Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tKiXIeOqahCjR0ZBryIsW9qkUHU.roa
File:                     tKiXIeOqahCjR0ZBryIsW9qkUHU.roa (raw, json)
Hash identifier:          oXDfcWwozazjx2OoVu2+0MqhETgvFjoDLha8uvM1fqQ=
Subject key identifier:   B4:A8:97:21:E3:AA:6A:10:A3:47:46:41:AF:22:2C:5B:DA:A4:50:75
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E74E8BA32273F9BECAB656205DE3
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tKiXIeOqahCjR0ZBryIsW9qkUHU.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205088
IP address blocks:        2a0c:9a40:8220::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e7:4e:8b:a3:22:73:f9:be:ca:b6:56:20:5d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4a89721e3aa6a10a3474641af222c5bdaa45075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e6:e4:5d:85:0c:d7:2e:ad:8e:4e:48:c4:47:
                    5d:d2:2a:c5:f3:2e:db:70:3a:87:b2:af:e9:85:68:
                    ca:32:a4:88:d0:15:b2:ff:42:e3:e0:d6:86:d3:1c:
                    f9:c4:81:fd:9c:04:13:d1:34:bc:2d:b3:f7:af:82:
                    6f:d6:84:8c:eb:c8:1a:43:80:bd:e9:4b:41:88:b6:
                    3a:93:d2:33:55:ab:60:19:dd:05:f4:2a:98:24:90:
                    43:31:e3:1e:46:09:73:19:80:82:12:37:88:5d:93:
                    4d:a2:b0:a2:1a:32:f3:b5:19:23:51:35:43:89:49:
                    02:3c:37:55:04:e5:c2:f2:03:84:86:28:cc:c6:c8:
                    14:25:1e:0c:6f:99:7b:34:9c:e9:79:7d:bc:28:5e:
                    b0:52:42:0d:95:f7:d7:4e:66:24:68:7e:d6:bc:86:
                    64:bf:ee:fa:ab:a3:56:75:5d:1e:cd:ed:f2:d4:f9:
                    64:ea:72:e5:8d:b6:71:85:e5:d6:65:c5:26:8d:ee:
                    03:97:98:88:83:ed:c4:0d:1a:49:f9:2e:81:59:c0:
                    3b:45:d0:20:9b:32:81:19:c9:3a:22:89:f4:b5:68:
                    ec:47:c9:94:76:79:7f:ef:6d:a3:89:e1:b8:49:d9:
                    eb:1c:9f:f8:21:7e:5c:bd:52:27:44:cc:d5:9c:a0:
                    f9:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A8:97:21:E3:AA:6A:10:A3:47:46:41:AF:22:2C:5B:DA:A4:50:75
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tKiXIeOqahCjR0ZBryIsW9qkUHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8220::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:f1:f2:f8:d7:56:11:13:7b:39:1d:16:d4:13:5a:2b:1f:5d:
         5d:cd:63:99:ad:c6:6f:26:e1:a6:55:b0:37:e1:e0:5c:ac:7e:
         b1:de:89:e5:45:7b:be:2a:bc:bf:dd:9d:44:fd:45:56:11:4f:
         c8:46:34:90:ea:89:0b:5c:50:42:05:90:dc:90:63:f9:7b:cf:
         45:ea:9f:90:d3:5b:66:ce:4b:12:5d:d6:7e:eb:89:2d:16:18:
         c1:1d:19:98:02:1f:0d:d9:f6:ac:f2:14:06:a2:df:6a:60:2a:
         54:bc:c1:fa:3e:f1:f9:b1:eb:34:73:ae:37:2c:67:1b:11:6c:
         b2:9a:95:61:61:a5:9f:29:33:80:85:3f:9d:f7:ef:f2:f8:35:
         cd:d6:6c:f2:5a:83:85:4c:ad:6d:6e:f3:cb:71:4d:51:80:2e:
         04:61:66:d7:84:4e:49:01:a5:9f:f4:24:b4:21:f4:64:fe:0f:
         c9:22:ad:0d:48:d3:fe:40:9b:4d:b9:c9:39:8a:c6:15:5f:cc:
         45:85:2e:b9:31:a8:bc:97:85:68:b8:77:9b:ff:bf:25:82:97:
         57:38:36:90:ba:cd:f3:b5:de:fe:89:ff:f8:33:79:57:c8:56:
         39:c8:38:f7:e4:d5:71:70:b1:16:0c:f3:d2:3c:93:0d:3b:26:
         b2:3a:ac:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOdOi6Mic/m+yrZWIF3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE4OTcyMWUzYWE2YTEwYTM0NzQ2NDFhZjIyMmM1YmRhYTQ1MDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApObkXYUM1y6tjk5IxEdd0irF8y7b
cDqHsq/phWjKMqSI0BWy/0Lj4NaG0xz5xIH9nAQT0TS8LbP3r4Jv1oSM68gaQ4C9
6UtBiLY6k9IzVatgGd0F9CqYJJBDMeMeRglzGYCCEjeIXZNNorCiGjLztRkjUTVD
iUkCPDdVBOXC8gOEhijMxsgUJR4Mb5l7NJzpeX28KF6wUkINlffXTmYkaH7WvIZk
v+76q6NWdV0eze3y1Plk6nLljbZxheXWZcUmje4Dl5iIg+3EDRpJ+S6BWcA7RdAg
mzKBGck6Ion0tWjsR8mUdnl/722jieG4SdnrHJ/4IX5cvVInRMzVnKD5aQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLSolyHjqmoQo0dGQa8iLFvapFB1MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdEtpWEllT3FhaENqUjBaQnJ5SXNXOXFrVUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIIg
MA0GCSqGSIb3DQEBCwUAA4IBAQAr8fL411YRE3s5HRbUE1orH11dzWOZrcZvJuGm
VbA34eBcrH6x3onlRXu+Kry/3Z1E/UVWEU/IRjSQ6okLXFBCBZDckGP5e89F6p+Q
01tmzksSXdZ+64ktFhjBHRmYAh8N2fas8hQGot9qYCpUvMH6PvH5ses0c643LGcb
EWyympVhYaWfKTOAhT+d9+/y+DXN1mzyWoOFTK1tbvPLcU1RgC4EYWbXhE5JAaWf
9CS0IfRk/g/JIq0NSNP+QJtNuck5isYVX8xFhS65Mai8l4VouHeb/78lgpdXODaQ
us3ztd7+if/4M3lXyFY5yDj35NVxcLEWDPPSPJMNOyayOqz+
-----END CERTIFICATE-----