Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/lc9O3_kJzrD2gRTLXGEqn-rR7sU.roa
File:                     lc9O3_kJzrD2gRTLXGEqn-rR7sU.roa (raw, json)
Hash identifier:          tvi3vdXKDtp/dNYa+udxpyOe0fphFmbKySFJKOGAonk=
Subject key identifier:   95:CF:4E:DF:F9:09:CE:B0:F6:81:14:CB:5C:61:2A:9F:EA:D1:EE:C5
Certificate issuer:       /CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
Certificate serial:       018CC2DAC5CCDFA6E048BCA57D10E7D57089
Authority key identifier: 20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/lc9O3_kJzrD2gRTLXGEqn-rR7sU.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48659
IP address blocks:        2a03:ae40:fa00::/40 maxlen: 40
                          2a03:ae40:fb00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c5:cc:df:a6:e0:48:bc:a5:7d:10:e7:d5:70:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95cf4edff909ceb0f68114cb5c612a9fead1eec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5f:07:d1:e6:36:00:08:88:9a:32:e4:de:f3:
                    99:30:1b:e1:92:66:3e:36:a6:a3:f5:33:3d:01:d2:
                    10:bc:c1:94:78:f1:45:98:9f:7d:a8:9c:0e:21:5b:
                    b8:d1:30:b9:7a:1d:49:e7:db:77:33:18:7d:dc:e8:
                    6a:b3:e4:9e:01:f3:a6:84:1b:9b:5f:c2:3c:d6:2a:
                    e7:ab:3b:68:e7:f7:39:e1:ee:62:a4:e8:43:03:1e:
                    68:e3:6e:cf:8a:e8:da:9b:44:9e:de:f0:e2:7d:bb:
                    fc:11:2a:ec:79:1a:4c:f0:dc:41:78:d1:c4:67:e8:
                    7e:61:15:49:c8:d5:ea:de:ba:1f:3d:3d:9b:65:90:
                    57:8f:fe:25:cf:d2:a9:0d:30:0f:08:7b:80:a5:be:
                    73:f2:3e:64:6d:00:8c:9a:7a:b3:9a:4b:6e:0c:05:
                    6a:6e:e8:f6:f7:b4:1c:e8:35:90:32:a9:b0:b5:29:
                    e5:73:bd:6c:2d:ab:58:31:ea:f3:db:75:ad:19:20:
                    73:52:0d:74:a0:82:31:8d:d0:28:f3:84:e1:17:ad:
                    eb:c1:46:cc:17:62:dc:68:1c:9f:1e:bc:7a:7b:21:
                    60:48:f5:23:dc:3d:65:e3:74:be:40:67:10:d8:13:
                    11:6f:bf:1d:ad:97:f3:76:14:ab:2b:83:36:a3:3f:
                    ea:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:CF:4E:DF:F9:09:CE:B0:F6:81:14:CB:5C:61:2A:9F:EA:D1:EE:C5
            X509v3 Authority Key Identifier:
                keyid:20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/lc9O3_kJzrD2gRTLXGEqn-rR7sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:ae40:fa00::/39

    Signature Algorithm: sha256WithRSAEncryption
         47:f5:f5:b6:b0:51:91:a9:51:d9:b3:fc:7b:8a:fc:12:a0:d7:
         65:09:9e:8d:24:b9:89:42:0f:a9:ee:3d:8b:f3:31:09:d6:d0:
         e3:10:ce:a4:57:7d:2c:0a:b5:b8:4e:22:9f:09:ce:73:e5:e7:
         16:3b:b7:77:67:02:04:6e:75:2f:54:6e:19:1e:cf:f7:70:ac:
         2e:92:b1:02:0f:3a:34:29:69:3a:22:18:3b:52:dc:18:78:2b:
         29:4f:3b:87:a8:f4:cb:ef:e8:7f:60:1b:2b:7f:92:fe:c4:48:
         a0:e7:75:30:2d:a6:93:d5:86:17:2f:50:2d:3e:cb:2d:40:5a:
         a3:4c:b7:b4:42:3c:a0:71:ba:6b:5f:30:72:9a:f5:2c:84:63:
         2f:b8:59:ec:f3:6f:d8:36:34:92:a0:03:b3:b8:9e:f1:8c:2f:
         de:db:42:2d:d4:1e:29:67:9e:35:82:7f:d0:f6:d5:36:76:fc:
         e7:56:8b:ca:d8:67:07:99:1d:a0:f2:50:5a:d2:1b:b8:b9:07:
         63:04:95:d7:da:1c:8d:1f:24:e0:36:e6:57:59:fd:74:28:fb:
         ba:71:6a:d5:cc:4a:81:c5:44:f6:1c:29:13:78:11:20:db:c9:
         20:45:d5:d0:0b:8e:f9:f0:53:c2:fa:b2:5f:f9:a3:1f:37:bc:
         e0:15:f4:98
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC2sXM36bgSLylfRDn1XCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjYzODEwN2FiYjg0YWU2ZmIwM2NjMWRiMmNmZDFiYzQ0
ODdmOGQwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWNmNGVkZmY5MDljZWIwZjY4MTE0Y2I1YzYxMmE5ZmVhZDFlZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql8H0eY2AAiImjLk3vOZMBvhkmY+
Nqaj9TM9AdIQvMGUePFFmJ99qJwOIVu40TC5eh1J59t3Mxh93Ohqs+SeAfOmhBub
X8I81irnqzto5/c54e5ipOhDAx5o427Piujam0Se3vDifbv8ESrseRpM8NxBeNHE
Z+h+YRVJyNXq3rofPT2bZZBXj/4lz9KpDTAPCHuApb5z8j5kbQCMmnqzmktuDAVq
buj297Qc6DWQMqmwtSnlc71sLatYMerz23WtGSBzUg10oIIxjdAo84ThF63rwUbM
F2LcaByfHrx6eyFgSPUj3D1l43S+QGcQ2BMRb78drZfzdhSrK4M2oz/qLQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJXPTt/5Cc6w9oEUy1xhKp/q0e7FMB8GA1UdIwQY
MBaAFCD2OBB6u4Sub7A8wdss/RvESH+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQt
YTgyODM2ZGUwNWZjLzEvbGM5TzNfa0p6ckQyZ1JUTFhHRXFuLXJSN3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQtYTgyODM2ZGUwNWZj
LzEvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKgOuQPow
DQYJKoZIhvcNAQELBQADggEBAEf19bawUZGpUdmz/HuK/BKg12UJno0kuYlCD6nu
PYvzMQnW0OMQzqRXfSwKtbhOIp8JznPl5xY7t3dnAgRudS9Ubhkez/dwrC6SsQIP
OjQpaToiGDtS3Bh4KylPO4eo9Mvv6H9gGyt/kv7ESKDndTAtppPVhhcvUC0+yy1A
WqNMt7RCPKBxumtfMHKa9SyEYy+4Wezzb9g2NJKgA7O4nvGML97bQi3UHilnnjWC
f9D21TZ2/OdWi8rYZweZHaDyUFrSG7i5B2MEldfaHI0fJOA25ldZ/XQo+7pxatXM
SoHFRPYcKRN4ESDbySBF1dALjvnwU8L6sl/5ox83vOAV9Jg=
-----END CERTIFICATE-----