Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/uF1jsuriIYbh5vcaVGeXr4PG3q8.roa
File:                     uF1jsuriIYbh5vcaVGeXr4PG3q8.roa (raw, json)
Hash identifier:          4nMoUKhTq8uHcYcAyqtR7+6VdDJauT/0N9+OZuKgL+4=
Subject key identifier:   B8:5D:63:B2:EA:E2:21:86:E1:E6:F7:1A:54:67:97:AF:83:C6:DE:AF
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E6A5B017AD724FC8AAA960E64BDA
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/uF1jsuriIYbh5vcaVGeXr4PG3q8.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203333
IP address blocks:        2a0c:9a40:8340::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 00:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e6:a5:b0:17:ad:72:4f:c8:aa:a9:60:e6:4b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b85d63b2eae22186e1e6f71a546797af83c6deaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:91:01:86:26:95:3c:cb:ca:a0:34:dd:31:fd:
                    bd:8c:11:fc:86:37:ee:34:b7:da:c7:b8:01:cd:c5:
                    fe:aa:14:15:04:22:38:b0:d5:5c:e0:cc:6d:39:75:
                    e2:8d:cd:19:bd:28:de:7d:c3:e6:5d:69:84:9e:e8:
                    38:64:c6:01:3a:f6:ac:8e:56:31:3e:2c:65:06:0e:
                    ee:34:cf:72:ff:ee:20:22:f4:42:4c:77:e9:a1:ac:
                    ae:da:09:45:27:f5:7c:8f:02:2a:f9:f8:f8:b4:31:
                    53:a2:bc:71:a0:b1:3c:c8:35:a0:82:0a:9d:25:ea:
                    3d:0a:f0:3e:f9:0a:dc:05:23:69:f0:e4:d7:d0:42:
                    bc:a9:59:7b:3f:e0:ee:fd:8f:db:96:07:b7:b4:6f:
                    f5:af:2c:1a:ab:02:70:4c:54:7b:1e:8b:17:96:7a:
                    6d:57:2a:7b:31:9f:d7:c4:37:31:77:23:cf:cc:36:
                    9d:4a:18:65:69:5e:c8:34:c3:cb:b8:97:90:86:d8:
                    78:a0:4c:20:64:f0:0d:1e:7d:36:03:4b:45:d8:c0:
                    7a:d9:78:af:23:c9:34:0a:77:cb:49:fc:05:74:0d:
                    97:14:bf:7c:02:69:56:c9:7d:10:a2:1b:86:a8:d7:
                    17:09:86:fd:5f:85:5f:20:d5:5d:99:21:40:0e:0c:
                    6a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:5D:63:B2:EA:E2:21:86:E1:E6:F7:1A:54:67:97:AF:83:C6:DE:AF
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/uF1jsuriIYbh5vcaVGeXr4PG3q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8340::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:fb:58:a1:2a:ba:8a:33:98:69:fc:a1:d2:cc:01:83:4e:36:
         84:94:ae:c1:db:ba:d4:8c:6b:d0:71:15:bf:f4:2c:44:c4:38:
         89:40:02:c4:4a:0d:09:a1:8a:de:7e:44:2f:55:49:8a:ae:19:
         e3:e8:e1:1b:ee:54:9b:55:fe:7b:d3:21:15:ae:35:68:76:25:
         ac:d1:36:ea:57:97:ea:10:3d:62:d0:c8:f3:7f:95:a8:d7:dd:
         57:04:49:c8:55:1e:3d:71:89:49:70:3b:3b:d3:f0:95:56:98:
         92:86:fa:ff:da:88:a9:98:af:dd:1b:2c:a2:d6:55:77:9e:1d:
         0a:3b:4f:7d:e6:c8:80:a7:5c:38:23:8b:1d:f5:9b:bb:26:ec:
         bc:78:fb:6e:5a:e3:30:72:20:9b:2d:21:87:be:67:c9:79:6e:
         24:7a:5c:17:0b:21:5e:09:c5:df:38:ac:2d:a8:c7:60:39:b6:
         24:a7:82:d7:58:b1:54:f5:58:e9:5c:60:cc:15:aa:10:e3:f5:
         7c:ed:75:e0:ae:ee:01:6c:79:20:06:34:ff:36:85:e5:df:73:
         0c:fd:f4:40:c4:47:9a:62:68:cf:c6:d3:a7:bd:3a:4a:49:98:
         49:a6:bc:9c:cd:53:df:4e:4e:37:e0:13:83:9c:3c:f1:7f:38:
         3c:26:bb:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOalsBetck/Iqqlg5kvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODVkNjNiMmVhZTIyMTg2ZTFlNmY3MWE1NDY3OTdhZjgzYzZkZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZEBhiaVPMvKoDTdMf29jBH8hjfu
NLfax7gBzcX+qhQVBCI4sNVc4MxtOXXijc0ZvSjefcPmXWmEnug4ZMYBOvasjlYx
PixlBg7uNM9y/+4gIvRCTHfpoayu2glFJ/V8jwIq+fj4tDFTorxxoLE8yDWgggqd
Jeo9CvA++QrcBSNp8OTX0EK8qVl7P+Du/Y/blge3tG/1rywaqwJwTFR7HosXlnpt
Vyp7MZ/XxDcxdyPPzDadShhlaV7INMPLuJeQhth4oEwgZPANHn02A0tF2MB62Xiv
I8k0CnfLSfwFdA2XFL98AmlWyX0QohuGqNcXCYb9X4VfINVdmSFADgxqPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLhdY7Lq4iGG4eb3GlRnl6+Dxt6vMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdUYxanN1cmlJWWJoNXZjYVZHZVhyNFBHM3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQINA
MA0GCSqGSIb3DQEBCwUAA4IBAQBI+1ihKrqKM5hp/KHSzAGDTjaElK7B27rUjGvQ
cRW/9CxExDiJQALESg0JoYrefkQvVUmKrhnj6OEb7lSbVf570yEVrjVodiWs0Tbq
V5fqED1i0Mjzf5Wo191XBEnIVR49cYlJcDs70/CVVpiShvr/2oipmK/dGyyi1lV3
nh0KO0995siAp1w4I4sd9Zu7Juy8ePtuWuMwciCbLSGHvmfJeW4kelwXCyFeCcXf
OKwtqMdgObYkp4LXWLFU9VjpXGDMFaoQ4/V87XXgru4BbHkgBjT/NoXl33MM/fRA
xEeaYmjPxtOnvTpKSZhJpryczVPfTk434BODnDzxfzg8Jrt/
-----END CERTIFICATE-----