41:0e:2a:d7:e2:29:70:46:57:81:d1:
                    a0:04:c3:74:85:86:4b:e5:ed:3e:00:a9:4d:22:5f:
                    22:7c:45:c5:8b:ec:0f:2e:3d:00:39:30:bf:a0:65:
                    5d:99:af:7b:34:db:da:05:87:92:b3:0b:f1:6b:18:
                    3b:c9:79:09:fd:61:cf:ad:72:94:f9:d5:54:93:4b:
                    8f:ac:a1:46:49:a6:7c:f6:95:d9:08:09:97:af:b0:
                    a7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:DD:EB:C0:62:1A:D2:FB:EB:42:4F:62:A5:99:FE:A7:B8:55:B8:1E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ed3rwGIa0vvrQk9ipZn-p7hVuB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:9c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         a9:6b:4a:4d:17:f2:19:86:b3:6a:fc:a7:31:16:27:5d:a8:7e:
         ff:de:18:8d:67:5d:49:f0:d0:40:3f:e3:06:aa:27:ef:aa:44:
         2b:38:46:b4:62:ae:2c:17:82:72:ff:c8:93:11:65:ec:99:83:
         68:dc:dc:1d:3f:b6:5e:7d:77:db:86:1a:4a:0e:07:d8:e4:bf:
         f7:a2:b8:d5:7a:13:98:b7:9e:54:f5:04:f0:3b:05:bd:15:86:
         d7:6a:a4:48:15:51:ba:e0:9c:9b:e9:27:2a:97:61:89:9d:82:
         71:43:16:76:d3:ef:fd:55:d7:e5:e3:fb:61:71:30:18:5a:b9:
         ac:2c:24:b1:3e:09:12:c1:5f:7f:27:2b:79:32:51:5c:55:5c:
         52:80:86:d6:c2:09:9a:ad:af:0a:8e:84:fc:17:b7:23:07:3a:
         b7:b4:36:6b:2c:14:8f:79:83:92:0d:d5:c7:5a:bf:41:74:48:
         f4:5f:c4:06:af:e9:16:74:3b:5f:fe:0f:f1:e2:c8:b5:61:f3:
         d8:bb:e7:19:ac:94:e6:5a:ff:8b:2f:c6:13:02:4f:a8:6e:68:
         28:bc:fd:ed:26:af:86:54:70:42:83:e2:00:50:36:ad:2a:63:
         68:95:b5:15:92:2d:b8:11:a4:75:77:74:3a:5a:84:66:aa:7e:
         83:b8:2e:4a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuNv6rrppNEK/UI5r8Vw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWRkZWJjMDYyMWFkMmZiZWI0MjRmNjJhNTk5ZmVhN2I4NTViODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMW6DBcs5wjVMowg9dl+2TAhUH3X
3ddfK9BUeYOWb+kR68N4NN2HMQp2RpO79IbVaQXSVKVsYWaNByG+EUfo1UI9ASNo
LH55gtSomsDeNNHDUdkhoi3h5t+7FUIZKgDG+GdzR8d7BZK7RuMvyPGApAHTgFeO
3WHApW+wCSqO0+kAtTqXwiiHB8w6e9cm+ebZhr9a2xYhcgmqyhAE1xfvMbjo7XgV
RISEQQ4q1+IpcEZXgdGgBMN0hYZL5e0+AKlNIl8ifEXFi+wPLj0AOTC/oGVdma97
NNvaBYeSswvxaxg7yXkJ/WHPrXKU+dVUk0uPrKFGSaZ89pXZCAmXr7Cn1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHnd68BiGtL760JPYqWZ/qe4VbgeMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvZWQzcndHSWEwdnZyUWs5aXBabi1wN2hWdUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQJww
DQYJKoZIhvcNAQELBQADggEBAKlrSk0X8hmGs2r8pzEWJ12ofv/eGI1nXUnw0EA/
4waqJ++qRCs4RrRiriwXgnL/yJMRZeyZg2jc3B0/tl59d9uGGkoOB9jkv/eiuNV6
E5i3nlT1BPA7Bb0VhtdqpEgVUbrgnJvpJyqXYYmdgnFDFnbT7/1V1+Xj+2FxMBha
uawsJLE+CRLBX38nK3kyUVxVXFKAhtbCCZqtrwqOhPwXtyMHOre0NmssFI95g5IN
1cdav0F0SPRfxAav6RZ0O1/+D/HiyLVh89i75xmslOZa/4svxhMCT6huaCi8/e0m
r4ZUcEKD4gBQNq0qY2iVtRWSLbgRpHV3dDpahGaqfoO4Lko=
-----END CERTIFICATE-----