Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/hkDhq7u9wVJDNa0Rx4_XWxMcClw.roa
File:                     hkDhq7u9wVJDNa0Rx4_XWxMcClw.roa (raw, json)
Hash identifier:          1VNiP1aWRWwoDa7pjMBw4iM9aPT1xKPlKtsXSyHkCUI=
Subject key identifier:   86:40:E1:AB:BB:BD:C1:52:43:35:AD:11:C7:8F:D7:5B:13:1C:0A:5C
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8F1D95E23D8B95B7717080D9F8BBE
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/hkDhq7u9wVJDNa0Rx4_XWxMcClw.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213234
IP address blocks:        2a0c:9a40:8a00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f1:d9:5e:23:d8:b9:5b:77:17:08:0d:9f:8b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8640e1abbbbdc1524335ad11c78fd75b131c0a5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cf:4c:b6:b5:0b:c7:4b:02:03:48:e5:c9:6f:
                    dc:9a:9e:23:10:f7:29:26:51:08:a5:50:01:fb:dc:
                    f4:67:f5:f6:6a:de:e5:8c:8f:ab:41:0b:74:1b:54:
                    41:92:7c:fc:e1:7f:80:ee:04:6c:f5:c1:c2:0b:65:
                    3e:9b:fe:cd:01:a7:df:f6:a5:5f:0b:b4:aa:f6:2b:
                    67:2c:62:de:0b:78:5a:a3:87:5d:7e:f1:98:72:cd:
                    af:d2:c4:52:10:1c:f1:c8:65:6e:39:60:5c:99:0a:
                    26:bf:46:17:a0:9a:dd:63:4a:b0:82:f2:ce:5b:e7:
                    f2:3e:4f:df:86:17:e4:bf:34:4c:df:67:c3:61:98:
                    8b:85:41:95:4a:0e:fb:3d:90:6a:9d:34:59:13:0e:
                    02:0e:c2:f4:c5:08:f6:ce:0f:d9:af:cb:5d:2b:a3:
                    0f:21:dc:4f:9c:1c:e4:ac:a2:40:ad:44:b6:62:db:
                    6a:a9:89:00:81:0a:6d:f3:1d:4c:51:3e:b4:e8:7a:
                    90:8a:fd:ae:4a:bf:60:60:3d:ef:c2:40:42:d5:f5:
                    f8:18:28:44:4a:e0:57:a6:b3:12:0a:f4:a0:86:12:
                    62:d7:93:8c:60:48:34:4b:24:d3:bb:43:18:2c:df:
                    05:77:36:88:b8:31:36:bd:60:85:0d:a3:bc:43:5b:
                    79:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:40:E1:AB:BB:BD:C1:52:43:35:AD:11:C7:8F:D7:5B:13:1C:0A:5C
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/hkDhq7u9wVJDNa0Rx4_XWxMcClw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:87:58:22:d7:74:e2:65:69:84:95:6a:03:c4:09:f4:d5:94:
         d6:37:81:ff:9d:d9:2b:56:85:cb:da:0f:05:83:0a:45:de:ca:
         95:8b:84:d9:95:1d:fa:8c:49:c0:8c:e8:d2:49:95:da:bf:db:
         a9:2c:8c:88:0c:ba:a2:eb:29:5d:e8:63:d1:dd:7d:f7:e2:da:
         8a:bc:b4:6e:8d:e8:1a:0e:10:9b:16:88:18:e8:94:e1:34:b3:
         af:9d:61:88:81:bf:dd:9f:db:2e:d3:1c:7f:fa:70:31:7e:37:
         70:43:54:60:88:ba:e6:00:9a:5a:fe:c3:ef:e2:6d:4b:71:c4:
         b7:81:c4:c6:7e:28:ae:93:aa:76:13:df:16:15:81:b0:48:68:
         04:22:6a:45:ef:2b:da:29:ec:65:f7:84:43:c5:37:f2:a8:21:
         c5:3d:c7:4b:16:42:d9:c3:26:bf:24:5a:42:a4:a6:2c:ed:5f:
         17:e5:a7:6a:66:ec:60:a8:f1:0b:dc:62:dd:49:4f:05:0f:07:
         05:c4:e0:2d:e2:3c:5a:fd:39:ee:ce:24:11:b0:03:29:38:14:
         28:45:00:79:03:64:79:c1:66:ae:e4:0e:7c:ed:4d:cf:cd:cd:
         ba:de:90:6e:c3:05:1b:4e:2a:88:da:79:01:e2:1f:2b:6c:ce:
         01:56:3c:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuPHZXiPYuVt3FwgNn4u+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQwZTFhYmJiYmRjMTUyNDMzNWFkMTFjNzhmZDc1YjEzMWMwYTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps9MtrULx0sCA0jlyW/cmp4jEPcp
JlEIpVAB+9z0Z/X2at7ljI+rQQt0G1RBknz84X+A7gRs9cHCC2U+m/7NAaff9qVf
C7Sq9itnLGLeC3hao4ddfvGYcs2v0sRSEBzxyGVuOWBcmQomv0YXoJrdY0qwgvLO
W+fyPk/fhhfkvzRM32fDYZiLhUGVSg77PZBqnTRZEw4CDsL0xQj2zg/Zr8tdK6MP
IdxPnBzkrKJArUS2YttqqYkAgQpt8x1MUT606HqQiv2uSr9gYD3vwkBC1fX4GChE
SuBXprMSCvSghhJi15OMYEg0SyTTu0MYLN8FdzaIuDE2vWCFDaO8Q1t5KQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIZA4au7vcFSQzWtEceP11sTHApcMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvaGtEaHE3dTl3VkpETmEwUng0X1hXeE1jQ2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIoA
MA0GCSqGSIb3DQEBCwUAA4IBAQBah1gi13TiZWmElWoDxAn01ZTWN4H/ndkrVoXL
2g8FgwpF3sqVi4TZlR36jEnAjOjSSZXav9upLIyIDLqi6yld6GPR3X334tqKvLRu
jegaDhCbFogY6JThNLOvnWGIgb/dn9su0xx/+nAxfjdwQ1RgiLrmAJpa/sPv4m1L
ccS3gcTGfiiuk6p2E98WFYGwSGgEImpF7yvaKexl94RDxTfyqCHFPcdLFkLZwya/
JFpCpKYs7V8X5adqZuxgqPEL3GLdSU8FDwcFxOAt4jxa/TnuziQRsAMpOBQoRQB5
A2R5wWau5A587U3Pzc263pBuwwUbTiqI2nkB4h8rbM4BVjzY
-----END CERTIFICATE-----