Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nKeQLGdspbay1u_7SG8tK_Jh20g.roa
File:                     nKeQLGdspbay1u_7SG8tK_Jh20g.roa (raw, json)
Hash identifier:          2UV2GSoSUs6/0cvOiKBv0p89x5ZfAL6aFaqqpHrc6Vw=
Subject key identifier:   9C:A7:90:2C:67:6C:A5:B6:B2:D6:EF:FB:48:6F:2D:2B:F2:61:DB:48
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0190B351B373EE9D3660D4E0F5EA6849423E
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nKeQLGdspbay1u_7SG8tK_Jh20g.roa
Signing time:             Sun 14 Jul 2024 22:16:34 +0000
ROA not before:           Sun 14 Jul 2024 22:16:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200372
IP address blocks:        2a0c:9a40:8a80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b3:51:b3:73:ee:9d:36:60:d4:e0:f5:ea:68:49:42:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jul 14 22:16:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ca7902c676ca5b6b2d6effb486f2d2bf261db48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:eb:84:b8:ea:62:f5:30:9f:93:53:84:8d:72:
                    97:3f:23:bf:0a:ca:f3:64:a8:16:32:5f:63:bf:73:
                    11:70:42:6d:94:1d:5a:22:f5:52:cd:cd:94:ab:b1:
                    0d:97:28:d2:f5:b2:15:f9:4f:bb:93:90:cb:73:08:
                    b1:6c:07:03:12:be:b9:8e:34:3a:2c:fd:aa:65:04:
                    10:39:58:d2:56:53:4d:21:9c:25:fb:0b:3c:3b:4a:
                    2b:86:5a:7d:81:14:d9:c0:0f:e4:33:54:b0:1e:18:
                    c9:33:49:87:3f:56:8c:7e:cd:1b:b3:b0:c3:54:db:
                    e7:10:78:d2:b8:6b:dc:5e:11:ec:68:db:d4:45:97:
                    c5:b8:40:22:8b:cf:44:ec:f3:2f:34:17:31:62:b8:
                    42:71:2b:61:c8:22:48:0a:90:f0:17:d6:c0:78:75:
                    66:ad:15:ce:03:68:2a:57:b7:03:3e:3b:a2:d5:64:
                    b0:09:a8:7c:d1:78:32:20:97:d3:d9:87:da:59:cf:
                    22:12:2c:31:52:94:3d:d4:ad:d2:25:86:f7:4f:b9:
                    2e:8e:59:4a:6c:e0:62:b8:77:9d:48:91:ac:83:b4:
                    b7:98:a7:2a:d7:83:81:fb:a9:1d:06:e9:1e:12:9c:
                    10:0d:01:38:d4:18:09:5a:80:4d:26:84:cb:a2:c7:
                    cd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A7:90:2C:67:6C:A5:B6:B2:D6:EF:FB:48:6F:2D:2B:F2:61:DB:48
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nKeQLGdspbay1u_7SG8tK_Jh20g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8a80::/44

    Signature Algorithm: sha256WithRSAEncryption
         78:da:e2:88:e6:e7:46:e8:c9:57:23:93:f8:17:93:ab:1b:49:
         29:97:d6:6a:20:96:b3:69:33:a5:db:41:13:6a:bf:9a:78:ff:
         06:d0:84:cd:dd:98:bc:1f:85:26:43:64:00:2d:da:d1:01:ed:
         83:8d:35:39:e5:98:84:40:b1:78:d1:b0:9f:6f:7c:0d:45:81:
         7f:16:3c:cf:f8:c7:89:bd:63:f6:a4:80:b9:38:ff:3f:fe:bf:
         2d:c0:81:73:2e:fc:6f:3a:6a:66:88:24:03:57:cc:fb:e2:82:
         26:ae:9c:81:bb:61:27:b6:dc:ed:21:dd:13:81:62:d1:f3:f3:
         ab:a0:0b:61:4d:f4:65:1c:5c:83:0d:a4:20:15:92:9a:9a:fe:
         7f:ba:26:d9:07:27:25:b4:92:0d:e9:6f:27:1c:8f:a6:36:19:
         90:83:71:38:df:38:9b:8d:37:e0:1f:26:56:9e:d1:d7:2f:9a:
         61:72:5f:c2:04:48:f1:88:75:3c:a3:bd:21:05:ce:99:0a:d9:
         ef:83:95:38:ab:a4:aa:e0:2b:6b:53:ea:73:f7:26:d4:b5:ea:
         5f:b0:e3:72:03:14:8b:95:00:9d:1a:e6:0b:35:08:91:bf:ab:
         f3:7d:00:17:f6:7e:ca:a4:19:b9:a1:3b:82:44:ee:02:e2:4f:
         f7:82:4a:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZCzUbNz7p02YNTg9epoSUI+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNzE0MjIxNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E3OTAyYzY3NmNhNWI2YjJkNmVmZmI0ODZmMmQyYmYyNjFkYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeuEuOpi9TCfk1OEjXKXPyO/Csrz
ZKgWMl9jv3MRcEJtlB1aIvVSzc2Uq7ENlyjS9bIV+U+7k5DLcwixbAcDEr65jjQ6
LP2qZQQQOVjSVlNNIZwl+ws8O0orhlp9gRTZwA/kM1SwHhjJM0mHP1aMfs0bs7DD
VNvnEHjSuGvcXhHsaNvURZfFuEAii89E7PMvNBcxYrhCcSthyCJICpDwF9bAeHVm
rRXOA2gqV7cDPjui1WSwCah80XgyIJfT2YfaWc8iEiwxUpQ91K3SJYb3T7kujllK
bOBiuHedSJGsg7S3mKcq14OB+6kdBukeEpwQDQE41BgJWoBNJoTLosfNmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJynkCxnbKW2stbv+0hvLSvyYdtIMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvbktlUUxHZHNwYmF5MXVfN1NHOHRLX0poMjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIqA
MA0GCSqGSIb3DQEBCwUAA4IBAQB42uKI5udG6MlXI5P4F5OrG0kpl9ZqIJazaTOl
20ETar+aeP8G0ITN3Zi8H4UmQ2QALdrRAe2DjTU55ZiEQLF40bCfb3wNRYF/FjzP
+MeJvWP2pIC5OP8//r8twIFzLvxvOmpmiCQDV8z74oImrpyBu2EnttztId0TgWLR
8/OroAthTfRlHFyDDaQgFZKamv5/uibZBycltJIN6W8nHI+mNhmQg3E43zibjTfg
HyZWntHXL5phcl/CBEjxiHU8o70hBc6ZCtnvg5U4q6Sq4CtrU+pz9ybUtepfsONy
AxSLlQCdGuYLNQiRv6vzfQAX9n7KpBm5oTuCRO4C4k/3gkog
-----END CERTIFICATE-----