Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pvqZKglovHrPJInf_XbPttGBaUc.roa
File:                     pvqZKglovHrPJInf_XbPttGBaUc.roa (raw, json)
Hash identifier:          Kkp3dvMJOAzFEtwH5mUuAgonVYrBmzMwC9JcZr1Oo4k=
Subject key identifier:   A6:FA:99:2A:09:68:BC:7A:CF:24:89:DF:FD:76:CF:B6:D1:81:69:47
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8EEA31877BAEF22437A839913AA95
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pvqZKglovHrPJInf_XbPttGBaUc.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211760
IP address blocks:        2a0c:9a40:8c10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ee:a3:18:77:ba:ef:22:43:7a:83:99:13:aa:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6fa992a0968bc7acf2489dffd76cfb6d1816947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:43:e6:45:72:74:74:60:84:62:80:50:27:05:
                    97:b5:99:ef:81:6d:db:1c:ff:ac:e1:bf:a3:8b:ff:
                    99:5d:b4:03:5d:8d:08:4a:f1:c8:f9:a9:c5:68:05:
                    36:81:d5:0a:22:e3:d8:2c:28:4b:72:2b:5c:3b:7d:
                    86:8e:c9:eb:91:c4:1d:ee:eb:dd:06:01:cd:c5:53:
                    d3:17:59:60:5f:26:f4:3c:78:59:59:e6:6e:80:43:
                    df:4c:90:12:42:30:63:7d:07:44:35:0c:21:2d:52:
                    a5:dd:8f:a7:52:9d:d2:d8:d9:a9:aa:9d:32:f0:e8:
                    a5:10:88:bb:f3:58:32:d6:d6:52:ba:ac:84:32:80:
                    b6:5c:43:3f:38:c3:74:ad:1f:d8:9a:30:f8:de:33:
                    81:9d:fd:34:85:1e:01:84:d9:fe:31:79:33:65:3b:
                    cb:a7:f4:cb:22:07:11:09:d2:29:85:29:c3:be:2d:
                    f6:82:b7:09:d9:2c:b5:2e:37:21:09:95:df:76:7b:
                    7b:c3:54:84:83:94:78:65:85:09:0d:f6:43:13:40:
                    1f:bf:06:ea:97:a1:fa:ce:79:a8:d1:15:d1:54:4e:
                    b7:c2:b7:f6:f2:7b:1d:9f:d6:62:a9:6c:0e:66:91:
                    88:0e:d4:45:89:2e:16:0b:55:4f:28:34:6c:fc:2f:
                    62:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:FA:99:2A:09:68:BC:7A:CF:24:89:DF:FD:76:CF:B6:D1:81:69:47
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pvqZKglovHrPJInf_XbPttGBaUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8c10::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:98:d6:a1:a5:af:16:88:9a:2d:9d:be:d6:6b:26:3a:de:61:
         f7:57:05:b8:73:de:ca:86:fa:04:4f:54:4b:ea:1a:2a:17:57:
         51:76:df:08:1c:f6:3e:79:c1:0f:b9:c9:ba:7d:46:a8:3e:f4:
         23:7e:e7:b4:e5:47:f7:c2:16:68:b2:5d:fb:e5:ea:c9:b4:c2:
         5c:a1:fa:fb:76:a6:4b:15:fa:37:dd:7c:09:20:3d:6f:34:e3:
         fe:b5:c8:05:f6:25:36:86:8a:f4:51:89:8d:e3:fd:a2:c9:19:
         74:fc:99:81:ac:6a:24:d4:be:04:55:72:65:54:09:84:38:35:
         7d:69:7e:aa:f6:f3:4d:82:c6:76:0b:08:bf:4f:f0:20:1f:00:
         2a:4f:5c:33:d9:ef:b0:78:c6:b5:46:5c:72:98:b0:d3:9b:d6:
         0e:93:42:e3:60:ff:43:ae:df:30:ca:4d:2d:c0:f8:00:48:2f:
         5e:4e:c5:a9:ca:a8:40:a1:6d:fe:6f:db:c5:0f:9b:b2:e1:01:
         61:db:0b:6e:f0:40:d7:29:80:9f:fb:81:f8:aa:f0:b8:0c:48:
         54:42:1c:03:93:5d:b5:e1:c2:4d:0a:02:1d:bc:03:2f:0e:f3:
         c9:d5:4e:fa:76:bb:50:89:c4:94:66:c9:3d:de:3c:66:8e:4b:
         41:6f:f9:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuO6jGHe67yJDeoOZE6qVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmZhOTkyYTA5NjhiYzdhY2YyNDg5ZGZmZDc2Y2ZiNmQxODE2OTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0PmRXJ0dGCEYoBQJwWXtZnvgW3b
HP+s4b+ji/+ZXbQDXY0ISvHI+anFaAU2gdUKIuPYLChLcitcO32GjsnrkcQd7uvd
BgHNxVPTF1lgXyb0PHhZWeZugEPfTJASQjBjfQdENQwhLVKl3Y+nUp3S2Nmpqp0y
8OilEIi781gy1tZSuqyEMoC2XEM/OMN0rR/YmjD43jOBnf00hR4BhNn+MXkzZTvL
p/TLIgcRCdIphSnDvi32grcJ2Sy1LjchCZXfdnt7w1SEg5R4ZYUJDfZDE0Afvwbq
l6H6znmo0RXRVE63wrf28nsdn9ZiqWwOZpGIDtRFiS4WC1VPKDRs/C9igQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKb6mSoJaLx6zySJ3/12z7bRgWlHMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvcHZxWktnbG92SHJQSkluZl9YYlB0dEdCYVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIwQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBmmNahpa8WiJotnb7WayY63mH3VwW4c97KhvoE
T1RL6hoqF1dRdt8IHPY+ecEPucm6fUaoPvQjfue05Uf3whZosl375erJtMJcofr7
dqZLFfo33XwJID1vNOP+tcgF9iU2hor0UYmN4/2iyRl0/JmBrGok1L4EVXJlVAmE
ODV9aX6q9vNNgsZ2Cwi/T/AgHwAqT1wz2e+weMa1RlxymLDTm9YOk0LjYP9Drt8w
yk0twPgASC9eTsWpyqhAoW3+b9vFD5uy4QFh2wtu8EDXKYCf+4H4qvC4DEhUQhwD
k1214cJNCgIdvAMvDvPJ1U76drtQicSUZsk93jxmjktBb/kB
-----END CERTIFICATE-----