Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/b9qoDe71eKjNYfmVhHwPgmMz6n0.roa
File:                     b9qoDe71eKjNYfmVhHwPgmMz6n0.roa (raw, json)
Hash identifier:          8uMqQDAWAjsdTE517ZGKaH8q+ubs5frwYATjQ3HVxsk=
Subject key identifier:   6F:DA:A8:0D:EE:F5:78:A8:CD:61:F9:95:84:7C:0F:82:63:33:EA:7D
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCDE09E9FF5F0178DCED1EE28A5959
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/b9qoDe71eKjNYfmVhHwPgmMz6n0.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51604
IP address blocks:        2a02:2698:1800::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:de:09:e9:ff:5f:01:78:dc:ed:1e:e2:8a:59:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fdaa80deef578a8cd61f995847c0f826333ea7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a9:70:b6:14:74:96:9e:92:32:61:15:65:da:
                    3c:d5:1b:46:23:b3:4b:be:5e:81:90:12:e1:f1:ef:
                    e6:d9:fc:19:e1:ef:4f:9b:eb:53:26:a8:94:d0:87:
                    05:f0:2c:c4:f0:57:ab:1c:62:28:13:66:da:94:86:
                    5f:33:ed:1e:63:cf:09:3e:16:b0:79:de:b2:c7:87:
                    07:f1:b9:b3:b7:c2:a1:1d:d5:77:f2:a9:4a:8b:a4:
                    94:c8:23:47:b9:25:5b:14:15:5a:ab:df:61:9e:8d:
                    a9:07:93:de:bb:f8:9a:48:3a:cb:5d:10:5b:df:3b:
                    5b:32:94:fa:48:db:aa:23:b8:dd:f5:de:97:d4:05:
                    cb:83:39:e0:14:f8:8e:76:b1:de:ac:eb:30:da:62:
                    01:21:42:ab:92:3e:00:bb:ab:5c:11:9b:a1:a4:4d:
                    68:7d:44:fa:80:37:8a:ab:f3:ff:2f:fa:c0:dc:a7:
                    cc:c2:1c:3c:40:76:97:a1:79:68:27:06:ce:b4:f8:
                    a9:ca:72:0a:23:1b:c2:76:1e:f2:9c:78:d4:7e:78:
                    92:5a:bf:69:d7:46:a4:af:b0:d8:c8:ce:54:0c:4f:
                    d4:7b:cd:e3:24:a1:1d:43:8a:29:d6:2f:2a:13:69:
                    31:0e:ad:08:65:7c:da:3e:fd:5a:03:d3:87:3e:02:
                    da:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:DA:A8:0D:EE:F5:78:A8:CD:61:F9:95:84:7C:0F:82:63:33:EA:7D
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/b9qoDe71eKjNYfmVhHwPgmMz6n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:1800::/38

    Signature Algorithm: sha256WithRSAEncryption
         cb:54:ce:4c:2e:ca:c4:dd:ae:e3:7c:2d:ec:9a:15:0d:22:2d:
         81:2c:45:17:40:b2:e8:ab:ca:49:77:84:f5:ce:c1:6e:ef:01:
         97:1e:b9:90:fc:4a:bf:04:62:c8:54:6a:d2:8c:9e:1e:d8:6c:
         68:5a:18:4e:d1:be:96:3d:e6:bb:67:47:cc:fd:3c:9d:1b:f4:
         8e:da:3a:f0:02:01:83:8b:e7:05:07:09:53:3d:1c:d2:f4:fd:
         c1:80:fa:e5:8e:d6:9c:d3:63:96:f8:20:20:7b:a3:ae:d2:f4:
         92:95:2c:59:8e:a7:23:20:e5:3b:d7:aa:61:ee:39:7a:b8:ca:
         04:ec:70:e6:7a:b1:88:14:0c:42:34:0d:45:39:b6:39:80:b9:
         d9:ea:86:94:31:88:b0:03:5c:d5:42:e2:a6:3d:4c:4c:11:48:
         5b:df:eb:5c:15:f3:dc:f7:25:08:5d:d0:e6:cc:2e:c6:05:7a:
         ac:05:11:2a:fa:f3:dc:55:d4:a0:6e:68:35:63:81:e1:b6:d2:
         2a:11:84:18:d1:88:4a:09:af:21:01:09:cf:8f:74:99:29:7f:
         15:3e:28:79:51:1a:2f:01:ce:c6:e1:f5:75:e2:c2:ac:a3:ee:
         20:cd:76:4e:7c:49:83:6a:1e:6a:9d:c1:73:cb:5a:c2:ed:89:
         06:98:9c:fb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvN4J6f9fAXjc7R7iillZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmRhYTgwZGVlZjU3OGE4Y2Q2MWY5OTU4NDdjMGY4MjYzMzNlYTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6lwthR0lp6SMmEVZdo81RtGI7NL
vl6BkBLh8e/m2fwZ4e9Pm+tTJqiU0IcF8CzE8FerHGIoE2balIZfM+0eY88JPhaw
ed6yx4cH8bmzt8KhHdV38qlKi6SUyCNHuSVbFBVaq99hno2pB5Peu/iaSDrLXRBb
3ztbMpT6SNuqI7jd9d6X1AXLgzngFPiOdrHerOsw2mIBIUKrkj4Au6tcEZuhpE1o
fUT6gDeKq/P/L/rA3KfMwhw8QHaXoXloJwbOtPipynIKIxvCdh7ynHjUfniSWr9p
10akr7DYyM5UDE/Ue83jJKEdQ4op1i8qE2kxDq0IZXzaPv1aA9OHPgLaxQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG/aqA3u9XiozWH5lYR8D4JjM+p9MB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvYjlxb0RlNzFlS2pOWWZtVmhId1BnbU16Nm4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmBgw
DQYJKoZIhvcNAQELBQADggEBAMtUzkwuysTdruN8LeyaFQ0iLYEsRRdAsuirykl3
hPXOwW7vAZceuZD8Sr8EYshUatKMnh7YbGhaGE7RvpY95rtnR8z9PJ0b9I7aOvAC
AYOL5wUHCVM9HNL0/cGA+uWO1pzTY5b4ICB7o67S9JKVLFmOpyMg5TvXqmHuOXq4
ygTscOZ6sYgUDEI0DUU5tjmAudnqhpQxiLADXNVC4qY9TEwRSFvf61wV89z3JQhd
0ObMLsYFeqwFESr689xV1KBuaDVjgeG20ioRhBjRiEoJryEBCc+PdJkpfxU+KHlR
Gi8Bzsbh9XXiwqyj7iDNdk58SYNqHmqdwXPLWsLtiQaYnPs=
-----END CERTIFICATE-----