Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/RhnX9l6LCXraLG1JaiSIdFa96Xo.roa
File:                     RhnX9l6LCXraLG1JaiSIdFa96Xo.roa (raw, json)
Hash identifier:          JY6VD1O5mjMQReBUFqj034GaJp/0V7F4dBfOHOiZ7vE=
Subject key identifier:   46:19:D7:F6:5E:8B:09:7A:DA:2C:6D:49:6A:24:88:74:56:BD:E9:7A
Certificate issuer:       /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial:       018F061F0ACD1B917C2EFA62021BBDC2114D
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/RhnX9l6LCXraLG1JaiSIdFa96Xo.roa
Signing time:             Mon 22 Apr 2024 14:04:08 +0000
ROA not before:           Mon 22 Apr 2024 14:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35196
IP address blocks:        2a09:3901::/32 maxlen: 32
                          2a09:3907::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:1f:0a:cd:1b:91:7c:2e:fa:62:02:1b:bd:c2:11:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
        Validity
            Not Before: Apr 22 14:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4619d7f65e8b097ada2c6d496a24887456bde97a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cd:8a:10:64:8d:9d:26:9c:9b:ff:89:4d:27:
                    a1:17:48:ff:4c:b7:95:bf:8a:fa:e1:dc:eb:68:7a:
                    54:7d:8b:4a:cf:89:05:d4:4e:1a:85:a9:b7:cc:bb:
                    39:31:c1:39:29:fd:7a:30:f1:a0:5c:68:75:4f:3c:
                    aa:3a:23:4b:42:03:d2:cd:b7:5e:ee:f9:b0:28:b0:
                    4a:76:64:09:01:a3:e9:52:d9:49:49:00:ae:6c:9e:
                    fa:03:9a:f5:8d:df:8c:62:94:6b:a3:39:bb:07:18:
                    aa:9d:47:93:0f:69:04:3c:75:14:31:03:fb:1b:65:
                    af:90:23:d4:af:ad:ec:3e:e6:1d:a7:bf:09:ec:f4:
                    e2:73:65:ed:e2:7f:bc:46:3e:09:a6:76:e6:a0:68:
                    aa:de:2b:f1:1e:dc:12:76:84:32:ee:e4:97:11:3c:
                    ea:4f:11:56:e0:6d:a8:d9:9d:7b:90:09:b8:c9:b7:
                    4f:27:99:ac:e6:83:c2:41:9e:cb:12:6b:bc:b7:b7:
                    f2:e3:07:4e:df:98:c5:db:8f:ec:4e:62:d8:27:4e:
                    68:68:ae:00:a1:d9:48:84:58:ab:4b:38:cd:a5:ef:
                    53:ac:65:74:15:6e:ec:f8:43:85:43:01:9b:60:65:
                    ed:84:62:82:e1:ad:97:1e:5b:a0:54:fa:c2:57:bf:
                    73:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:19:D7:F6:5E:8B:09:7A:DA:2C:6D:49:6A:24:88:74:56:BD:E9:7A
            X509v3 Authority Key Identifier:
                keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/RhnX9l6LCXraLG1JaiSIdFa96Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3901::/32
                  2a09:3907::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:d3:81:5a:7d:c5:17:9c:9b:a3:b6:2e:1b:28:aa:fe:d8:ec:
         4f:4d:38:a6:44:11:e9:02:bf:76:3e:a1:0f:eb:f7:12:d1:02:
         0a:ba:ff:0c:bf:88:78:c3:42:ed:55:98:07:e0:e2:85:e2:36:
         6a:c2:ab:a2:00:50:5c:25:18:43:74:6c:67:81:70:c2:d3:cc:
         88:93:d9:22:74:03:63:fc:da:ce:41:52:fb:0e:58:0f:23:2e:
         a5:ac:bb:43:2f:bf:96:72:fd:06:4b:69:9d:88:eb:47:44:31:
         63:bf:0d:13:11:b3:44:57:66:d8:4d:a5:10:ff:ec:33:3b:26:
         80:9c:58:cf:85:9f:1f:5a:61:04:4e:8e:52:65:01:58:e4:54:
         af:4c:e2:d7:50:8c:5a:6b:c6:df:a3:ab:1c:ae:ba:4a:44:d0:
         49:5b:e4:ce:5e:a7:30:12:05:4b:f6:91:e0:df:87:97:24:34:
         04:55:9b:21:49:80:1a:5a:7e:d2:bc:2e:6a:77:67:7f:60:7e:
         0f:34:52:48:85:1c:3c:0b:0f:e4:a3:0b:d0:08:c5:9f:d2:d8:
         33:4b:23:67:ac:4a:f7:39:fb:d5:1f:d1:29:0d:49:5d:17:82:
         37:20:71:03:ec:0c:35:7e:a9:a4:11:4e:dc:98:f0:1f:d1:d2:
         cf:f2:b2:ea
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8GHwrNG5F8LvpiAhu9whFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjQwNDIyMTQwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjE5ZDdmNjVlOGIwOTdhZGEyYzZkNDk2YTI0ODg3NDU2YmRlOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws2KEGSNnSacm/+JTSehF0j/TLeV
v4r64dzraHpUfYtKz4kF1E4aham3zLs5McE5Kf16MPGgXGh1TzyqOiNLQgPSzbde
7vmwKLBKdmQJAaPpUtlJSQCubJ76A5r1jd+MYpRrozm7BxiqnUeTD2kEPHUUMQP7
G2WvkCPUr63sPuYdp78J7PTic2Xt4n+8Rj4JpnbmoGiq3ivxHtwSdoQy7uSXETzq
TxFW4G2o2Z17kAm4ybdPJ5ms5oPCQZ7LEmu8t7fy4wdO35jF24/sTmLYJ05oaK4A
odlIhFirSzjNpe9TrGV0FW7s+EOFQwGbYGXthGKC4a2XHlugVPrCV79zuQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEYZ1/Zeiwl62ixtSWokiHRWvel6MB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEvUmhuWDlsNkxDWHJhTEcxSmFpU0lkRmE5NlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgk5AQMF
ACoJOQcwDQYJKoZIhvcNAQELBQADggEBAFDTgVp9xRecm6O2Lhsoqv7Y7E9NOKZE
EekCv3Y+oQ/r9xLRAgq6/wy/iHjDQu1VmAfg4oXiNmrCq6IAUFwlGEN0bGeBcMLT
zIiT2SJ0A2P82s5BUvsOWA8jLqWsu0Mvv5Zy/QZLaZ2I60dEMWO/DRMRs0RXZthN
pRD/7DM7JoCcWM+Fnx9aYQROjlJlAVjkVK9M4tdQjFprxt+jqxyuukpE0Elb5M5e
pzASBUv2keDfh5ckNARVmyFJgBpaftK8Lmp3Z39gfg80UkiFHDwLD+SjC9AIxZ/S
2DNLI2esSvc5+9Uf0SkNSV0XgjcgcQPsDDV+qaQRTtyY8B/R0s/ysuo=
-----END CERTIFICATE-----