Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nbJJm5viVGIvCxS0UY-Q450NGPA.roa
File:                     nbJJm5viVGIvCxS0UY-Q450NGPA.roa (raw, json)
Hash identifier:          JwoONa2FyX88VJm3N4ZJe6mgbeXEtNNDnb7VstpH5ok=
Subject key identifier:   9D:B2:49:9B:9B:E2:54:62:2F:0B:14:B4:51:8F:90:E3:9D:0D:18:F0
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E2EBB85181F8705DC7AD24D7AA1F
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nbJJm5viVGIvCxS0UY-Q450NGPA.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200857
IP address blocks:        2a0c:9a40:8103::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e2:eb:b8:51:81:f8:70:5d:c7:ad:24:d7:aa:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9db2499b9be254622f0b14b4518f90e39d0d18f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8d:c3:f4:5d:ec:5b:52:5f:fb:78:fc:32:5c:
                    1b:a8:39:d8:68:8f:60:0a:59:d8:93:90:8e:e4:0c:
                    10:d7:49:30:54:d1:8e:4b:01:64:ce:ab:7f:cb:96:
                    75:6a:f2:4e:9b:34:f3:93:d5:03:15:a9:c5:2c:8d:
                    4e:42:aa:65:8c:02:d5:ed:36:da:9e:f3:2f:4e:d0:
                    9d:8e:8b:5a:26:d6:6f:81:16:6d:99:d1:2f:0c:16:
                    3c:6e:84:a8:d0:4c:d6:0d:3b:dc:32:4d:85:7f:09:
                    84:ae:6d:66:52:52:16:4c:18:7b:75:2b:03:fb:a7:
                    80:4a:26:81:f0:89:8b:a7:c1:fa:8a:4c:05:dd:5c:
                    c8:70:f1:bc:61:94:34:e1:e4:b8:dc:9f:f6:53:2f:
                    78:6d:9a:d8:45:4b:72:8d:7d:98:7d:97:a8:ff:01:
                    34:de:09:fc:3b:e4:94:ff:ab:a2:15:6f:75:c1:35:
                    17:e6:b1:eb:ad:1b:26:ed:a7:f3:5d:80:82:11:ee:
                    ce:95:4b:1f:72:cb:a9:ef:06:13:a4:fb:36:b2:1f:
                    c7:ff:9c:63:ae:e9:db:20:fa:5b:24:bf:7e:1e:be:
                    50:c2:1c:86:51:61:81:b8:ac:42:77:8a:3d:a7:6a:
                    89:78:96:07:44:f8:b3:ba:22:62:b5:81:e9:d0:01:
                    5d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B2:49:9B:9B:E2:54:62:2F:0B:14:B4:51:8F:90:E3:9D:0D:18:F0
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/nbJJm5viVGIvCxS0UY-Q450NGPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8103::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:86:db:cd:f3:28:64:c8:a6:f1:65:db:a8:de:22:25:7c:89:
         de:22:2a:88:db:bc:90:ed:e3:0a:43:f8:2d:e1:db:64:7a:2a:
         39:93:ff:98:8d:ba:f6:b8:31:c1:e9:7a:86:17:72:47:e4:ab:
         7d:dd:a6:bc:a6:e5:c4:03:40:1c:f9:92:2c:f4:8e:72:c7:57:
         d2:49:14:49:8c:f4:06:ad:83:59:45:a0:3a:60:dd:db:bb:27:
         3d:e4:72:a4:56:24:c8:26:d7:73:9d:44:89:8e:11:a5:65:b5:
         5e:3c:84:30:09:2d:2c:4a:cd:b6:40:ee:45:1b:a8:c9:97:60:
         38:c7:1c:e7:71:d3:98:86:b9:98:f4:07:7c:c2:f5:98:cb:60:
         26:4c:a0:5d:6e:32:b2:cb:b9:95:fc:39:2f:c0:3b:d6:e9:90:
         4a:8d:a9:87:70:56:39:b8:62:9b:4a:3e:5f:62:63:5a:c6:f1:
         2a:b4:75:d7:5a:bb:ac:08:17:5c:5e:4d:b9:b6:00:b4:80:3d:
         be:b0:e9:f5:7f:f9:73:4c:d2:86:cd:f0:59:cf:f5:62:62:f7:
         f8:35:bf:fc:59:d7:be:22:35:cc:35:79:f6:86:da:ce:7a:eb:
         c7:28:44:81:d9:48:13:b3:f8:38:07:25:0c:e7:12:c2:48:87:
         51:62:6a:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOLruFGB+HBdx60k16ofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGIyNDk5YjliZTI1NDYyMmYwYjE0YjQ1MThmOTBlMzlkMGQxOGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY3D9F3sW1Jf+3j8MlwbqDnYaI9g
ClnYk5CO5AwQ10kwVNGOSwFkzqt/y5Z1avJOmzTzk9UDFanFLI1OQqpljALV7Tba
nvMvTtCdjotaJtZvgRZtmdEvDBY8boSo0EzWDTvcMk2FfwmErm1mUlIWTBh7dSsD
+6eASiaB8ImLp8H6ikwF3VzIcPG8YZQ04eS43J/2Uy94bZrYRUtyjX2YfZeo/wE0
3gn8O+SU/6uiFW91wTUX5rHrrRsm7afzXYCCEe7OlUsfcsup7wYTpPs2sh/H/5xj
runbIPpbJL9+Hr5QwhyGUWGBuKxCd4o9p2qJeJYHRPizuiJitYHp0AFd4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ2ySZub4lRiLwsUtFGPkOOdDRjwMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvbmJKSm01dmlWR0l2Q3hTMFVZLVE0NTBOR1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIED
MA0GCSqGSIb3DQEBCwUAA4IBAQAkhtvN8yhkyKbxZduo3iIlfIneIiqI27yQ7eMK
Q/gt4dtkeio5k/+Yjbr2uDHB6XqGF3JH5Kt93aa8puXEA0Ac+ZIs9I5yx1fSSRRJ
jPQGrYNZRaA6YN3buyc95HKkViTIJtdznUSJjhGlZbVePIQwCS0sSs22QO5FG6jJ
l2A4xxzncdOYhrmY9Ad8wvWYy2AmTKBdbjKyy7mV/DkvwDvW6ZBKjamHcFY5uGKb
Sj5fYmNaxvEqtHXXWrusCBdcXk25tgC0gD2+sOn1f/lzTNKGzfBZz/ViYvf4Nb/8
Wde+IjXMNXn2htrOeuvHKESB2UgTs/g4ByUM5xLCSIdRYmp/
-----END CERTIFICATE-----