Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/laXcTBblsaLQorYdP6W90Vi8Sro.roa
File:                     laXcTBblsaLQorYdP6W90Vi8Sro.roa (raw, json)
Hash identifier:          monYgyqEca/Us5aK9TfTUCFWXUvoWd4DyIAQEPLnhMA=
Subject key identifier:   95:A5:DC:4C:16:E5:B1:A2:D0:A2:B6:1D:3F:A5:BD:D1:58:BC:4A:BA
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8DEAD9939275C42636B86A2A45E33
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/laXcTBblsaLQorYdP6W90Vi8Sro.roa
Signing time:             Mon 01 Jan 2024 20:30:53 +0000
ROA not before:           Mon 01 Jan 2024 20:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198276
IP address blocks:        2a0c:9a40:8390::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 15:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:de:ad:99:39:27:5c:42:63:6b:86:a2:a4:5e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95a5dc4c16e5b1a2d0a2b61d3fa5bdd158bc4aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:79:bd:89:c4:9e:2b:59:0e:f6:61:93:e0:64:
                    c5:d6:56:d1:2a:3b:cb:97:96:3a:09:5a:66:33:96:
                    ee:32:10:70:64:59:f3:e6:0f:63:b0:e3:d6:98:b8:
                    14:c9:2b:7f:3c:d1:75:90:8b:63:65:09:3d:0c:29:
                    ca:94:b7:12:c3:74:54:81:bf:a1:13:3e:55:77:d9:
                    0a:77:2e:e2:52:0a:65:e8:fc:42:10:53:d5:9b:ac:
                    2f:d9:79:da:67:d9:f8:86:d7:4d:05:23:36:b1:3f:
                    05:8c:82:f3:1b:19:26:1d:21:65:0e:8d:98:13:e3:
                    17:c0:48:f4:55:0a:0b:12:73:9c:d5:bd:0a:64:be:
                    68:dd:3e:8e:41:a8:f6:91:db:ad:34:db:14:5a:ed:
                    8d:f8:dd:40:51:72:c5:6d:25:bc:56:3c:df:f7:d3:
                    28:2d:3f:14:e3:58:1d:61:80:01:25:fe:98:b8:c1:
                    99:38:a6:18:04:5e:6d:41:bc:80:ee:c7:4b:3d:dd:
                    ab:48:77:2e:36:8f:f9:ea:65:30:03:4f:6b:bf:28:
                    98:67:e5:74:f4:f5:5f:58:bf:24:62:1f:b1:11:0c:
                    f1:56:20:c3:18:5b:5a:dc:f7:81:98:4f:56:d2:7b:
                    71:f1:8c:65:17:40:8c:d7:6a:e1:5d:4f:ac:29:18:
                    0e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:A5:DC:4C:16:E5:B1:A2:D0:A2:B6:1D:3F:A5:BD:D1:58:BC:4A:BA
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/laXcTBblsaLQorYdP6W90Vi8Sro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8390::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:dd:05:79:ff:b1:cb:4e:ac:a1:42:04:77:c3:ea:3e:f5:40:
         18:3c:ac:2e:05:95:1b:8c:04:66:db:1d:26:f7:e0:33:b0:fa:
         a6:7f:34:3f:bc:28:52:9d:38:af:a9:98:bf:0e:17:ee:a4:5f:
         8d:9d:fd:e4:f0:ab:4e:62:e4:37:1f:1f:05:7d:26:f6:5c:33:
         b1:dd:29:a8:c2:63:89:6e:fd:b1:5e:aa:6b:ca:75:cc:71:67:
         9a:0a:69:ed:a0:a2:d5:26:71:c6:9b:c7:e3:7d:68:fd:be:83:
         43:ef:93:a2:f1:c1:fd:3b:1e:01:4d:d9:e0:6b:f0:58:46:03:
         0f:1d:45:62:f4:19:ec:39:73:ad:2b:28:9c:3e:af:e8:48:06:
         b6:a7:fe:57:f5:30:c7:28:82:a6:13:44:77:a8:86:7c:0c:b1:
         d1:ea:63:55:38:3b:6b:c5:37:cf:32:b3:1e:d4:20:c1:d2:95:
         d4:f3:5b:ce:ed:f8:2a:7c:f9:c0:73:c0:96:ee:4e:5a:05:6f:
         88:61:17:50:99:ff:7c:a4:65:24:b5:8a:b1:06:06:53:8b:8e:
         4f:90:44:77:ad:2f:d5:e3:bb:ed:2b:a7:ae:ab:ef:5d:f3:61:
         65:92:c4:08:d4:4b:dc:fd:05:a4:a4:42:27:4e:1f:43:dd:42:
         03:66:7d:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuN6tmTknXEJja4aipF4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWE1ZGM0YzE2ZTViMWEyZDBhMmI2MWQzZmE1YmRkMTU4YmM0YWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnm9icSeK1kO9mGT4GTF1lbRKjvL
l5Y6CVpmM5buMhBwZFnz5g9jsOPWmLgUySt/PNF1kItjZQk9DCnKlLcSw3RUgb+h
Ez5Vd9kKdy7iUgpl6PxCEFPVm6wv2XnaZ9n4htdNBSM2sT8FjILzGxkmHSFlDo2Y
E+MXwEj0VQoLEnOc1b0KZL5o3T6OQaj2kdutNNsUWu2N+N1AUXLFbSW8Vjzf99Mo
LT8U41gdYYABJf6YuMGZOKYYBF5tQbyA7sdLPd2rSHcuNo/56mUwA09rvyiYZ+V0
9PVfWL8kYh+xEQzxViDDGFta3PeBmE9W0ntx8YxlF0CM12rhXU+sKRgOFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJWl3EwW5bGi0KK2HT+lvdFYvEq6MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvbGFYY1RCYmxzYUxRb3JZZFA2VzkwVmk4U3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIOQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDG3QV5/7HLTqyhQgR3w+o+9UAYPKwuBZUbjARm
2x0m9+AzsPqmfzQ/vChSnTivqZi/DhfupF+Nnf3k8KtOYuQ3Hx8FfSb2XDOx3Smo
wmOJbv2xXqprynXMcWeaCmntoKLVJnHGm8fjfWj9voND75Oi8cH9Ox4BTdnga/BY
RgMPHUVi9BnsOXOtKyicPq/oSAa2p/5X9TDHKIKmE0R3qIZ8DLHR6mNVODtrxTfP
MrMe1CDB0pXU81vO7fgqfPnAc8CW7k5aBW+IYRdQmf98pGUktYqxBgZTi45PkER3
rS/V47vtK6euq+9d82FlksQI1Evc/QWkpEInTh9D3UIDZn3O
-----END CERTIFICATE-----