Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/9ced26-47b0-427a-881e-f713ad516185/1/nMKMonjjnI6Y8gPN4LEu0lw7tWE.roa
File:                     nMKMonjjnI6Y8gPN4LEu0lw7tWE.roa (raw, json)
Hash identifier:          7DwnxGJishn478s//Mb4GTmfUpnt4KRFodLw/H0Hi0o=
Subject key identifier:   9C:C2:8C:A2:78:E3:9C:8E:98:F2:03:CD:E0:B1:2E:D2:5C:3B:B5:61
Certificate issuer:       /CN=20b13910c1f98735e401650b1d34bf8b6a0a0696
Certificate serial:       01945FD091708DBAB5A4506A49F33B946BE0
Authority key identifier: 20:B1:39:10:C1:F9:87:35:E4:01:65:0B:1D:34:BF:8B:6A:0A:06:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ILE5EMH5hzXkAWULHTS_i2oKBpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/9ced26-47b0-427a-881e-f713ad516185/1/nMKMonjjnI6Y8gPN4LEu0lw7tWE.roa
Signing time:             Mon 13 Jan 2025 13:18:11 +0000
ROA not before:           Mon 13 Jan 2025 13:18:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213972
IP address blocks:        2a01:fac0::/48 maxlen: 48
                          2a01:fac0:1::/48 maxlen: 48
                          2a01:fac4::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/9ced26-47b0-427a-881e-f713ad516185/1/ILE5EMH5hzXkAWULHTS_i2oKBpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/9ced26-47b0-427a-881e-f713ad516185/1/ILE5EMH5hzXkAWULHTS_i2oKBpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ILE5EMH5hzXkAWULHTS_i2oKBpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:d0:91:70:8d:ba:b5:a4:50:6a:49:f3:3b:94:6b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20b13910c1f98735e401650b1d34bf8b6a0a0696
        Validity
            Not Before: Jan 13 13:18:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cc28ca278e39c8e98f203cde0b12ed25c3bb561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9d:6b:d9:ce:08:b1:c3:e5:8a:57:45:4f:0b:
                    da:10:60:9e:1e:32:91:42:40:eb:74:d1:39:27:7c:
                    ea:e4:1d:aa:84:3d:64:b7:89:9c:51:79:ca:a9:a9:
                    f4:ae:f3:48:4a:6d:8e:7d:da:0e:b9:13:f6:c6:96:
                    10:a1:74:bb:4e:44:2b:e5:f5:82:8b:64:e9:a1:27:
                    d0:9a:c3:6c:00:4e:a1:28:b6:99:4c:83:4a:db:d9:
                    62:f0:aa:31:e8:25:a7:66:42:65:39:14:21:e3:80:
                    05:6b:7d:21:ee:8b:d2:a3:61:7f:2c:a1:0c:d8:32:
                    f8:f7:1b:d2:ac:1a:3a:2c:a6:c6:bf:fd:ca:12:ec:
                    e5:98:31:ee:14:3a:12:66:fb:08:d1:55:b2:cf:4e:
                    d6:52:c6:00:49:f0:c5:da:f7:e9:93:56:25:83:0e:
                    91:d8:18:5b:73:6a:50:d7:7c:59:95:0a:4e:d3:2a:
                    ab:32:a6:53:f8:01:65:f3:57:61:d7:a0:8e:e6:0d:
                    0a:e9:fb:a0:d1:39:fb:67:37:df:28:16:8a:5c:be:
                    a0:12:55:64:f9:c8:ae:d2:b0:fa:6f:50:1f:7d:1b:
                    f4:63:d0:2f:ea:86:fd:c1:3e:11:36:5b:68:1e:35:
                    aa:30:3c:56:b7:f3:35:21:f2:d5:32:28:3b:de:12:
                    87:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C2:8C:A2:78:E3:9C:8E:98:F2:03:CD:E0:B1:2E:D2:5C:3B:B5:61
            X509v3 Authority Key Identifier:
