Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tPfAPw_4r4xfyapnXYpvfDUU9Fw.roa
File:                     tPfAPw_4r4xfyapnXYpvfDUU9Fw.roa (raw, json)
Hash identifier:          DUUVQsYOpYhuPfkBGKV1CX6SX1iwvvw1YgKfGwwMLfk=
Subject key identifier:   B4:F7:C0:3F:0F:F8:AF:8C:5F:C9:AA:67:5D:8A:6F:7C:35:14:F4:5C
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E3AB4732E49190875D96B0D17DD2
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tPfAPw_4r4xfyapnXYpvfDUU9Fw.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201325
IP address blocks:        2a0c:9a40:82b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 06:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e3:ab:47:32:e4:91:90:87:5d:96:b0:d1:7d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4f7c03f0ff8af8c5fc9aa675d8a6f7c3514f45c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c2:8a:c3:fb:b5:0b:8e:b1:78:a4:1a:19:80:
                    0f:94:44:f7:45:f1:1e:2f:e1:03:4f:1b:49:00:66:
                    9a:8d:19:a0:f7:2c:cc:05:80:b0:14:65:22:e5:2e:
                    bc:7d:69:18:90:c6:2a:c3:ff:fd:77:8b:e4:70:d7:
                    d0:90:8e:f7:27:30:b6:84:7e:73:5c:4b:92:59:9a:
                    8c:4a:31:63:26:23:11:62:13:11:a2:63:2b:6a:fa:
                    80:e4:90:4f:30:9a:34:7d:f5:1e:e4:54:93:1e:26:
                    17:eb:82:64:fc:33:99:3d:8e:e7:86:eb:12:9d:a5:
                    bb:fb:2c:31:ac:67:75:68:2e:21:45:a3:a8:b0:2d:
                    49:ae:da:c6:07:33:47:f8:90:ce:59:3f:72:25:e7:
                    7f:22:c8:0e:b9:71:8e:4e:6c:a9:bb:68:91:fc:df:
                    33:b9:94:59:68:2a:3e:11:c3:5b:c3:1c:30:b6:e9:
                    6a:19:aa:79:0f:14:43:74:d9:36:3d:c3:4e:24:d0:
                    79:96:f7:27:87:3a:8a:06:a4:36:d3:88:1e:30:1b:
                    c4:6a:4a:4d:26:6e:83:ab:aa:3b:3f:12:4e:85:fa:
                    13:4d:14:a1:94:91:70:69:af:7d:50:5e:ab:37:3f:
                    fe:9f:6f:1b:f2:9b:77:66:9c:8b:2c:36:9b:34:a8:
                    a7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F7:C0:3F:0F:F8:AF:8C:5F:C9:AA:67:5D:8A:6F:7C:35:14:F4:5C
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tPfAPw_4r4xfyapnXYpvfDUU9Fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:82b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:a6:53:33:09:30:bb:d1:99:fe:fb:9d:f9:f4:1b:cf:a1:ab:
         f5:d6:22:d9:8f:4a:53:e0:31:92:4f:dc:e3:59:82:22:0c:46:
         13:a4:4d:4f:87:a3:d3:6b:e1:7e:2d:cc:5f:35:c0:7c:a4:ef:
         c4:9c:76:a5:df:8e:2a:83:96:40:e1:82:72:a3:05:a0:d7:2c:
         82:e4:e1:74:26:f3:76:eb:50:42:d6:24:c8:38:76:28:c3:a0:
         dd:59:c7:0c:9a:df:aa:49:43:d5:f3:ae:7e:ce:19:b2:52:46:
         f4:3d:a7:5b:77:de:5a:5f:b2:81:ce:23:6c:55:60:13:d7:b7:
         32:fd:7f:95:80:ee:84:4d:3a:04:41:48:a5:f0:36:6e:98:c9:
         5d:03:ce:f0:f4:96:31:5f:4f:8c:ff:1f:36:a2:4a:a4:c0:1b:
         e7:e9:52:e2:37:a8:c0:bc:69:b9:09:f8:be:3b:07:f1:d0:a5:
         7c:37:c8:0e:52:2b:43:c3:ad:d1:23:41:56:56:7f:1d:c6:7f:
         1c:58:9e:f0:dc:87:7c:9b:ae:83:53:f7:43:2d:90:6b:bb:a0:
         d1:17:d1:80:42:f6:d9:73:53:4c:ec:72:54:6a:3e:50:b2:00:
         42:e6:7c:1f:3a:c2:10:67:22:ce:8e:27:cc:1b:90:a6:8b:8b:
         29:ba:aa:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOOrRzLkkZCHXZaw0X3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGY3YzAzZjBmZjhhZjhjNWZjOWFhNjc1ZDhhNmY3YzM1MTRmNDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcKKw/u1C46xeKQaGYAPlET3RfEe
L+EDTxtJAGaajRmg9yzMBYCwFGUi5S68fWkYkMYqw//9d4vkcNfQkI73JzC2hH5z
XEuSWZqMSjFjJiMRYhMRomMravqA5JBPMJo0ffUe5FSTHiYX64Jk/DOZPY7nhusS
naW7+ywxrGd1aC4hRaOosC1JrtrGBzNH+JDOWT9yJed/IsgOuXGOTmypu2iR/N8z
uZRZaCo+EcNbwxwwtulqGap5DxRDdNk2PcNOJNB5lvcnhzqKBqQ204geMBvEakpN
Jm6Dq6o7PxJOhfoTTRShlJFwaa99UF6rNz/+n28b8pt3ZpyLLDabNKinrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLT3wD8P+K+MX8mqZ12Kb3w1FPRcMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdFBmQVB3XzRyNHhmeWFwblhZcHZmRFVVOUZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIKw
MA0GCSqGSIb3DQEBCwUAA4IBAQBQplMzCTC70Zn++5359BvPoav11iLZj0pT4DGS
T9zjWYIiDEYTpE1Ph6PTa+F+LcxfNcB8pO/EnHal344qg5ZA4YJyowWg1yyC5OF0
JvN261BC1iTIOHYow6DdWccMmt+qSUPV865+zhmyUkb0Padbd95aX7KBziNsVWAT
17cy/X+VgO6ETToEQUil8DZumMldA87w9JYxX0+M/x82okqkwBvn6VLiN6jAvGm5
Cfi+Owfx0KV8N8gOUitDw63RI0FWVn8dxn8cWJ7w3Id8m66DU/dDLZBru6DRF9GA
QvbZc1NM7HJUaj5QsgBC5nwfOsIQZyLOjifMG5Cmi4spuqpI
-----END CERTIFICATE-----