Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/9XkT2H0VW9ZP10GBudtwsPWxU4k.roa
File:                     9XkT2H0VW9ZP10GBudtwsPWxU4k.roa (raw, json)
Hash identifier:          XpwL9M1S4Q2V+CWiRBdGODc9P8QUnjU5zEXKz9MSCxs=
Subject key identifier:   F5:79:13:D8:7D:15:5B:D6:4F:D7:41:81:B9:DB:70:B0:F5:B1:53:89
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B6184BE428E3394A2B19D544B9D22
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/9XkT2H0VW9ZP10GBudtwsPWxU4k.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0e:46c4:2300::/40 maxlen: 48
                          2a0e:46c4:24a1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:61:84:be:42:8e:33:94:a2:b1:9d:54:4b:9d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f57913d87d155bd64fd74181b9db70b0f5b15389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f7:9e:ad:9c:c5:70:4e:46:07:e9:50:f5:83:
                    6c:ff:78:09:cf:f4:e0:b7:c9:17:c3:5c:4c:7a:66:
                    ef:1d:73:43:7d:67:4a:d2:64:4e:cd:20:17:92:e9:
                    be:d9:a4:fd:db:4f:a4:2b:3b:2f:58:f8:e3:b6:bf:
                    0c:20:a1:f7:78:57:34:18:e4:bc:a1:e6:76:b7:f6:
                    e5:9e:39:24:84:3a:ca:81:ec:09:ca:df:d2:2c:4d:
                    19:b9:9c:58:ef:5a:89:aa:6c:91:b2:3f:42:69:cf:
                    4d:90:30:aa:9d:8f:7b:6b:f7:e0:e7:89:f8:8b:74:
                    b6:53:14:73:7c:f8:27:e8:05:68:a9:35:df:28:6c:
                    ae:c4:14:54:57:57:88:6c:f6:0f:61:1b:52:c8:f5:
                    0e:1c:c2:d4:4c:41:70:28:16:5c:71:ee:21:22:e2:
                    b5:a1:b5:91:f9:e6:ff:06:6a:80:88:76:a4:e7:fb:
                    7d:05:ff:06:ab:4e:da:b4:e1:06:a5:1f:a9:a1:32:
                    47:f7:e1:89:dd:24:91:92:eb:1f:6c:7a:ea:e8:da:
                    a2:7b:6c:9b:c9:33:fa:d8:da:8a:67:01:79:40:68:
                    bd:f4:ad:92:8c:52:d2:84:9d:41:a5:a0:0d:17:ff:
                    24:cc:3a:d7:9e:11:5e:74:95:ad:db:8d:40:3e:c1:
                    74:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:79:13:D8:7D:15:5B:D6:4F:D7:41:81:B9:DB:70:B0:F5:B1:53:89
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/9XkT2H0VW9ZP10GBudtwsPWxU4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2300::/40
                  2a0e:46c4:24a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:03:8f:20:e0:35:7b:1b:cd:96:4d:4b:15:23:46:d3:25:d6:
         0e:8d:49:e0:a5:2d:cd:2f:83:7e:20:d2:c7:79:39:3e:29:0e:
         1b:7b:b7:bb:78:f6:0b:70:be:bc:ab:4f:84:77:df:9d:cd:8d:
         ae:bd:61:69:45:e7:54:a3:b2:a8:ee:2f:d1:9c:e0:63:3a:7b:
         9e:39:be:c6:9f:07:c2:4a:c4:0c:a6:a3:77:f1:3e:77:87:6d:
         27:3f:58:f9:d9:5e:65:0f:80:a6:62:98:e2:23:25:d0:70:81:
         7b:57:2f:71:13:32:5d:84:5d:91:0d:e3:4b:09:27:d1:4b:59:
         1a:cb:00:d4:64:43:6b:9e:14:ba:82:e2:6a:30:59:9e:74:a6:
         6e:c2:34:a6:9f:9a:f5:b3:1a:b0:32:3b:cd:90:3e:e6:e5:2d:
         a9:14:dd:ce:40:69:91:27:2d:d2:2e:13:f1:75:3b:9a:3d:81:
         68:89:95:83:dc:37:d5:30:23:70:00:31:bb:28:d5:f6:8a:c5:
         c3:e3:91:08:fd:26:e7:20:51:15:97:95:31:72:98:99:16:10:
         1d:e7:97:6d:b3:eb:5d:a5:74:50:95:9e:26:f5:d6:57:0a:49:
         1b:a1:e1:b6:0b:7d:ed:2a:50:d2:1a:32:b7:d2:95:3e:59:79:
         bd:94:86:76
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzGS2GEvkKOM5SisZ1US50iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTc5MTNkODdkMTU1YmQ2NGZkNzQxODFiOWRiNzBiMGY1YjE1Mzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfeerZzFcE5GB+lQ9YNs/3gJz/Tg
t8kXw1xMembvHXNDfWdK0mROzSAXkum+2aT920+kKzsvWPjjtr8MIKH3eFc0GOS8
oeZ2t/blnjkkhDrKgewJyt/SLE0ZuZxY71qJqmyRsj9Cac9NkDCqnY97a/fg54n4
i3S2UxRzfPgn6AVoqTXfKGyuxBRUV1eIbPYPYRtSyPUOHMLUTEFwKBZcce4hIuK1
obWR+eb/BmqAiHak5/t9Bf8Gq07atOEGpR+poTJH9+GJ3SSRkusfbHrq6Nqie2yb
yTP62NqKZwF5QGi99K2SjFLShJ1BpaANF/8kzDrXnhFedJWt241APsF0zwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFPV5E9h9FVvWT9dBgbnbcLD1sVOJMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvOVhrVDJIMFZXOVpQMTBHQnVkdHdzUFd4VTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg5GxCMD
BwAqDkbEJKEwDQYJKoZIhvcNAQELBQADggEBAFkDjyDgNXsbzZZNSxUjRtMl1g6N
SeClLc0vg34g0sd5OT4pDht7t7t49gtwvryrT4R3353Nja69YWlF51SjsqjuL9Gc
4GM6e545vsafB8JKxAymo3fxPneHbSc/WPnZXmUPgKZimOIjJdBwgXtXL3ETMl2E
XZEN40sJJ9FLWRrLANRkQ2ueFLqC4mowWZ50pm7CNKafmvWzGrAyO82QPublLakU
3c5AaZEnLdIuE/F1O5o9gWiJlYPcN9UwI3AAMbso1faKxcPjkQj9JucgURWXlTFy
mJkWEB3nl22z612ldFCVnib11lcKSRuh4bYLfe0qUNIaMrfSlT5Zeb2UhnY=
-----END CERTIFICATE-----