Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/rLJ0uxNc71G9aBddk_5jApWD-Nw.roa
File:                     rLJ0uxNc71G9aBddk_5jApWD-Nw.roa (raw, json)
Hash identifier:          0rlxqQMrTt2W733rRtQNOUaqaR8YKZBrlxXRbfA152c=
Subject key identifier:   AC:B2:74:BB:13:5C:EF:51:BD:68:17:5D:93:FE:63:02:95:83:F8:DC
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E22B200FEFE8172BB4CB4FB23C65
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/rLJ0uxNc71G9aBddk_5jApWD-Nw.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199925
IP address blocks:        2a0c:9a40:9800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e2:2b:20:0f:ef:e8:17:2b:b4:cb:4f:b2:3c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acb274bb135cef51bd68175d93fe63029583f8dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6f:ff:9d:ff:c5:6c:c0:65:8f:fe:e0:9f:51:
                    88:5e:f0:fc:48:c8:c7:8c:1b:ce:d7:5d:b2:06:ca:
                    cb:19:42:5e:b6:e0:53:6d:6d:d0:ac:31:ff:12:9b:
                    dd:9b:20:41:43:b0:68:66:b7:26:fb:e9:7e:72:d6:
                    c1:b2:af:75:e7:e6:a9:b6:1e:6a:8a:c5:a8:c6:e3:
                    67:10:48:f6:62:5f:7b:e9:fb:57:11:85:ec:0a:e3:
                    66:1a:7a:05:6d:89:c9:97:b8:23:18:be:8f:c2:21:
                    bc:ca:ad:18:5a:9e:ab:06:a1:08:5e:66:c2:17:e1:
                    29:62:23:c9:c0:1d:aa:42:77:77:ca:3f:d3:99:be:
                    a0:c1:35:a0:a4:04:1b:ec:28:ca:df:17:bb:26:db:
                    71:7f:27:cc:30:b9:21:1a:b9:97:9c:65:85:ca:02:
                    3f:45:a2:09:85:f2:77:ce:0e:24:8d:6c:e3:c1:19:
                    d3:5b:9c:67:a3:95:b2:6e:01:1e:89:31:ea:62:ae:
                    cf:b9:84:38:44:fd:b0:0e:57:5d:00:52:bf:3a:9b:
                    c9:77:09:52:eb:c6:ad:e6:fd:2a:0a:25:bd:31:79:
                    c4:8c:a3:45:5e:18:5e:0e:4e:59:53:55:09:0e:38:
                    e3:cf:e4:74:a9:5b:fd:55:a8:f4:02:4d:06:91:d3:
                    73:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:B2:74:BB:13:5C:EF:51:BD:68:17:5D:93:FE:63:02:95:83:F8:DC
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/rLJ0uxNc71G9aBddk_5jApWD-Nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:9800::/40

    Signature Algorithm: sha256WithRSAEncryption
         6c:02:1c:31:0d:40:b2:cc:52:ac:cb:ce:42:83:bb:a9:f8:ec:
         b9:e7:84:1a:90:a3:d7:5b:c1:75:2e:18:a5:85:6c:7f:ec:54:
         14:92:62:7d:2f:9d:02:c8:34:63:c8:25:77:ea:0b:d9:8a:00:
         62:0d:ef:1a:3a:1c:a8:b9:e6:56:9b:64:09:e6:e4:e8:cf:d4:
         4d:c0:5b:10:d9:41:a6:aa:e2:f6:03:e7:6c:49:2c:37:d2:c6:
         fb:1e:4e:fa:87:3f:43:c5:78:a3:88:0a:af:7f:02:73:fc:73:
         57:b7:c6:bf:2e:f3:3a:9b:43:47:8e:d9:cb:92:99:b3:42:30:
         66:af:e7:da:91:65:d3:c5:31:dc:0a:0a:d7:96:06:ec:95:2d:
         db:74:90:5d:33:41:46:9c:93:2a:ce:a6:d5:fd:f3:d7:16:83:
         f6:96:aa:eb:f2:0a:13:e9:45:8d:e7:40:9b:27:a1:b2:b7:69:
         53:e8:57:b8:05:29:b3:cf:6e:e6:90:13:1a:e3:3a:e0:89:59:
         b3:01:3d:6e:8b:85:72:c3:70:04:b1:16:05:67:44:81:16:81:
         3b:2d:d5:92:0d:d9:50:29:2c:44:eb:d4:e9:bb:19:55:11:ee:
         78:a9:40:37:68:61:c4:19:3a:d2:21:3d:c9:6d:ee:c1:94:6b:
         05:b1:05:7d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuOIrIA/v6BcrtMtPsjxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2IyNzRiYjEzNWNlZjUxYmQ2ODE3NWQ5M2ZlNjMwMjk1ODNmOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjm//nf/FbMBlj/7gn1GIXvD8SMjH
jBvO112yBsrLGUJetuBTbW3QrDH/EpvdmyBBQ7BoZrcm++l+ctbBsq915+apth5q
isWoxuNnEEj2Yl976ftXEYXsCuNmGnoFbYnJl7gjGL6PwiG8yq0YWp6rBqEIXmbC
F+EpYiPJwB2qQnd3yj/Tmb6gwTWgpAQb7CjK3xe7JttxfyfMMLkhGrmXnGWFygI/
RaIJhfJ3zg4kjWzjwRnTW5xno5WybgEeiTHqYq7PuYQ4RP2wDlddAFK/OpvJdwlS
68at5v0qCiW9MXnEjKNFXhheDk5ZU1UJDjjjz+R0qVv9Vaj0Ak0GkdNzaQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKyydLsTXO9RvWgXXZP+YwKVg/jcMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvckxKMHV4TmM3MUc5YUJkZGtfNWpBcFdELU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQJgw
DQYJKoZIhvcNAQELBQADggEBAGwCHDENQLLMUqzLzkKDu6n47LnnhBqQo9dbwXUu
GKWFbH/sVBSSYn0vnQLINGPIJXfqC9mKAGIN7xo6HKi55labZAnm5OjP1E3AWxDZ
Qaaq4vYD52xJLDfSxvseTvqHP0PFeKOICq9/AnP8c1e3xr8u8zqbQ0eO2cuSmbNC
MGav59qRZdPFMdwKCteWBuyVLdt0kF0zQUackyrOptX989cWg/aWquvyChPpRY3n
QJsnobK3aVPoV7gFKbPPbuaQExrjOuCJWbMBPW6LhXLDcASxFgVnRIEWgTst1ZIN
2VApLETr1Om7GVUR7nipQDdoYcQZOtIhPclt7sGUawWxBX0=
-----END CERTIFICATE-----