Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/iNI2ujDjs0N9CZ-xmu7XALxNWfQ.roa
File:                     iNI2ujDjs0N9CZ-xmu7XALxNWfQ.roa (raw, json)
Hash identifier:          yQiGRQ+Nu9qUMG/pK08kul6xp4GGqElCgVaHihMzmVs=
Subject key identifier:   88:D2:36:BA:30:E3:B3:43:7D:09:9F:B1:9A:EE:D7:00:BC:4D:59:F4
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E9582850958E622E2776044937CD0
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/iNI2ujDjs0N9CZ-xmu7XALxNWfQ.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141180
IP address blocks:        2a02:e0:3138::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:95:82:85:09:58:e6:22:e2:77:60:44:93:7c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88d236ba30e3b3437d099fb19aeed700bc4d59f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:13:23:c4:2c:7b:5e:d7:c5:ef:56:09:99:c1:
                    37:79:e6:0e:a0:22:2d:74:84:65:1c:51:56:61:62:
                    b3:cf:be:b7:bc:4b:bf:54:db:3b:28:61:59:90:fc:
                    99:57:63:64:7d:c8:5c:ea:b1:ce:de:13:07:ba:f7:
                    79:dc:6b:13:cf:17:4d:30:a7:e7:8f:d6:5c:8b:05:
                    8f:8d:05:32:c9:b3:b0:79:36:1e:aa:e7:95:0e:a5:
                    ec:cd:e6:f4:58:89:eb:fc:86:0c:14:71:10:d0:1b:
                    a4:03:29:80:08:86:3b:49:30:3f:a3:9b:71:f8:ed:
                    af:35:65:b4:db:68:97:b5:3b:63:dc:fb:7d:a4:a5:
                    c7:4e:d2:b5:79:a0:eb:1e:af:b9:b3:c7:3c:18:8d:
                    aa:6a:b4:9e:61:d8:49:0f:3a:85:17:53:23:15:a2:
                    ec:22:a5:9f:8f:f2:8e:1c:12:4e:13:f7:63:71:cc:
                    5e:75:e3:17:83:fc:8f:50:66:1d:ec:4c:f1:f8:fb:
                    dd:89:49:41:ee:cc:0a:a3:19:c7:13:d4:ea:f6:34:
                    30:01:b0:c0:b6:dd:44:04:16:54:7b:b6:6e:d8:4e:
                    d1:88:11:dd:42:f3:b2:8f:b4:4e:9c:c3:5a:4b:6b:
                    e1:8e:20:f4:64:b3:73:9e:8b:60:79:a9:45:b2:64:
                    1b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D2:36:BA:30:E3:B3:43:7D:09:9F:B1:9A:EE:D7:00:BC:4D:59:F4
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/iNI2ujDjs0N9CZ-xmu7XALxNWfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e0:3138::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:e0:fe:3b:3a:33:40:6b:05:56:30:ee:2b:52:3a:1c:5f:a1:
         41:05:f7:7d:e7:91:70:3c:30:1a:b6:ce:ee:c4:76:29:dc:01:
         33:43:d3:69:44:e1:4d:95:47:0d:51:54:63:bb:10:a1:cf:35:
         17:57:02:60:3b:d3:7e:2b:75:bd:d8:08:de:a2:d4:02:66:5c:
         51:a1:9d:ed:c7:da:06:28:e0:09:86:85:be:a4:35:6b:b5:5e:
         a5:ea:cc:64:fa:ce:bb:b6:b5:da:f0:54:32:60:0b:bf:a0:a4:
         71:a2:38:ed:90:b5:6d:67:ad:be:92:52:7e:ca:c7:0f:a6:fd:
         f1:d6:d6:c4:06:2b:cd:22:2f:c7:ef:b6:71:09:59:af:3a:d9:
         ac:51:c5:1e:fb:95:9c:5f:db:d3:4c:f1:5b:1c:2a:71:b1:83:
         f2:c4:67:40:3e:9b:80:0d:51:18:3c:77:ce:df:64:1d:f2:af:
         e9:5a:41:08:36:de:34:cb:b3:42:27:11:5a:43:89:fb:8d:ee:
         7c:83:c6:7c:86:b6:78:fc:e4:39:e6:c4:9c:c7:46:df:31:9c:
         7b:42:b0:70:d6:4d:cf:cf:3e:69:9f:bc:4c:9a:54:2a:80:77:
         84:8c:d0:71:08:f1:fd:97:82:a3:04:dd:04:e9:8e:4d:b3:f2:
         d8:5b:2b:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbpWChQlY5iLid2BEk3zQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQyMzZiYTMwZTNiMzQzN2QwOTlmYjE5YWVlZDcwMGJjNGQ1OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshMjxCx7XtfF71YJmcE3eeYOoCIt
dIRlHFFWYWKzz763vEu/VNs7KGFZkPyZV2Nkfchc6rHO3hMHuvd53GsTzxdNMKfn
j9ZciwWPjQUyybOweTYequeVDqXszeb0WInr/IYMFHEQ0BukAymACIY7STA/o5tx
+O2vNWW022iXtTtj3Pt9pKXHTtK1eaDrHq+5s8c8GI2qarSeYdhJDzqFF1MjFaLs
IqWfj/KOHBJOE/djccxedeMXg/yPUGYd7Ezx+PvdiUlB7swKoxnHE9Tq9jQwAbDA
tt1EBBZUe7Zu2E7RiBHdQvOyj7ROnMNaS2vhjiD0ZLNznotgealFsmQbuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIjSNrow47NDfQmfsZru1wC8TVn0MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvaU5JMnVqRGpzME45Q1oteG11N1hBTHhOV2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIA4DE4
MA0GCSqGSIb3DQEBCwUAA4IBAQAm4P47OjNAawVWMO4rUjocX6FBBfd955FwPDAa
ts7uxHYp3AEzQ9NpROFNlUcNUVRjuxChzzUXVwJgO9N+K3W92AjeotQCZlxRoZ3t
x9oGKOAJhoW+pDVrtV6l6sxk+s67trXa8FQyYAu/oKRxojjtkLVtZ62+klJ+yscP
pv3x1tbEBivNIi/H77ZxCVmvOtmsUcUe+5WcX9vTTPFbHCpxsYPyxGdAPpuADVEY
PHfO32Qd8q/pWkEINt40y7NCJxFaQ4n7je58g8Z8hrZ4/OQ55sScx0bfMZx7QrBw
1k3Pzz5pn7xMmlQqgHeEjNBxCPH9l4KjBN0E6Y5Ns/LYWyv7
-----END CERTIFICATE-----