Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/9fxVVEARajC-2ASXFi0_DFGSBc8.roa
File:                     9fxVVEARajC-2ASXFi0_DFGSBc8.roa (raw, json)
Hash identifier:          hXfrG37neyCRh8L2PA4JPhumP6PxcdmlSO8PbLD9FY4=
Subject key identifier:   F5:FC:55:54:40:11:6A:30:BE:D8:04:97:16:2D:3F:0C:51:92:05:CF
Certificate issuer:       /CN=369c713c51987e1ffa5482277f5f1c8cb722f44b
Certificate serial:       01941F8CA9F63E89745B1650F10E72B9FAD1
Authority key identifier: 36:9C:71:3C:51:98:7E:1F:FA:54:82:27:7F:5F:1C:8C:B7:22:F4:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/9fxVVEARajC-2ASXFi0_DFGSBc8.roa
Signing time:             Wed 01 Jan 2025 01:48:19 +0000
ROA not before:           Wed 01 Jan 2025 01:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15776
IP address blocks:        2001:15f8:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a9:f6:3e:89:74:5b:16:50:f1:0e:72:b9:fa:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=369c713c51987e1ffa5482277f5f1c8cb722f44b
        Validity
            Not Before: Jan  1 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5fc555440116a30bed80497162d3f0c519205cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f2:bf:7d:ad:ed:05:c3:70:a2:4b:1b:ea:dd:
                    42:bb:7f:85:d8:79:9d:e8:af:9c:81:ba:6f:58:0d:
                    f0:ed:1d:13:07:5d:47:4c:25:d4:d7:11:bd:1c:5c:
                    f8:78:ec:98:f9:92:c7:74:53:5e:90:00:5d:f1:c0:
                    78:ae:b4:c7:6d:c5:50:35:88:20:22:8f:b1:00:37:
                    96:cc:f3:04:54:3a:a6:4f:8d:4f:e0:84:64:74:d3:
                    80:a4:b6:08:d0:e4:c6:fa:be:f4:84:69:c2:e8:6a:
                    ab:90:e5:b5:18:d3:df:76:12:3d:30:24:e8:fc:88:
                    81:10:29:86:00:29:82:0c:5d:01:ae:f3:46:4a:d2:
                    0b:c0:9a:c1:b4:59:71:4a:c8:1a:6e:83:dd:5e:f0:
                    f8:b9:02:13:87:4c:63:e6:e6:75:d4:6f:16:fe:ad:
                    06:5a:23:e1:47:93:14:5d:92:18:fe:70:61:b7:eb:
                    31:7b:48:57:81:25:ca:14:95:33:0c:e2:3b:e2:71:
                    de:03:28:7b:93:65:09:15:78:6d:15:d3:07:1f:2d:
                    75:cf:d7:f1:45:2b:4d:9e:09:ae:d6:24:1e:c0:c5:
                    55:51:e4:17:6e:bc:6a:33:d0:07:b3:94:8c:06:48:
                    e5:06:ba:22:96:5d:6b:de:20:4a:a3:48:59:2d:d2:
                    1b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FC:55:54:40:11:6A:30:BE:D8:04:97:16:2D:3F:0C:51:92:05:CF
            X509v3 Authority Key Identifier:
                keyid:36:9C:71:3C:51:98:7E:1F:FA:54:82:27:7F:5F:1C:8C:B7:22:F4:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/9fxVVEARajC-2ASXFi0_DFGSBc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:15f8:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9c:e9:4b:7d:67:6c:b2:4f:94:52:ed:61:2a:a4:fc:a3:7f:22:
