Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/TR9Y8O6wUuYOkPBdRPs3ThewENs.roa
File:                     TR9Y8O6wUuYOkPBdRPs3ThewENs.roa (raw, json)
Hash identifier:          927gl/P5bMlZ+0yPBPh+Mj9eqGwC74x56ViwchQCB8M=
Subject key identifier:   4D:1F:58:F0:EE:B0:52:E6:0E:90:F0:5D:44:FB:37:4E:17:B0:10:DB
Certificate issuer:       /CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
Certificate serial:       018CC2DB1EE35691FD30C6BB89B38AA42CCD
Authority key identifier: 00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/TR9Y8O6wUuYOkPBdRPs3ThewENs.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a04:1f42::/32 maxlen: 48
                          2a04:1f41::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1e:e3:56:91:fd:30:c6:bb:89:b3:8a:a4:2c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d1f58f0eeb052e60e90f05d44fb374e17b010db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:91:55:cd:2f:78:e7:4a:dd:9d:50:5f:2f:cb:
                    7f:4f:52:3f:da:58:61:72:05:6d:57:cd:d1:8a:b3:
                    2c:35:df:b6:90:f8:01:bf:fc:a7:f1:64:9e:6b:a5:
                    be:59:c0:30:8f:66:37:fa:42:fb:26:c3:46:00:51:
                    9a:d7:e6:b2:34:e0:eb:e9:ce:c8:cc:ca:62:ee:61:
                    36:87:a3:e0:a3:2c:64:f2:46:f6:68:fe:11:ff:fe:
                    dd:f9:69:cf:0d:14:f9:76:bd:4c:c7:76:93:8d:22:
                    4a:dc:11:28:1c:4a:3a:3e:97:c9:c8:1e:78:27:c9:
                    d9:0a:41:c1:da:62:d3:b6:de:96:93:6b:6e:a8:37:
                    35:f4:c8:31:d6:b7:f5:7c:7e:92:02:4f:35:d7:55:
                    96:b0:e6:a9:c8:f1:66:54:6b:54:0b:94:fd:20:18:
                    4a:13:8c:84:3e:7d:32:cb:e0:3e:db:84:e7:9a:04:
                    1a:13:c8:02:d6:8d:c7:9b:94:98:99:ad:43:5a:01:
                    4a:7f:da:bd:8b:d6:67:67:68:ed:1a:d2:6f:c1:69:
                    55:80:7f:c0:48:ac:1d:58:f2:ea:76:f5:31:ab:39:
                    f6:57:7d:b8:88:70:1b:34:59:ef:4a:e9:cd:32:db:
                    7a:b9:53:b8:ab:84:bd:a7:a0:d7:4e:ad:61:c9:bc:
                    eb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1F:58:F0:EE:B0:52:E6:0E:90:F0:5D:44:FB:37:4E:17:B0:10:DB
            X509v3 Authority Key Identifier:
                keyid:00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/TR9Y8O6wUuYOkPBdRPs3ThewENs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1f41::-2a04:1f42:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9f:36:69:fa:68:a0:e0:57:20:f6:3c:04:b9:ba:68:70:fe:36:
         b7:08:8c:4b:14:2c:0f:05:e5:60:3a:36:3f:ec:7f:54:fd:e2:
         aa:c3:c6:32:2b:f3:48:62:e4:2c:cf:6a:40:c2:d5:6f:0c:e4:
         0a:31:0a:a8:72:b8:b4:91:bc:6b:8e:61:60:04:ca:c8:0a:9f:
         63:cb:f3:9d:47:4b:73:4d:e5:95:69:26:80:7c:a5:87:d0:2e:
         de:84:96:fb:de:72:e6:a4:5d:ad:4e:84:1a:d6:3e:96:98:b4:
         be:d5:a1:cd:17:65:db:9c:35:50:e4:c7:51:76:7c:5c:a9:f4:
         99:62:df:aa:7f:98:d7:57:95:89:20:56:19:46:d9:b2:03:d7:
         37:18:4e:dd:26:b8:48:fb:0e:a0:1b:b7:09:b6:16:b2:d1:b8:
         64:a4:42:bc:6f:76:60:ab:de:37:4a:38:c2:ec:6c:e3:28:3a:
         a8:0e:48:bf:10:8b:e8:ed:ef:07:d8:ba:71:3b:e3:ea:7f:53:
         54:9d:62:42:aa:13:31:15:a7:44:8a:f4:ea:8d:5e:c0:c7:61:
         b1:64:c9:52:2b:10:b5:ef:3a:4a:62:57:b6:3c:dc:86:36:08:
         4c:ba:6c:68:56:81:b0:f3:70:b4:0d:d7:c7:79:ac:12:77:22:
         77:d2:a8:b0
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzC2x7jVpH9MMa7ibOKpCzNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNmIwNmI1ZDBmZjEwMDBlMTBjNDI3NmVlYTA4ODBhZjIw
OWQ3YTIwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDFmNThmMGVlYjA1MmU2MGU5MGYwNWQ0NGZiMzc0ZTE3YjAxMGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspFVzS9450rdnVBfL8t/T1I/2lhh
cgVtV83RirMsNd+2kPgBv/yn8WSea6W+WcAwj2Y3+kL7JsNGAFGa1+ayNODr6c7I
zMpi7mE2h6Pgoyxk8kb2aP4R//7d+WnPDRT5dr1Mx3aTjSJK3BEoHEo6PpfJyB54
J8nZCkHB2mLTtt6Wk2tuqDc19Mgx1rf1fH6SAk8111WWsOapyPFmVGtUC5T9IBhK
E4yEPn0yy+A+24TnmgQaE8gC1o3Hm5SYma1DWgFKf9q9i9ZnZ2jtGtJvwWlVgH/A
SKwdWPLqdvUxqzn2V324iHAbNFnvSunNMtt6uVO4q4S9p6DXTq1hybzrBwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFE0fWPDusFLmDpDwXUT7N04XsBDbMB8GA1UdIwQY
MBaAFABrBrXQ/xAA4QxCdu6giAryCdeiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQt
NTdjOTU1YzljODVkLzEvVFI5WThPNndVdVlPa1BCZFJQczNUaGV3RU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQtNTdjOTU1YzljODVk
LzEvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqBB9B
AwUAKgQfQjANBgkqhkiG9w0BAQsFAAOCAQEAnzZp+mig4Fcg9jwEubpocP42twiM
SxQsDwXlYDo2P+x/VP3iqsPGMivzSGLkLM9qQMLVbwzkCjEKqHK4tJG8a45hYATK
yAqfY8vznUdLc03llWkmgHylh9Au3oSW+95y5qRdrU6EGtY+lpi0vtWhzRdl25w1
UOTHUXZ8XKn0mWLfqn+Y11eViSBWGUbZsgPXNxhO3Sa4SPsOoBu3CbYWstG4ZKRC
vG92YKveN0o4wuxs4yg6qA5IvxCL6O3vB9i6cTvj6n9TVJ1iQqoTMRWnRIr06o1e
wMdhsWTJUisQte86SmJXtjzchjYITLpsaFaBsPNwtA3Xx3msEncid9KosA==
-----END CERTIFICATE-----