Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/rea_r99Ez4rIDLXeTzf7thDBM8E.roa
File:                     rea_r99Ez4rIDLXeTzf7thDBM8E.roa (raw, json)
Hash identifier:          rhvzHEvNsZGU50IliEiW89QuMC5idfOhGtVgwsJBnvQ=
Subject key identifier:   AD:E6:BF:AF:DF:44:CF:8A:C8:0C:B5:DE:4F:37:FB:B6:10:C1:33:C1
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E7276CB9B494AAEBA46882C7D29B
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/rea_r99Ez4rIDLXeTzf7thDBM8E.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204914
IP address blocks:        2a0c:9a40:8350::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 06:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e7:27:6c:b9:b4:94:aa:eb:a4:68:82:c7:d2:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ade6bfafdf44cf8ac80cb5de4f37fbb610c133c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:73:d0:09:7f:4d:27:e9:3e:36:ed:08:31:9e:
                    85:54:9e:9f:93:75:2d:22:96:99:55:93:00:5c:b1:
                    42:25:70:5f:e2:b8:e0:d6:60:aa:8d:25:7e:67:73:
                    50:ab:9f:cc:40:da:e6:ff:04:a9:de:9f:21:09:49:
                    49:a9:b8:ed:6a:1b:e3:b4:7b:e8:5b:48:1d:2c:4e:
                    5b:b7:a6:99:a5:a2:a6:5f:d5:2d:e6:b5:2b:93:5d:
                    6e:21:b7:f8:f7:b9:ab:b7:6c:68:a5:d7:09:ef:82:
                    8d:16:b7:10:9c:32:99:9e:d5:47:96:c7:a9:ac:29:
                    f1:f7:90:87:06:84:6c:30:fb:8e:70:52:68:6a:72:
                    9a:b5:11:42:b0:3f:86:7d:36:f8:e4:d2:df:7d:f9:
                    bb:f0:d5:11:57:f7:95:75:b6:2c:ab:06:e5:19:97:
                    04:cd:d1:2d:16:0d:68:21:e2:db:6c:0f:21:ff:3f:
                    82:93:e4:5c:5f:1e:0b:10:70:35:21:a1:96:be:f1:
                    df:d6:72:74:f1:d7:4a:47:d3:14:57:3e:d5:e3:4c:
                    5e:8c:78:e5:18:27:5b:ee:80:d5:9c:f2:2d:da:dc:
                    f9:5c:4e:7b:d8:4f:49:92:23:59:89:c8:4f:86:12:
                    af:cf:12:22:c2:da:49:3b:69:a6:dc:2b:19:93:b3:
                    09:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E6:BF:AF:DF:44:CF:8A:C8:0C:B5:DE:4F:37:FB:B6:10:C1:33:C1
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/rea_r99Ez4rIDLXeTzf7thDBM8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8350::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:51:cf:79:42:1c:fd:34:81:e3:29:12:b4:92:b7:4d:02:b9:
         c4:52:bf:7d:b8:4c:51:f5:50:93:9f:a6:62:5e:a4:f4:2c:bd:
         ab:35:7a:47:ce:16:7e:f2:96:84:c1:97:e1:3c:43:d7:83:ed:
         56:b2:83:1b:0a:85:9c:2b:ab:7e:25:73:04:d4:6c:c1:c9:60:
         86:32:a5:8d:03:a5:4e:82:62:f6:23:00:13:16:b4:e6:7c:5d:
         d5:8f:89:40:d0:06:45:65:c5:63:ee:fd:84:01:05:39:10:00:
         50:83:37:42:01:b5:48:2b:9b:17:17:a5:f0:64:fc:c0:e8:5a:
         0a:93:ad:79:f8:4f:5f:09:40:05:b4:9b:ff:d7:93:bc:7e:ea:
         1c:16:7d:48:98:e0:f6:13:4e:8c:1d:0f:57:f0:15:f9:91:07:
         74:eb:88:d2:5f:3e:20:43:fb:ea:be:f7:b4:f2:96:10:0c:c8:
         37:54:41:91:29:6d:21:8a:5e:1b:ab:84:96:65:ca:04:e9:91:
         5f:5f:e5:43:90:15:77:b7:e3:96:42:25:34:55:b5:36:6c:8d:
         51:63:82:fc:fb:eb:39:50:f0:2b:11:34:ac:00:81:76:54:ef:
         16:8d:44:5c:87:2e:ad:65:79:08:43:45:76:04:99:25:ee:f8:
         62:40:39:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOcnbLm0lKrrpGiCx9KbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGU2YmZhZmRmNDRjZjhhYzgwY2I1ZGU0ZjM3ZmJiNjEwYzEzM2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnPQCX9NJ+k+Nu0IMZ6FVJ6fk3Ut
IpaZVZMAXLFCJXBf4rjg1mCqjSV+Z3NQq5/MQNrm/wSp3p8hCUlJqbjtahvjtHvo
W0gdLE5bt6aZpaKmX9Ut5rUrk11uIbf497mrt2xopdcJ74KNFrcQnDKZntVHlsep
rCnx95CHBoRsMPuOcFJoanKatRFCsD+GfTb45NLfffm78NURV/eVdbYsqwblGZcE
zdEtFg1oIeLbbA8h/z+Ck+RcXx4LEHA1IaGWvvHf1nJ08ddKR9MUVz7V40xejHjl
GCdb7oDVnPIt2tz5XE572E9JkiNZichPhhKvzxIiwtpJO2mm3CsZk7MJGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK3mv6/fRM+KyAy13k83+7YQwTPBMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvcmVhX3I5OUV6NHJJRExYZVR6Zjd0aERCTThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQINQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCIUc95Qhz9NIHjKRK0krdNArnEUr99uExR9VCT
n6ZiXqT0LL2rNXpHzhZ+8paEwZfhPEPXg+1WsoMbCoWcK6t+JXME1GzByWCGMqWN
A6VOgmL2IwATFrTmfF3Vj4lA0AZFZcVj7v2EAQU5EABQgzdCAbVIK5sXF6XwZPzA
6FoKk615+E9fCUAFtJv/15O8fuocFn1ImOD2E06MHQ9X8BX5kQd064jSXz4gQ/vq
vve08pYQDMg3VEGRKW0hil4bq4SWZcoE6ZFfX+VDkBV3t+OWQiU0VbU2bI1RY4L8
++s5UPArETSsAIF2VO8WjURchy6tZXkIQ0V2BJkl7vhiQDmI
-----END CERTIFICATE-----