Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/tCCbrqQBdlwSpOxQccx96JU-DJs.roa
File:                     tCCbrqQBdlwSpOxQccx96JU-DJs.roa (raw, json)
Hash identifier:          xoDvqRKJHYDos50gfLA3fktrdmJW7Lu9AB3bEQctghw=
Subject key identifier:   B4:20:9B:AE:A4:01:76:5C:12:A4:EC:50:71:CC:7D:E8:95:3E:0C:9B
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD5CCDC33A83AE1AF036E91CDD7B1
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/tCCbrqQBdlwSpOxQccx96JU-DJs.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42116
IP address blocks:        2a02:2698:4400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d5:cc:dc:33:a8:3a:e1:af:03:6e:91:cd:d7:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4209baea401765c12a4ec5071cc7de8953e0c9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:34:fb:ab:fd:65:9c:e2:73:72:ef:4e:c0:90:
                    57:65:5c:ce:78:c3:3e:7f:26:f1:c4:f5:c7:2a:89:
                    c0:9e:89:96:4a:59:12:64:62:1e:a0:0f:54:81:a5:
                    3a:47:79:96:f3:c9:60:0d:22:13:74:c3:e3:e8:e1:
                    7f:2f:d1:db:b0:d9:1c:69:6d:ba:6c:48:4b:9c:3c:
                    83:41:5c:6f:13:ea:a6:e3:43:ba:81:04:89:a2:7a:
                    db:f9:2c:49:fd:92:4d:04:e4:37:54:19:6b:49:c8:
                    6e:ca:44:4f:0a:67:be:98:84:5f:3c:c6:46:27:79:
                    07:7c:99:11:d3:de:75:b8:2b:c0:63:e4:ba:41:94:
                    f4:49:6f:cc:6f:48:70:00:12:88:ac:48:57:e9:cd:
                    7e:83:5d:52:e6:6a:b2:36:ef:57:27:1b:23:06:59:
                    86:ee:00:b3:95:60:7c:e0:fc:c5:27:cb:a2:8b:d9:
                    6d:18:ca:80:f0:ab:e2:91:b4:cf:77:2b:61:49:73:
                    da:5e:cf:f0:e0:42:98:d2:73:5b:99:14:ab:5d:3f:
                    aa:7b:65:3e:06:d4:91:60:0a:05:18:37:38:23:44:
                    cc:76:cb:d7:d7:13:c2:d7:91:17:1f:c3:3d:7a:41:
                    fd:5c:0d:c6:fb:f1:f5:43:dd:e0:77:b8:ee:b6:2b:
                    c7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:20:9B:AE:A4:01:76:5C:12:A4:EC:50:71:CC:7D:E8:95:3E:0C:9B
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/tCCbrqQBdlwSpOxQccx96JU-DJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:4400::/38

    Signature Algorithm: sha256WithRSAEncryption
         9d:ca:62:c4:95:81:56:5d:3b:86:c2:89:e4:fa:6c:e6:4f:9b:
         71:e0:c8:1f:fe:72:12:8f:ca:71:29:e1:aa:49:a0:11:ae:51:
         56:d2:f1:af:be:df:f4:01:f6:21:8b:02:5f:34:8c:f3:3f:72:
         c2:bb:61:d5:92:c5:bc:60:15:d3:c4:75:85:16:48:29:77:b0:
         29:e5:8a:58:f5:df:ee:a4:71:1f:6a:42:2b:e4:19:5f:70:f3:
         6e:52:93:8f:48:bc:08:df:96:f4:4d:22:42:95:37:df:5c:f0:
         9f:58:a1:68:44:8d:cf:94:d6:9e:f9:32:98:06:7b:f2:74:16:
         03:da:93:0b:b2:ed:5c:b5:5a:9a:28:b9:5e:e7:27:7c:ba:cb:
         4d:71:b2:bf:0a:3a:b7:37:87:08:6f:92:eb:6a:4b:d4:88:6e:
         c8:4e:c3:da:a3:c4:8f:07:91:c6:ea:1a:2f:4f:12:01:3a:3b:
         8a:a0:61:ea:4d:3d:dd:9d:e2:85:e6:30:4a:2b:59:84:b8:86:
         6d:8c:46:75:68:8c:a9:a2:6c:0d:d1:db:2d:02:81:2c:a2:af:
         40:54:e2:3c:26:f2:f3:31:e9:8a:64:90:ad:7b:03:e5:20:65:
         a6:b3:85:4d:a0:ae:c4:90:cb:1c:ee:e4:44:5b:3b:61:67:bd:
         1f:ef:9f:1d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNXM3DOoOuGvA26RzdexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDIwOWJhZWE0MDE3NjVjMTJhNGVjNTA3MWNjN2RlODk1M2UwYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTT7q/1lnOJzcu9OwJBXZVzOeMM+
fybxxPXHKonAnomWSlkSZGIeoA9UgaU6R3mW88lgDSITdMPj6OF/L9HbsNkcaW26
bEhLnDyDQVxvE+qm40O6gQSJonrb+SxJ/ZJNBOQ3VBlrSchuykRPCme+mIRfPMZG
J3kHfJkR0951uCvAY+S6QZT0SW/Mb0hwABKIrEhX6c1+g11S5mqyNu9XJxsjBlmG
7gCzlWB84PzFJ8uii9ltGMqA8KvikbTPdythSXPaXs/w4EKY0nNbmRSrXT+qe2U+
BtSRYAoFGDc4I0TMdsvX1xPC15EXH8M9ekH9XA3G+/H1Q93gd7jutivH8wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLQgm66kAXZcEqTsUHHMfeiVPgybMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvdENDYnJxUUJkbHdTcE94UWNjeDk2SlUtREpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmEQw
DQYJKoZIhvcNAQELBQADggEBAJ3KYsSVgVZdO4bCieT6bOZPm3HgyB/+chKPynEp
4apJoBGuUVbS8a++3/QB9iGLAl80jPM/csK7YdWSxbxgFdPEdYUWSCl3sCnlilj1
3+6kcR9qQivkGV9w825Sk49IvAjflvRNIkKVN99c8J9YoWhEjc+U1p75MpgGe/J0
FgPakwuy7Vy1WpoouV7nJ3y6y01xsr8KOrc3hwhvkutqS9SIbshOw9qjxI8Hkcbq
Gi9PEgE6O4qgYepNPd2d4oXmMEorWYS4hm2MRnVojKmibA3R2y0CgSyir0BU4jwm
8vMx6YpkkK17A+UgZaazhU2grsSQyxzu5ERbO2FnvR/vnx0=
-----END CERTIFICATE-----