Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/jqvjjQBEGJAdJoTEWeKtvvweiRw.roa
File:                     jqvjjQBEGJAdJoTEWeKtvvweiRw.roa (raw, json)
Hash identifier:          k/Bx7YlWq8wCF+iDkyk9NRXnuWQ1Vun7MtBc37MssH0=
Subject key identifier:   8E:AB:E3:8D:00:44:18:90:1D:26:84:C4:59:E2:AD:BE:FC:1E:89:1C
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       01917FE0C5B3F2938685848F0AC7E26C5839
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/jqvjjQBEGJAdJoTEWeKtvvweiRw.roa
Signing time:             Fri 23 Aug 2024 15:35:22 +0000
ROA not before:           Fri 23 Aug 2024 15:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212704
IP address blocks:        2a0c:9a40:8070::/44 maxlen: 44
                          2a0c:9a40:8070::/48 maxlen: 48
                          2a0c:9a40:8078::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:e0:c5:b3:f2:93:86:85:84:8f:0a:c7:e2:6c:58:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Aug 23 15:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eabe38d004418901d2684c459e2adbefc1e891c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9b:a4:8e:41:4a:d0:66:9c:6d:9e:7a:37:dc:
                    70:98:b6:90:84:6f:78:ea:73:28:c3:68:82:07:bb:
                    af:41:6d:bd:bd:8e:a8:03:de:18:a8:29:38:1e:6f:
                    4e:0e:8d:96:44:85:46:d9:88:36:44:80:5a:aa:c4:
                    fe:f6:a2:64:1f:a9:cc:89:9f:95:98:1e:70:8a:f4:
                    e7:e9:34:6b:a5:44:45:d9:35:fe:e9:25:03:19:74:
                    e8:3a:bf:7e:6d:a5:3a:46:34:f0:f6:2a:06:8a:d5:
                    68:be:e6:f2:79:42:ef:55:df:94:f3:8c:c0:68:e4:
                    28:cd:ef:d2:86:d4:3f:18:3a:ec:7f:f1:96:ff:31:
                    dd:7e:81:cf:79:64:02:3a:4a:54:8b:cf:45:15:6c:
                    aa:3f:41:80:73:d4:7f:93:12:b1:34:15:c5:04:2a:
                    42:e9:7f:9d:b4:79:b4:83:ca:da:af:32:36:4e:db:
                    8e:33:fa:fd:f8:f1:38:61:eb:b4:7b:e7:bc:9d:4e:
                    73:b6:c8:bb:b7:3e:cd:c7:d3:9a:7b:bd:27:fb:ba:
                    d9:b6:df:8b:f9:a8:88:c0:f2:ac:65:71:11:a1:cc:
                    92:a2:cc:b9:5c:50:1e:11:36:41:97:d3:f8:18:59:
                    a9:df:44:05:36:12:e7:c0:5d:52:a7:1a:ee:cc:04:
                    89:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AB:E3:8D:00:44:18:90:1D:26:84:C4:59:E2:AD:BE:FC:1E:89:1C
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/jqvjjQBEGJAdJoTEWeKtvvweiRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8070::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:b2:ff:23:2a:61:7c:43:f0:2b:ee:9b:bb:da:8e:88:31:a2:
         d2:9b:7c:e4:34:27:a3:93:d0:97:2b:60:37:77:e2:9c:61:70:
         4c:00:ec:c3:da:64:b2:a5:68:fc:87:19:49:73:7a:a9:90:f2:
         0b:72:44:33:08:ca:4d:46:e4:1b:7d:1f:07:30:b0:25:a1:ac:
         ba:98:d8:90:a9:98:39:87:b0:15:f0:9c:0d:61:17:64:d0:96:
         40:8f:5c:ab:fb:0d:de:16:a5:c3:67:59:dd:2b:78:70:43:46:
         3c:f5:d4:42:e1:ba:4d:7d:fc:f2:2a:f9:bb:16:8c:00:07:ec:
         e8:d4:7c:a1:0d:8a:92:98:eb:7a:ac:a5:be:c8:2d:6e:4a:ba:
         e1:e7:2f:46:70:66:3e:56:a2:6d:2d:47:5a:93:c3:9a:d2:1f:
         f5:81:db:bf:7a:38:ea:51:87:a8:cb:40:78:1b:49:63:55:48:
         00:47:c3:e0:d7:bd:7a:5e:a6:a0:62:60:ba:2e:1b:3e:75:89:
         fb:7d:cc:b2:c1:54:13:ad:f2:16:94:94:97:aa:8c:c5:65:33:
         9d:1f:91:76:ae:ba:6f:32:dd:0a:8b:ad:73:38:93:a3:a8:da:
         fb:0a:9b:26:9f:06:ef:bd:2f:c1:38:04:cf:34:13:67:6e:8e:
         ad:09:74:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF/4MWz8pOGhYSPCsfibFg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwODIzMTUzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWFiZTM4ZDAwNDQxODkwMWQyNjg0YzQ1OWUyYWRiZWZjMWU4OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pukjkFK0GacbZ56N9xwmLaQhG94
6nMow2iCB7uvQW29vY6oA94YqCk4Hm9ODo2WRIVG2Yg2RIBaqsT+9qJkH6nMiZ+V
mB5wivTn6TRrpURF2TX+6SUDGXToOr9+baU6RjTw9ioGitVovubyeULvVd+U84zA
aOQoze/ShtQ/GDrsf/GW/zHdfoHPeWQCOkpUi89FFWyqP0GAc9R/kxKxNBXFBCpC
6X+dtHm0g8rarzI2TtuOM/r9+PE4Yeu0e+e8nU5ztsi7tz7Nx9Oae70n+7rZtt+L
+aiIwPKsZXERocySosy5XFAeETZBl9P4GFmp30QFNhLnwF1SpxruzASJEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI6r440ARBiQHSaExFnirb78HokcMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvanF2ampRQkVHSkFkSm9URVdlS3R2dndlaVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIBw
MA0GCSqGSIb3DQEBCwUAA4IBAQAdsv8jKmF8Q/Ar7pu72o6IMaLSm3zkNCejk9CX
K2A3d+KcYXBMAOzD2mSypWj8hxlJc3qpkPILckQzCMpNRuQbfR8HMLAloay6mNiQ
qZg5h7AV8JwNYRdk0JZAj1yr+w3eFqXDZ1ndK3hwQ0Y89dRC4bpNffzyKvm7FowA
B+zo1HyhDYqSmOt6rKW+yC1uSrrh5y9GcGY+VqJtLUdak8Oa0h/1gdu/ejjqUYeo
y0B4G0ljVUgAR8Pg1716XqagYmC6Lhs+dYn7fcyywVQTrfIWlJSXqozFZTOdH5F2
rrpvMt0Ki61zOJOjqNr7CpsmnwbvvS/BOATPNBNnbo6tCXRx
-----END CERTIFICATE-----