Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/qzRoT_mQeQEQCi3-INmoE-WdvpE.roa
File:                     qzRoT_mQeQEQCi3-INmoE-WdvpE.roa (raw, json)
Hash identifier:          sZPdwXdPA/HWuMQ3a+wKhK4JlyMU5QgRNmeHZeRleOA=
Subject key identifier:   AB:34:68:4F:F9:90:79:01:10:0A:2D:FE:20:D9:A8:13:E5:9D:BE:91
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E7F602DF0300ACCA54404CA6B2DB
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/qzRoT_mQeQEQCi3-INmoE-WdvpE.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206292
IP address blocks:        2a0c:9a40:8a10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e7:f6:02:df:03:00:ac:ca:54:40:4c:a6:b2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab34684ff9907901100a2dfe20d9a813e59dbe91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7d:ff:41:4e:ed:89:c7:5d:8f:5b:aa:68:33:
                    d4:ba:37:f0:37:18:28:a9:a7:6e:87:43:98:bc:d0:
                    be:ff:3e:3c:9f:c7:4f:2c:97:00:cc:29:c5:db:97:
                    3e:8c:4e:76:22:c7:5e:8e:24:76:52:43:02:6a:44:
                    17:23:48:98:6d:b3:dd:c3:e7:ef:d2:13:a7:40:22:
                    a7:10:b7:a0:57:5b:c3:2d:f1:d6:6a:2d:34:b0:2b:
                    43:de:c0:96:d4:40:7d:4b:f5:fc:d3:71:8b:7d:2b:
                    a9:47:97:d2:68:ea:e7:ab:92:fa:33:71:2d:79:ee:
                    3a:c4:f5:80:c3:c1:5f:c2:b0:90:0b:11:6d:ff:4a:
                    eb:f9:f4:fd:c0:3a:af:83:a3:32:51:74:bb:77:1a:
                    ad:9d:59:49:99:21:54:c2:05:d5:94:2a:0e:b7:35:
                    89:8a:fc:f0:51:e1:4e:8c:46:07:0f:fe:a8:38:49:
                    80:30:63:0f:6b:88:37:79:59:4e:96:32:c6:1f:99:
                    c6:06:87:c4:fd:c9:f7:03:9b:dd:ed:c1:a3:65:a0:
                    95:15:c8:5e:24:70:5e:26:e7:b4:f9:e7:3e:af:d0:
                    f8:3b:51:4a:0f:cd:c0:f9:85:b4:80:6c:2a:4c:d5:
                    93:af:84:70:91:ad:6a:64:05:86:8e:6c:87:4c:7f:
                    21:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:34:68:4F:F9:90:79:01:10:0A:2D:FE:20:D9:A8:13:E5:9D:BE:91
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/qzRoT_mQeQEQCi3-INmoE-WdvpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8a10::/44

    Signature Algorithm: sha256WithRSAEncryption
         63:9a:17:cf:b9:88:73:ce:ba:a5:10:80:45:ba:98:e8:42:79:
         03:50:fb:4f:bb:fd:24:0d:10:71:e1:5b:3e:ce:92:e8:73:ec:
         1e:ba:fe:d5:0b:84:97:2f:7d:46:50:d7:1d:b6:b6:b0:7f:2b:
         09:78:96:72:81:10:1d:8a:ea:a7:eb:52:02:bd:77:9a:f2:77:
         a4:90:51:fb:d4:f1:c5:09:21:36:9a:77:b2:24:a1:7d:33:23:
         51:37:f0:e5:dc:77:ab:81:46:b8:60:6f:1a:a4:1d:86:53:42:
         78:96:74:b0:d7:bc:75:b1:c2:9c:24:8d:a8:06:d8:24:55:b4:
         c0:df:80:58:a1:09:c7:01:a2:c7:3f:47:06:61:bb:f4:3f:33:
         98:73:88:72:84:a1:6a:c1:19:00:f2:6a:de:74:84:af:48:52:
         48:bb:ce:48:64:b2:a3:83:8c:47:66:ea:28:68:3a:b9:04:0c:
         22:cd:49:32:12:fd:b0:d8:b9:7c:62:02:dc:29:be:58:79:2d:
         cc:64:96:9f:37:50:5f:11:4f:61:b8:90:09:99:0c:ee:c1:6c:
         93:e0:ec:a7:23:b4:2a:55:8d:38:6d:11:2b:17:bc:1e:a3:2c:
         e3:b4:68:ed:a3:0f:4b:90:23:45:3e:72:7f:70:a7:40:bd:ee:
         83:3d:17:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOf2At8DAKzKVEBMprLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjM0Njg0ZmY5OTA3OTAxMTAwYTJkZmUyMGQ5YTgxM2U1OWRiZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH3/QU7ticddj1uqaDPUujfwNxgo
qaduh0OYvNC+/z48n8dPLJcAzCnF25c+jE52IsdejiR2UkMCakQXI0iYbbPdw+fv
0hOnQCKnELegV1vDLfHWai00sCtD3sCW1EB9S/X803GLfSupR5fSaOrnq5L6M3Et
ee46xPWAw8FfwrCQCxFt/0rr+fT9wDqvg6MyUXS7dxqtnVlJmSFUwgXVlCoOtzWJ
ivzwUeFOjEYHD/6oOEmAMGMPa4g3eVlOljLGH5nGBofE/cn3A5vd7cGjZaCVFche
JHBeJue0+ec+r9D4O1FKD83A+YW0gGwqTNWTr4Rwka1qZAWGjmyHTH8hfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKs0aE/5kHkBEAot/iDZqBPlnb6RMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvcXpSb1RfbVFlUUVRQ2kzLUlObW9FLVdkdnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBjmhfPuYhzzrqlEIBFupjoQnkDUPtPu/0kDRBx
4Vs+zpLoc+weuv7VC4SXL31GUNcdtrawfysJeJZygRAdiuqn61ICvXea8nekkFH7
1PHFCSE2mneyJKF9MyNRN/Dl3HergUa4YG8apB2GU0J4lnSw17x1scKcJI2oBtgk
VbTA34BYoQnHAaLHP0cGYbv0PzOYc4hyhKFqwRkA8mredISvSFJIu85IZLKjg4xH
ZuooaDq5BAwizUkyEv2w2Ll8YgLcKb5YeS3MZJafN1BfEU9huJAJmQzuwWyT4Oyn
I7QqVY04bRErF7weoyzjtGjtow9LkCNFPnJ/cKdAve6DPRdR
-----END CERTIFICATE-----