Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/xwaf04rgRKIpUtYJuW7BwcO8Vd0.roa
File:                     xwaf04rgRKIpUtYJuW7BwcO8Vd0.roa (raw, json)
Hash identifier:          jG4I0UTxwke6h0owihtKZl4cxnJh+8jazkbjLHrDtK4=
Subject key identifier:   C7:06:9F:D3:8A:E0:44:A2:29:52:D6:09:B9:6E:C1:C1:C3:BC:55:DD
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8F04D67FA3733165ABB8571136451
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/xwaf04rgRKIpUtYJuW7BwcO8Vd0.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212983
IP address blocks:        2a0c:9a40:8180::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f0:4d:67:fa:37:33:16:5a:bb:85:71:13:64:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7069fd38ae044a22952d609b96ec1c1c3bc55dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e6:25:00:d0:37:e3:01:60:37:2c:8d:36:b7:
                    7a:11:ed:71:80:aa:09:2d:be:49:ef:a0:01:02:f7:
                    45:2e:cd:50:d9:2d:d1:2f:4d:2f:85:f4:ed:fe:e8:
                    58:f7:6a:8e:0e:2b:c4:65:fe:ce:7b:be:75:3f:18:
                    3d:fe:42:8f:3a:f2:5f:15:41:7f:6e:db:92:43:d2:
                    72:65:c1:03:00:57:b9:92:dc:36:dc:1d:68:1b:40:
                    8b:1f:bd:a5:89:11:69:51:8f:33:15:10:13:40:2b:
                    77:8c:3b:05:0f:37:97:62:e4:4f:ae:73:84:a6:7d:
                    7a:92:bc:d6:6d:1f:0d:ae:a7:ca:ba:7c:8d:64:cc:
                    d9:b4:0b:4c:25:2f:71:1d:6f:a7:09:06:0d:9e:20:
                    31:ff:4a:5e:3d:84:f9:9f:a8:6b:b6:68:aa:7f:f3:
                    d5:91:1e:d0:47:bb:1b:13:dc:61:b3:dd:c0:a1:20:
                    fb:c8:ce:c2:32:ed:2d:b8:98:97:16:dc:a1:08:b8:
                    fa:9d:a9:c2:e6:fb:fe:1d:25:a9:e4:bc:13:46:87:
                    df:19:bb:ed:da:3c:47:00:ae:82:df:8b:1d:e2:5c:
                    a1:02:99:9e:73:77:36:ab:42:d4:92:4f:2d:53:06:
                    b6:19:6e:36:c9:f7:7e:ab:34:94:5b:f1:3b:cc:18:
                    1d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:06:9F:D3:8A:E0:44:A2:29:52:D6:09:B9:6E:C1:C1:C3:BC:55:DD
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/xwaf04rgRKIpUtYJuW7BwcO8Vd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8180::/48

    Signature Algorithm: sha256WithRSAEncryption
         bb:8e:47:31:13:f9:1f:c8:8c:bb:1b:7e:d4:91:56:17:2a:e1:
         4f:0c:35:2e:7a:e1:9e:02:31:62:6c:c0:30:65:05:69:21:cf:
         4d:70:c0:91:8c:c0:d5:e4:8e:eb:60:05:32:74:ef:5c:01:e6:
         6c:59:d5:da:65:11:02:11:59:4a:95:80:d1:1a:e1:1d:79:e3:
         15:94:f6:da:6f:cd:e6:3d:c9:00:fe:4a:94:41:d3:f1:60:de:
         ae:4d:78:1a:9b:a1:21:cc:86:b4:93:24:72:46:78:3a:b5:b1:
         01:95:1e:f2:5b:61:dc:c3:44:e3:a3:46:69:40:f5:84:9d:7a:
         54:a0:ef:ba:72:1c:f0:d8:4b:60:02:c7:d6:f7:3f:63:4c:f6:
         4f:00:1b:37:b2:02:6b:12:b5:f8:ae:97:c6:de:d5:b7:b6:e9:
         c8:41:41:65:12:c3:05:59:a7:10:6e:80:26:58:26:59:72:2b:
         f4:8b:ac:e5:16:b0:6e:d5:bd:af:83:98:3c:40:1b:04:e7:47:
         8d:40:a0:dd:66:b1:d3:09:99:43:1f:a6:c1:dc:ba:77:12:e3:
         ad:cd:8b:c6:89:db:8f:f9:12:9a:69:b8:10:12:43:04:e9:70:
         ba:33:82:5c:ae:ab:ff:e5:40:2d:fa:a1:a3:7d:09:bb:71:d3:
         e6:74:65:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuPBNZ/o3MxZau4VxE2RRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzA2OWZkMzhhZTA0NGEyMjk1MmQ2MDliOTZlYzFjMWMzYmM1NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheYlANA34wFgNyyNNrd6Ee1xgKoJ
Lb5J76ABAvdFLs1Q2S3RL00vhfTt/uhY92qODivEZf7Oe751Pxg9/kKPOvJfFUF/
btuSQ9JyZcEDAFe5ktw23B1oG0CLH72liRFpUY8zFRATQCt3jDsFDzeXYuRPrnOE
pn16krzWbR8NrqfKunyNZMzZtAtMJS9xHW+nCQYNniAx/0pePYT5n6hrtmiqf/PV
kR7QR7sbE9xhs93AoSD7yM7CMu0tuJiXFtyhCLj6nanC5vv+HSWp5LwTRoffGbvt
2jxHAK6C34sd4lyhApmec3c2q0LUkk8tUwa2GW42yfd+qzSUW/E7zBgduwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMcGn9OK4ESiKVLWCbluwcHDvFXdMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEveHdhZjA0cmdSS0lwVXRZSnVXN0J3Y084VmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIGA
MA0GCSqGSIb3DQEBCwUAA4IBAQC7jkcxE/kfyIy7G37UkVYXKuFPDDUueuGeAjFi
bMAwZQVpIc9NcMCRjMDV5I7rYAUydO9cAeZsWdXaZRECEVlKlYDRGuEdeeMVlPba
b83mPckA/kqUQdPxYN6uTXgam6EhzIa0kyRyRng6tbEBlR7yW2Hcw0Tjo0ZpQPWE
nXpUoO+6chzw2EtgAsfW9z9jTPZPABs3sgJrErX4rpfG3tW3tunIQUFlEsMFWacQ
boAmWCZZciv0i6zlFrBu1b2vg5g8QBsE50eNQKDdZrHTCZlDH6bB3Lp3EuOtzYvG
iduP+RKaabgQEkME6XC6M4Jcrqv/5UAt+qGjfQm7cdPmdGWN
-----END CERTIFICATE-----