Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nYTPncJJeKM-VB6p8ZETrhDi_BM.roa
File:                     nYTPncJJeKM-VB6p8ZETrhDi_BM.roa (raw, json)
Hash identifier:          aAkHf9286CynZNQW75IKF4bZwjkKZ1ZnSHNlzzINj4Q=
Subject key identifier:   9D:84:CF:9D:C2:49:78:A3:3E:54:1E:A9:F1:91:13:AE:10:E2:FC:13
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019051DBC0AA59B623E80A129F7A1FFCA7E2
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nYTPncJJeKM-VB6p8ZETrhDi_BM.roa
Signing time:             Wed 26 Jun 2024 00:04:34 +0000
ROA not before:           Wed 26 Jun 2024 00:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399646
IP address blocks:        2a0c:9a40:908f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:51:db:c0:aa:59:b6:23:e8:0a:12:9f:7a:1f:fc:a7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jun 26 00:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d84cf9dc24978a33e541ea9f19113ae10e2fc13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:56:ac:d6:2e:74:e1:ff:36:dd:8e:9f:2e:0d:
                    3f:53:aa:77:a7:13:bc:82:18:f4:c0:e6:f7:d5:f6:
                    cf:6f:ff:3d:74:08:db:01:25:1f:b1:f2:d5:bb:95:
                    35:22:9e:8c:a9:c2:d2:66:33:5e:a5:0e:43:16:45:
                    ab:49:20:c8:0c:6a:0c:26:8b:8c:e0:c9:46:d1:d0:
                    1c:a7:66:71:aa:ea:eb:17:c6:04:7c:5e:cf:63:c2:
                    a5:d3:e3:72:76:e6:f7:bf:68:ea:69:d8:ac:4a:22:
                    94:26:26:42:72:39:96:0f:87:b8:10:21:1c:b9:c9:
                    c4:cc:97:d2:2e:0e:96:e4:1f:2e:8f:dd:06:77:60:
                    43:20:29:80:45:5c:b9:14:41:64:1d:67:11:bc:e7:
                    95:30:bd:cb:eb:c8:8d:0b:fb:2b:e7:b8:6e:4d:a7:
                    0f:fc:06:9d:12:1a:1b:c3:71:4d:60:26:f4:95:70:
                    c6:6b:1a:81:ba:bd:1a:0f:25:78:37:0c:a0:f0:d2:
                    3b:df:60:95:ce:63:1b:16:f9:2c:3a:40:66:80:6d:
                    d7:43:f8:da:bc:e4:c2:5d:2f:f4:80:87:80:49:ac:
                    01:86:d0:09:24:a3:1b:01:e0:b0:6a:a8:8b:e2:69:
                    72:67:b1:02:4b:6a:fd:f2:d6:c4:40:78:da:f0:c8:
                    65:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:84:CF:9D:C2:49:78:A3:3E:54:1E:A9:F1:91:13:AE:10:E2:FC:13
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nYTPncJJeKM-VB6p8ZETrhDi_BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:908f::/48

    Signature Algorithm: sha256WithRSAEncryption
         ca:d7:8d:b3:c7:24:26:e9:e2:ff:41:07:fd:23:8c:64:58:52:
         9f:5b:5c:ed:2a:bd:c7:7d:3d:08:ae:98:dc:d9:a5:b2:02:7e:
         79:b1:6c:fc:83:ff:1e:2a:ea:34:5a:74:f5:79:b1:a6:43:2a:
         f7:16:08:db:e6:70:7a:7b:a2:7b:00:3b:cd:f5:c0:10:3c:2f:
         88:ec:69:22:9f:14:58:19:68:f9:c7:5e:45:ec:fe:fe:aa:60:
         da:00:74:98:6e:f4:78:ee:23:9e:fd:8e:a0:c7:a4:81:fd:95:
         dc:de:09:2a:b2:30:3a:d3:cd:42:62:6d:d1:09:a2:bf:ff:62:
         28:f6:01:79:4f:4c:e8:29:3e:e9:17:7b:6f:0b:d7:8d:b1:10:
         d2:1e:45:06:84:c4:cc:51:74:06:a1:dd:25:fa:f5:04:6c:a9:
         28:8e:48:89:74:fb:f1:f4:58:04:0e:87:78:ba:71:3e:e9:ae:
         5f:a6:4b:bc:1d:33:6c:a7:4b:7a:f2:b2:3f:be:20:c8:51:3e:
         59:40:07:e2:33:36:83:fb:e7:e5:b2:f6:55:19:dc:d6:5e:d6:
         cb:a9:e9:74:33:c1:e5:fc:fb:5a:3e:67:fd:8e:16:ee:74:2d:
         b1:3d:3e:cd:7e:25:6f:00:b7:66:6e:ac:6f:c2:b1:9e:0c:8b:
         08:c5:57:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBR28CqWbYj6AoSn3of/KfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNjI2MDAwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDg0Y2Y5ZGMyNDk3OGEzM2U1NDFlYTlmMTkxMTNhZTEwZTJmYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlas1i504f823Y6fLg0/U6p3pxO8
ghj0wOb31fbPb/89dAjbASUfsfLVu5U1Ip6MqcLSZjNepQ5DFkWrSSDIDGoMJouM
4MlG0dAcp2ZxqurrF8YEfF7PY8Kl0+Nydub3v2jqadisSiKUJiZCcjmWD4e4ECEc
ucnEzJfSLg6W5B8uj90Gd2BDICmARVy5FEFkHWcRvOeVML3L68iNC/sr57huTacP
/AadEhobw3FNYCb0lXDGaxqBur0aDyV4Nwyg8NI732CVzmMbFvksOkBmgG3XQ/ja
vOTCXS/0gIeASawBhtAJJKMbAeCwaqiL4mlyZ7ECS2r98tbEQHja8MhldwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ2Ez53CSXijPlQeqfGRE64Q4vwTMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvbllUUG5jSkplS00tVkI2cDhaRVRyaERpX0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQJCP
MA0GCSqGSIb3DQEBCwUAA4IBAQDK142zxyQm6eL/QQf9I4xkWFKfW1ztKr3HfT0I
rpjc2aWyAn55sWz8g/8eKuo0WnT1ebGmQyr3Fgjb5nB6e6J7ADvN9cAQPC+I7Gki
nxRYGWj5x15F7P7+qmDaAHSYbvR47iOe/Y6gx6SB/ZXc3gkqsjA6081CYm3RCaK/
/2Io9gF5T0zoKT7pF3tvC9eNsRDSHkUGhMTMUXQGod0l+vUEbKkojkiJdPvx9FgE
Dod4unE+6a5fpku8HTNsp0t68rI/viDIUT5ZQAfiMzaD++flsvZVGdzWXtbLqel0
M8Hl/PtaPmf9jhbudC2xPT7NfiVvALdmbqxvwrGeDIsIxVev
-----END CERTIFICATE-----