Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/mQOdnwfR_t_-r8k0O3uvifTzKQU.roa
File:                     mQOdnwfR_t_-r8k0O3uvifTzKQU.roa (raw, json)
Hash identifier:          MA6dDi+iRAngrWEFakBkKxhTMisVc2NDzIsK0W4QT7I=
Subject key identifier:   99:03:9D:9F:07:D1:FE:DF:FE:AF:C9:34:3B:7B:AF:89:F4:F3:29:05
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       01931AD953B5DEAC1A431F25D491E9A8F349
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/mQOdnwfR_t_-r8k0O3uvifTzKQU.roa
Signing time:             Mon 11 Nov 2024 10:51:10 +0000
ROA not before:           Mon 11 Nov 2024 10:51:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214006
IP address blocks:        2a0c:9a40:8620::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:d9:53:b5:de:ac:1a:43:1f:25:d4:91:e9:a8:f3:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Nov 11 10:51:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99039d9f07d1fedffeafc9343b7baf89f4f32905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9d:49:89:ad:b4:24:d9:f6:29:c7:e8:3e:31:
                    d1:49:6c:45:69:37:31:a5:37:b1:38:54:d9:29:b0:
                    e1:a1:10:58:09:a0:2f:d2:06:5c:3e:00:f9:59:d5:
                    9a:84:f1:9e:1f:03:60:a0:5d:a7:a8:5d:ad:5f:32:
                    a7:8e:5b:da:d4:fd:1c:e7:5e:0a:03:ea:c3:19:f1:
                    51:54:33:7b:79:47:c3:d2:a8:8b:e4:ca:61:a1:67:
                    8f:21:d2:02:be:a8:30:7f:58:d4:8b:52:e9:ab:d2:
                    a9:13:ee:75:ec:bb:f4:33:f9:38:dc:bd:6e:bc:a3:
                    e5:dd:f9:31:bc:76:5c:5a:67:08:fb:ea:0a:d4:24:
                    5c:d2:c3:0c:e0:87:5c:34:3c:2a:c1:e8:86:d5:af:
                    02:c4:80:2c:5a:b3:f9:4d:a9:80:84:9f:1e:54:2f:
                    3d:5c:b4:ae:53:dc:3b:51:78:ad:87:1d:af:a0:63:
                    99:94:eb:d9:27:db:3e:9b:97:6e:e7:25:a3:fc:b0:
                    8f:50:53:f5:3f:8a:f5:cc:74:91:6b:69:b6:06:0a:
                    72:0c:67:98:37:27:18:dd:54:a5:d8:fd:1d:a9:58:
                    f5:5f:5b:72:8c:80:c5:b3:ce:b8:92:9d:ae:e6:e0:
                    d5:4a:12:55:29:13:1d:c3:31:6b:cb:80:4b:85:d0:
                    d3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:03:9D:9F:07:D1:FE:DF:FE:AF:C9:34:3B:7B:AF:89:F4:F3:29:05
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/mQOdnwfR_t_-r8k0O3uvifTzKQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8620::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:69:6d:84:fc:b9:2f:17:71:7e:9d:57:15:09:fd:30:c6:30:
         09:83:99:1c:28:d8:bc:b2:42:20:dc:96:87:7e:22:2c:f8:83:
         85:e8:79:a3:f6:10:ef:bc:28:da:83:81:b6:87:39:0e:c8:90:
         9a:22:61:75:09:d2:b4:d7:7f:49:0a:4d:71:87:c4:1c:a2:b0:
         6b:bd:c6:1e:7d:2d:a5:24:2c:23:fe:c0:2b:01:06:af:6b:24:
         f3:e4:74:91:8c:be:cd:5a:b4:84:ef:e0:2b:ab:1d:c1:bd:03:
         a7:a7:c0:05:56:b2:15:1f:4d:1e:7a:a9:6b:4a:2a:0a:57:4a:
         85:7d:d0:99:22:f1:23:bf:68:bd:5f:43:79:a8:4e:f8:66:67:
         ab:46:30:11:78:58:83:59:b4:0a:0f:cf:5e:18:d6:27:f6:e5:
         9c:97:62:e3:5f:a9:05:94:3e:18:b5:ca:a1:34:14:9c:9b:96:
         f9:b7:9f:5d:63:1f:c4:19:d9:5f:30:8e:62:3a:94:de:c7:bf:
         68:2f:3b:51:9f:b4:77:bf:16:01:7a:1f:14:c5:70:18:09:d3:
         4f:1b:92:b4:d2:46:e6:6c:0c:a9:a5:e1:db:f7:be:83:53:83:
         19:c0:a2:46:7f:23:10:19:79:dc:9c:24:09:7f:a5:b6:f0:8c:
         1b:a1:82:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMa2VO13qwaQx8l1JHpqPNJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQxMTExMTA1MTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTAzOWQ5ZjA3ZDFmZWRmZmVhZmM5MzQzYjdiYWY4OWY0ZjMyOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0p1Jia20JNn2KcfoPjHRSWxFaTcx
pTexOFTZKbDhoRBYCaAv0gZcPgD5WdWahPGeHwNgoF2nqF2tXzKnjlva1P0c514K
A+rDGfFRVDN7eUfD0qiL5MphoWePIdICvqgwf1jUi1Lpq9KpE+517Lv0M/k43L1u
vKPl3fkxvHZcWmcI++oK1CRc0sMM4IdcNDwqweiG1a8CxIAsWrP5TamAhJ8eVC89
XLSuU9w7UXithx2voGOZlOvZJ9s+m5du5yWj/LCPUFP1P4r1zHSRa2m2BgpyDGeY
NycY3VSl2P0dqVj1X1tyjIDFs864kp2u5uDVShJVKRMdwzFry4BLhdDTcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJkDnZ8H0f7f/q/JNDt7r4n08ykFMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvbVFPZG53ZlJfdF8tcjhrME8zdXZpZlR6S1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIYg
MA0GCSqGSIb3DQEBCwUAA4IBAQBAaW2E/LkvF3F+nVcVCf0wxjAJg5kcKNi8skIg
3JaHfiIs+IOF6Hmj9hDvvCjag4G2hzkOyJCaImF1CdK0139JCk1xh8QcorBrvcYe
fS2lJCwj/sArAQavayTz5HSRjL7NWrSE7+Arqx3BvQOnp8AFVrIVH00eeqlrSioK
V0qFfdCZIvEjv2i9X0N5qE74ZmerRjAReFiDWbQKD89eGNYn9uWcl2LjX6kFlD4Y
tcqhNBScm5b5t59dYx/EGdlfMI5iOpTex79oLztRn7R3vxYBeh8UxXAYCdNPG5K0
0kbmbAyppeHb976DU4MZwKJGfyMQGXncnCQJf6W28IwboYL9
-----END CERTIFICATE-----