         ee:8e:4e:de:57:2e:7d:ca:b0:c9:e9:58:38:9b:da:9d:de:88:
         bd:67:e3:b0:b6:4a:5b:76:73:19:99:da:d6:49:37:bf:ca:87:
         5c:9f:b5:d7:ee:c8:cc:a0:08:40:ed:ab:c6:5e:bb:ef:19:ba:
         3f:48:39:b7:1a:70:7d:bb:9a:ff:38:63:aa:e5:8a:f0:d5:e9:
         ae:35:5c:d6:0c:4b:ad:fa:42:bd:c4:0d:b3:53:91:ac:4c:1c:
         9a:ae:02:57:2a:5a:09:11:82:6e:7c:49:74:81:dc:24:de:d0:
         0e:ed:e0:1e:8d:9a:cf:d1:69:dc:73:f9:b2:19:d0:5f:b9:52:
         ee:8a:8c:75:74:df:9d:ee:e1:7d:83:af:17:e1:44:a1:92:bf:
         6d:0f:18:1f:d9:00:0e:cc:4e:23:1a:ef:b5:a6:a6:2c:24:c2:
         07:9b:8c:85:1b:3a:95:87:f6:0f:a6:79:8d:67:21:85:d1:7d:
         3b:b0:99:47:ee:6d:95:16:1b:74:d9:eb:e1:7f:a6:8f:b9:60:
         1a:2b:76:f0:61:00:d2:09:54:68:f4:7b:0c:e6:8c:2a:6b:b1:
         07:1c:19:be:8d:e5:b1:0b:82:33:3a:2e:20:2b:b7:e1:57:69:
         25:97:42:57
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjKn2Pol0WxZQ8Q5yufrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OWM3MTNjNTE5ODdlMWZmYTU0ODIyNzdmNWYxYzhjYjcy
MmY0NGIwHhcNMjUwMTAxMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWZjNTU1NDQwMTE2YTMwYmVkODA0OTcxNjJkM2YwYzUxOTIwNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvK/fa3tBcNwoksb6t1Cu3+F2Hmd
6K+cgbpvWA3w7R0TB11HTCXU1xG9HFz4eOyY+ZLHdFNekABd8cB4rrTHbcVQNYgg
Io+xADeWzPMEVDqmT41P4IRkdNOApLYI0OTG+r70hGnC6GqrkOW1GNPfdhI9MCTo
/IiBECmGACmCDF0BrvNGStILwJrBtFlxSsgaboPdXvD4uQITh0xj5uZ11G8W/q0G
WiPhR5MUXZIY/nBht+sxe0hXgSXKFJUzDOI74nHeAyh7k2UJFXhtFdMHHy11z9fx
RStNngmu1iQewMVVUeQXbrxqM9AHs5SMBkjlBroill1r3iBKo0hZLdIbcwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPX8VVRAEWowvtgElxYtPwxRkgXPMB8GA1UdIwQY
MBaAFDaccTxRmH4f+lSCJ39fHIy3IvRLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnB4eFBGR1lmaF82VklJbmYxOGNqTGNpOUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84MDJlOWUtZjk4Mi00NDlkLThiNzAt
NzZjMDVjZjVmMmU2LzEvOWZ4VlZFQVJhakMtMkFTWEZpMF9ERkdTQmM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84MDJlOWUtZjk4Mi00NDlkLThiNzAtNzZjMDVjZjVmMmU2
LzEvTnB4eFBGR1lmaF82VklJbmYxOGNqTGNpOUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAIAEV+BAw
DQYJKoZIhvcNAQELBQADggEBAJzpS31nbLJPlFLtYSqk/KN/Iu6OTt5XLn3KsMnp
WDib2p3eiL1n47C2Slt2cxmZ2tZJN7/Kh1yftdfuyMygCEDtq8Zeu+8Zuj9IObca
cH27mv84Y6rlivDV6a41XNYMS636Qr3EDbNTkaxMHJquAlcqWgkRgm58SXSB3CTe
0A7t4B6Nms/Radxz+bIZ0F+5Uu6KjHV0353u4X2DrxfhRKGSv20PGB/ZAA7MTiMa
77WmpiwkwgebjIUbOpWH9g+meY1nIYXRfTuwmUfubZUWG3TZ6+F/po+5YBordvBh
ANIJVGj0ewzmjCprsQccGb6N5bELgjM6LiArt+FXaSWXQlc=
-----END CERTIFICATE-----