Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/s2Vo55fj1B7NaY6SnbngfvowNEo.roa
File:                     s2Vo55fj1B7NaY6SnbngfvowNEo.roa (raw, json)
Hash identifier:          cy+VTnGaJSxhctYApYrCGNaUV3B7P2w5U6JcWMGSAT0=
Subject key identifier:   B3:65:68:E7:97:E3:D4:1E:CD:69:8E:92:9D:B9:E0:7E:FA:30:34:4A
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D217A77C0D82CCD41D796E3FD889
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/s2Vo55fj1B7NaY6SnbngfvowNEo.roa
Signing time:             Mon 01 Jan 2024 20:30:50 +0000
ROA not before:           Mon 01 Jan 2024 20:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13830
IP address blocks:        2a0c:9a40:8084::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d2:17:a7:7c:0d:82:cc:d4:1d:79:6e:3f:d8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b36568e797e3d41ecd698e929db9e07efa30344a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5b:2d:ac:ec:a5:95:6f:5f:5a:78:e6:6b:6e:
                    4b:22:67:3a:ae:7d:4f:2e:57:f2:96:93:a9:c7:60:
                    29:81:a6:c2:6d:37:e9:b3:a4:cd:80:d1:72:a0:7c:
                    4a:a2:29:cd:e0:0f:4c:78:34:d6:cc:8a:c1:eb:3a:
                    a1:b2:85:49:b9:54:70:60:2d:98:23:a2:ea:aa:fc:
                    08:9a:47:cd:f2:5c:fd:ef:e7:a3:76:2c:88:8b:d0:
                    e2:18:1a:93:35:d1:7a:ca:9f:c5:1c:56:65:9f:cf:
                    a9:1d:e6:d0:fa:86:b8:fd:24:9d:48:d4:88:2b:54:
                    57:3e:db:8d:06:76:f2:41:97:83:66:7a:e1:8b:79:
                    6c:21:1e:b7:4c:15:ed:6a:c4:2b:a9:a2:a5:a9:a7:
                    f4:7f:58:2a:d5:2d:3f:81:90:2b:07:e3:b8:85:fd:
                    2e:a2:c1:2b:f2:49:8d:d6:2c:9d:b9:ee:06:1c:62:
                    5b:17:01:1b:d3:46:39:aa:cb:30:0e:0f:b9:8d:ef:
                    b7:64:d2:21:87:f5:7a:3b:44:ed:45:45:b8:c5:0b:
                    3f:09:34:7f:88:c2:91:5d:21:3b:0c:54:ec:db:00:
                    62:84:5f:4f:a6:b9:eb:33:ce:77:be:c3:7b:34:4e:
                    63:26:6c:42:41:5b:1c:15:44:55:09:8b:a3:d9:f3:
                    1e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:65:68:E7:97:E3:D4:1E:CD:69:8E:92:9D:B9:E0:7E:FA:30:34:4A
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/s2Vo55fj1B7NaY6SnbngfvowNEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8084::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:d5:92:57:6f:f4:50:fe:c4:02:b1:f4:96:36:59:58:53:fc:
         eb:d8:2f:5c:d3:63:cc:71:a9:5f:d8:00:4f:4f:a2:cc:b8:5e:
         c3:b6:83:04:05:3d:69:a4:7e:2b:39:a6:de:9e:0f:e5:2b:04:
         81:36:3e:5b:ea:0b:bd:4f:93:b2:b1:2a:d0:de:7d:dd:85:86:
         4c:31:26:31:d7:34:72:ce:44:ae:bb:52:0d:40:a3:d0:09:54:
         de:81:85:df:5e:01:a0:9d:92:c0:4b:d5:f0:cf:dd:cc:50:56:
         d0:bf:21:31:1b:52:77:58:88:9a:5a:6c:6b:33:bf:ad:6d:b9:
         d3:51:cb:d0:cd:ab:70:4e:a2:9f:f0:5e:4a:6a:c5:45:c4:44:
         18:ca:44:fd:df:42:9d:5d:a7:c8:88:83:fa:f8:d5:2d:35:a1:
         e2:9c:ea:02:47:9d:bc:e3:e2:f1:22:aa:1c:67:7d:45:a0:eb:
         d7:01:9d:e4:dd:51:69:b2:74:26:21:05:68:5a:1b:f5:17:2c:
         6e:f5:13:e6:b3:6b:e6:b4:f2:cc:ed:00:fd:0f:a1:bd:77:bd:
         bb:0b:75:b2:c9:2e:3c:e3:4d:ca:93:5a:ad:95:9b:c7:bb:68:
         44:c2:62:e6:e6:aa:fc:16:33:eb:80:a7:42:c7:0d:0d:93:05:
         2b:e8:77:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNIXp3wNgszUHXluP9iJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzY1NjhlNzk3ZTNkNDFlY2Q2OThlOTI5ZGI5ZTA3ZWZhMzAzNDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlstrOyllW9fWnjma25LImc6rn1P
LlfylpOpx2ApgabCbTfps6TNgNFyoHxKoinN4A9MeDTWzIrB6zqhsoVJuVRwYC2Y
I6LqqvwImkfN8lz97+ejdiyIi9DiGBqTNdF6yp/FHFZln8+pHebQ+oa4/SSdSNSI
K1RXPtuNBnbyQZeDZnrhi3lsIR63TBXtasQrqaKlqaf0f1gq1S0/gZArB+O4hf0u
osEr8kmN1iydue4GHGJbFwEb00Y5qsswDg+5je+3ZNIhh/V6O0TtRUW4xQs/CTR/
iMKRXSE7DFTs2wBihF9PprnrM853vsN7NE5jJmxCQVscFURVCYuj2fMe7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLNlaOeX49QezWmOkp254H76MDRKMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvczJWbzU1ZmoxQjdOYVk2U25ibmdmdm93TkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQICE
MA0GCSqGSIb3DQEBCwUAA4IBAQAN1ZJXb/RQ/sQCsfSWNllYU/zr2C9c02PMcalf
2ABPT6LMuF7DtoMEBT1ppH4rOabeng/lKwSBNj5b6gu9T5OysSrQ3n3dhYZMMSYx
1zRyzkSuu1INQKPQCVTegYXfXgGgnZLAS9Xwz93MUFbQvyExG1J3WIiaWmxrM7+t
bbnTUcvQzatwTqKf8F5KasVFxEQYykT930KdXafIiIP6+NUtNaHinOoCR5284+Lx
IqocZ31FoOvXAZ3k3VFpsnQmIQVoWhv1Fyxu9RPms2vmtPLM7QD9D6G9d727C3Wy
yS48403Kk1qtlZvHu2hEwmLm5qr8FjPrgKdCxw0NkwUr6He8
-----END CERTIFICATE-----