Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/mS58lPRxrKy1HDplAzqdyyNxwKM.roa
File:                     mS58lPRxrKy1HDplAzqdyyNxwKM.roa (raw, json)
Hash identifier:          jquEIKUDWg4Xq5pYwKrktWexbzFVg4oXRt4G40RiaHE=
Subject key identifier:   99:2E:7C:94:F4:71:AC:AC:B5:1C:3A:65:03:3A:9D:CB:23:71:C0:A3
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8F6A803413B898DBAF3CAB8CDA546
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/mS58lPRxrKy1HDplAzqdyyNxwKM.roa
Signing time:             Mon 01 Jan 2024 20:30:59 +0000
ROA not before:           Mon 01 Jan 2024 20:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215909
IP address blocks:        2a0c:9a40:8a20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f6:a8:03:41:3b:89:8d:ba:f3:ca:b8:cd:a5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=992e7c94f471acacb51c3a65033a9dcb2371c0a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d9:82:b2:89:c1:ae:46:d5:93:12:f4:dc:cf:
                    2d:87:fe:32:6f:ce:e3:bf:bc:bc:8b:ac:9c:13:be:
                    1c:b6:8d:59:20:f5:74:75:23:c9:90:f5:e7:c4:ba:
                    2c:0f:fc:a2:93:6f:10:bb:f2:2e:2e:3c:79:9f:7b:
                    21:26:72:f3:02:3f:ec:50:d9:30:95:36:5b:b6:3f:
                    c8:c0:54:a0:a5:4c:84:ff:5d:f9:4f:04:bb:87:0e:
                    e8:fd:21:18:be:d6:6f:b4:6e:b3:30:43:33:00:f3:
                    f6:e8:b6:69:c1:5e:95:a7:2f:b3:32:fa:ba:37:6a:
                    4c:9b:e2:d4:28:b7:52:cc:73:56:fe:9e:59:fa:cd:
                    84:46:e7:ae:36:a4:07:96:91:63:bd:cc:01:c6:85:
                    f2:61:c5:ab:28:41:f8:ff:e5:6f:79:25:c2:b2:d3:
                    be:b9:98:d1:0b:17:78:a2:f1:f1:1f:fb:a8:eb:d9:
                    f7:2d:0c:db:ef:50:e1:7c:39:87:f1:01:7b:12:3a:
                    da:ab:52:84:ac:16:cc:d3:9a:4b:e4:26:a2:20:31:
                    4b:d9:a8:ca:9b:f7:34:89:59:6e:53:21:43:2a:6e:
                    b7:70:54:b8:71:94:ce:3e:a2:f8:89:e5:ac:c8:2e:
                    9c:16:f6:ea:e0:69:5f:9c:1a:be:8b:0d:7d:e7:03:
                    97:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:2E:7C:94:F4:71:AC:AC:B5:1C:3A:65:03:3A:9D:CB:23:71:C0:A3
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/mS58lPRxrKy1HDplAzqdyyNxwKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8a20::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:25:8d:7c:76:ed:da:db:76:d3:94:ee:3f:ba:27:d4:25:4f:
         74:4f:4c:cd:86:15:08:e9:79:07:76:12:5d:74:89:8a:c0:c9:
         ae:14:e0:cc:21:91:28:de:57:b3:73:6d:43:31:e0:c9:c2:91:
         7b:12:ba:3a:77:63:67:06:b8:b5:d7:73:33:9e:44:73:ca:4e:
         23:3b:4d:0c:db:fd:fd:ab:fa:03:50:0b:05:af:05:aa:1c:ad:
         f7:c3:3e:3f:82:54:1b:fe:b8:4f:ea:d8:f2:be:eb:93:38:b3:
         3f:4f:eb:df:34:b9:77:01:10:d4:a2:85:56:a7:82:dd:50:0f:
         a1:13:f7:49:a0:34:a8:4e:1a:e3:04:41:a9:f0:39:38:d5:16:
         70:f9:0c:85:2c:23:81:29:97:89:23:42:a6:c5:05:c8:01:43:
         31:d8:50:ec:ff:6e:e8:aa:ad:17:4c:83:64:b0:ec:26:43:d0:
         0e:5d:13:2d:1e:5c:ea:c4:57:c5:e5:02:02:ef:8c:79:97:94:
         6f:29:1b:b6:d8:37:ca:f7:65:eb:a8:e8:fb:78:46:a0:23:90:
         6b:db:06:33:74:90:ba:6f:db:ad:e5:0c:20:35:13:61:b5:b3:
         06:c6:44:fe:22:b7:21:97:ec:b0:55:25:3d:15:ab:26:19:5c:
         e6:18:43:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuPaoA0E7iY2688q4zaVGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTJlN2M5NGY0NzFhY2FjYjUxYzNhNjUwMzNhOWRjYjIzNzFjMGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9mCsonBrkbVkxL03M8th/4yb87j
v7y8i6ycE74cto1ZIPV0dSPJkPXnxLosD/yik28Qu/IuLjx5n3shJnLzAj/sUNkw
lTZbtj/IwFSgpUyE/135TwS7hw7o/SEYvtZvtG6zMEMzAPP26LZpwV6Vpy+zMvq6
N2pMm+LUKLdSzHNW/p5Z+s2ERueuNqQHlpFjvcwBxoXyYcWrKEH4/+VveSXCstO+
uZjRCxd4ovHxH/uo69n3LQzb71DhfDmH8QF7Ejraq1KErBbM05pL5CaiIDFL2ajK
m/c0iVluUyFDKm63cFS4cZTOPqL4ieWsyC6cFvbq4GlfnBq+iw195wOXmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJkufJT0caystRw6ZQM6ncsjccCjMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvbVM1OGxQUnhyS3kxSERwbEF6cWR5eU54d0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIog
MA0GCSqGSIb3DQEBCwUAA4IBAQCrJY18du3a23bTlO4/uifUJU90T0zNhhUI6XkH
dhJddImKwMmuFODMIZEo3lezc21DMeDJwpF7Ero6d2NnBri113MznkRzyk4jO00M
2/39q/oDUAsFrwWqHK33wz4/glQb/rhP6tjyvuuTOLM/T+vfNLl3ARDUooVWp4Ld
UA+hE/dJoDSoThrjBEGp8Dk41RZw+QyFLCOBKZeJI0KmxQXIAUMx2FDs/27oqq0X
TINksOwmQ9AOXRMtHlzqxFfF5QIC74x5l5RvKRu22DfK92XrqOj7eEagI5Br2wYz
dJC6b9ut5QwgNRNhtbMGxkT+Irchl+ywVSU9FasmGVzmGEO/
-----END CERTIFICATE-----