Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/9TZkzOZaZwDdOBmw6YgK1sqmgIQ.roa
File:                     9TZkzOZaZwDdOBmw6YgK1sqmgIQ.roa (raw, json)
Hash identifier:          ec3EvITaQbCd5ljOcugR/l6Y5frX+nwHjFy3NW8Uf0c=
Subject key identifier:   F5:36:64:CC:E6:5A:67:00:DD:38:19:B0:E9:88:0A:D6:CA:A6:80:84
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       018CC9BBA4879191F52B1610EB67AF632EEC
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/9TZkzOZaZwDdOBmw6YgK1sqmgIQ.roa
Signing time:             Tue 02 Jan 2024 10:32:46 +0000
ROA not before:           Tue 02 Jan 2024 10:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213064
IP address blocks:        2a09:d2c2:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a4:87:91:91:f5:2b:16:10:eb:67:af:63:2e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 10:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f53664cce65a6700dd3819b0e9880ad6caa68084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:48:4a:3e:78:95:26:06:45:c4:47:45:42:b0:
                    28:91:41:6f:be:ba:d2:b9:bf:74:7d:03:bb:9c:56:
                    38:4a:f4:ad:78:f7:1d:9e:d4:13:1f:85:df:d9:57:
                    16:25:60:7a:8f:59:72:fd:9d:65:e6:84:13:d0:41:
                    42:af:c2:a1:e0:c7:23:39:7a:0b:09:5b:c7:9f:78:
                    b4:15:c9:85:80:dc:30:53:7d:c5:18:37:43:0b:eb:
                    53:b6:40:e9:31:d4:34:6a:ab:f6:14:b0:66:10:14:
                    07:ef:3f:b0:67:76:49:8f:a3:cd:61:55:6b:12:9c:
                    54:9c:93:8a:92:a7:1f:c6:d2:46:56:e9:82:fc:f1:
                    70:26:bf:5e:af:e1:1f:2c:aa:93:9e:28:f2:3f:70:
                    08:60:c6:45:0a:2d:56:6e:44:a2:d7:72:db:28:1e:
                    b3:12:01:cd:98:69:3e:9d:7b:0c:97:8d:50:e3:1a:
                    c3:0a:89:23:fa:c6:29:c8:a7:d5:3a:70:42:9a:e8:
                    d5:1f:b7:37:40:7e:f2:fa:37:48:7e:ef:47:ec:85:
                    93:ed:8c:01:08:ba:f4:8d:b1:e9:d3:f1:ad:2a:30:
                    d6:f6:d4:dd:d3:8b:75:bb:76:23:e6:d4:78:9b:9e:
                    55:f5:ca:06:6b:fc:7c:8c:3f:21:e5:da:68:c9:a9:
                    2f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:36:64:CC:E6:5A:67:00:DD:38:19:B0:E9:88:0A:D6:CA:A6:80:84
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/9TZkzOZaZwDdOBmw6YgK1sqmgIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d2c2:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:95:dc:0c:5d:91:37:8d:19:20:06:f5:d2:57:9f:32:1a:d0:
         ba:51:7e:ca:88:19:7d:86:39:6a:a9:b8:f6:0a:40:ad:2c:a1:
         82:5c:1d:e6:f9:ec:c6:8a:3e:87:c0:77:66:d0:8a:95:7e:c5:
         ab:13:f0:fb:38:3d:b2:b2:1f:9d:99:e0:7c:ae:b4:63:f0:a9:
         69:55:11:a7:1e:81:b2:63:4b:f4:85:9a:6c:b5:12:c7:83:5e:
         4f:4f:1e:f0:1a:d1:c5:18:5a:97:3d:46:19:90:01:ca:81:64:
         d1:bd:15:e7:0c:b7:48:f7:2d:8a:10:8a:6d:6b:51:ce:b3:86:
         71:9a:8c:cb:d6:01:64:47:8a:1d:99:b2:6a:a7:14:35:84:4f:
         ca:f3:32:1c:c4:bc:96:0b:7c:ef:76:3f:6f:a1:69:ff:76:d0:
         7b:ee:99:fb:4a:d3:95:ab:6c:8a:a0:0b:43:e7:69:59:a8:27:
         cc:aa:09:58:a6:5a:1b:6e:50:f7:45:e8:28:27:4b:43:01:f9:
         be:83:49:f1:b8:a4:a3:b5:ba:e9:40:5d:a6:0c:6e:a1:a6:bc:
         36:1c:9b:08:b6:94:6e:6e:d0:9b:4e:2d:e8:6b:0e:00:ad:90:
         d6:9e:39:a0:37:1b:8e:41:13:d8:6e:c2:88:06:a8:5a:02:c2:
         c0:68:b5:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu6SHkZH1KxYQ62evYy7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQwMTAyMTAzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTM2NjRjY2U2NWE2NzAwZGQzODE5YjBlOTg4MGFkNmNhYTY4MDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkhKPniVJgZFxEdFQrAokUFvvrrS
ub90fQO7nFY4SvStePcdntQTH4Xf2VcWJWB6j1ly/Z1l5oQT0EFCr8Kh4McjOXoL
CVvHn3i0FcmFgNwwU33FGDdDC+tTtkDpMdQ0aqv2FLBmEBQH7z+wZ3ZJj6PNYVVr
EpxUnJOKkqcfxtJGVumC/PFwJr9er+EfLKqTnijyP3AIYMZFCi1WbkSi13LbKB6z
EgHNmGk+nXsMl41Q4xrDCokj+sYpyKfVOnBCmujVH7c3QH7y+jdIfu9H7IWT7YwB
CLr0jbHp0/GtKjDW9tTd04t1u3Yj5tR4m55V9coGa/x8jD8h5dpoyakvkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPU2ZMzmWmcA3TgZsOmICtbKpoCEMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvOVRaa3pPWmFad0RkT0JtdzZZZ0sxc3FtZ0lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnSwgAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBSldwMXZE3jRkgBvXSV58yGtC6UX7KiBl9hjlq
qbj2CkCtLKGCXB3m+ezGij6HwHdm0IqVfsWrE/D7OD2ysh+dmeB8rrRj8KlpVRGn
HoGyY0v0hZpstRLHg15PTx7wGtHFGFqXPUYZkAHKgWTRvRXnDLdI9y2KEIpta1HO
s4ZxmozL1gFkR4odmbJqpxQ1hE/K8zIcxLyWC3zvdj9voWn/dtB77pn7StOVq2yK
oAtD52lZqCfMqglYplobblD3RegoJ0tDAfm+g0nxuKSjtbrpQF2mDG6hprw2HJsI
tpRubtCbTi3oaw4ArZDWnjmgNxuOQRPYbsKIBqhaAsLAaLU7
-----END CERTIFICATE-----