                keyid:20:B1:39:10:C1:F9:87:35:E4:01:65:0B:1D:34:BF:8B:6A:0A:06:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILE5EMH5hzXkAWULHTS_i2oKBpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ced26-47b0-427a-881e-f713ad516185/1/nMKMonjjnI6Y8gPN4LEu0lw7tWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ced26-47b0-427a-881e-f713ad516185/1/ILE5EMH5hzXkAWULHTS_i2oKBpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:fac0::/47
                  2a01:fac4::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:4a:e5:91:15:13:3a:b7:6f:49:e4:cd:40:6b:72:4f:04:0b:
         0d:1f:e1:d8:79:35:e5:be:2c:2b:bb:b7:d1:8c:0a:49:65:b0:
         b9:58:4c:3f:f3:8d:72:10:03:21:9a:4e:c9:42:c4:52:33:77:
         84:2b:62:71:63:75:e7:3a:f4:b6:87:5c:65:d5:6a:82:3b:0e:
         97:11:29:c2:af:b9:01:13:26:ae:59:50:9d:e6:77:8e:85:8c:
         53:88:4d:02:31:5b:d5:e7:f0:72:c3:03:fb:cb:3a:3e:0f:9b:
         1a:9a:19:35:78:8e:76:8b:6f:00:b5:16:56:7b:7a:3e:c0:97:
         b0:df:e4:d8:e6:e0:6a:04:43:3a:db:2c:1e:4b:c3:9e:fd:34:
         9d:3b:35:3c:6d:36:db:97:25:16:15:83:2c:83:47:2f:c3:31:
         06:0d:78:8b:39:34:db:c1:86:a3:b7:fc:67:c9:e2:e2:d7:9c:
         e2:73:ca:4d:de:dd:29:73:61:a5:c4:df:32:75:a2:14:17:d1:
         3f:54:c2:e4:2a:77:61:b6:6f:80:28:30:46:cb:1b:e3:33:91:
         cb:b6:14:61:09:60:3b:4d:26:b3:d7:ba:04:14:a6:bc:02:2d:
         a5:ad:e8:91:07:fa:a7:14:e5:96:a8:eb:71:1a:52:b1:92:5d:
         d3:e7:49:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRf0JFwjbq1pFBqSfM7lGvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjEzOTEwYzFmOTg3MzVlNDAxNjUwYjFkMzRiZjhiNmEw
YTA2OTYwHhcNMjUwMTEzMTMxODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2MyOGNhMjc4ZTM5YzhlOThmMjAzY2RlMGIxMmVkMjVjM2JiNTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ1r2c4IscPlildFTwvaEGCeHjKR
QkDrdNE5J3zq5B2qhD1kt4mcUXnKqan0rvNISm2OfdoOuRP2xpYQoXS7TkQr5fWC
i2TpoSfQmsNsAE6hKLaZTINK29li8Kox6CWnZkJlORQh44AFa30h7ovSo2F/LKEM
2DL49xvSrBo6LKbGv/3KEuzlmDHuFDoSZvsI0VWyz07WUsYASfDF2vfpk1Ylgw6R
2Bhbc2pQ13xZlQpO0yqrMqZT+AFl81dh16CO5g0K6fug0Tn7ZzffKBaKXL6gElVk
+ciu0rD6b1AffRv0Y9Av6ob9wT4RNltoHjWqMDxWt/M1IfLVMig73hKHOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJzCjKJ445yOmPIDzeCxLtJcO7VhMB8GA1UdIwQY
MBaAFCCxORDB+Yc15AFlCx00v4tqCgaWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxFNUVNSDVoelhrQVdVTEhUU19pMm9LQnBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85Y2VkMjYtNDdiMC00MjdhLTg4MWUt
ZjcxM2FkNTE2MTg1LzEvbk1LTW9uampuSTZZOGdQTjRMRXUwbHc3dFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85Y2VkMjYtNDdiMC00MjdhLTg4MWUtZjcxM2FkNTE2MTg1
LzEvSUxFNUVNSDVoelhrQVdVTEhUU19pMm9LQnBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKgH6wAAA
AwcEKgH6xAAAMA0GCSqGSIb3DQEBCwUAA4IBAQA5SuWRFRM6t29J5M1Aa3JPBAsN
H+HYeTXlviwru7fRjApJZbC5WEw/841yEAMhmk7JQsRSM3eEK2JxY3XnOvS2h1xl
1WqCOw6XESnCr7kBEyauWVCd5neOhYxTiE0CMVvV5/BywwP7yzo+D5samhk1eI52
i28AtRZWe3o+wJew3+TY5uBqBEM62yweS8Oe/TSdOzU8bTbblyUWFYMsg0cvwzEG
DXiLOTTbwYajt/xnyeLi15zic8pN3t0pc2GlxN8ydaIUF9E/VMLkKndhtm+AKDBG
yxvjM5HLthRhCWA7TSaz17oEFKa8Ai2lreiRB/qnFOWWqOtxGlKxkl3T50lk
-----END CERTIFICATE-----