Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/DgK8esd9QgPl7eewefCLJABxc4k.roa
File:                     DgK8esd9QgPl7eewefCLJABxc4k.roa (raw, json)
Hash identifier:          hmsuJz0tE/YLIW7bs1P+TOa90oDLgMjdsyO1MlO+bDg=
Subject key identifier:   0E:02:BC:7A:C7:7D:42:03:E5:ED:E7:B0:79:F0:8B:24:00:71:73:89
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B69D507A439327C470C3C57EF7778
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/DgK8esd9QgPl7eewefCLJABxc4k.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213392
IP address blocks:        2a0e:46c3:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:69:d5:07:a4:39:32:7c:47:0c:3c:57:ef:77:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e02bc7ac77d4203e5ede7b079f08b2400717389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3b:e6:5f:d3:4c:fe:2e:27:46:17:d3:78:df:
                    3b:dd:cb:47:ac:42:9a:b0:d7:31:19:29:56:2d:d4:
                    a5:e9:c7:bf:72:91:f6:ab:d6:62:6e:c2:7b:8b:f7:
                    46:45:2c:25:53:bd:9b:32:04:86:c5:0d:3c:d9:16:
                    73:10:2a:49:1e:15:4b:dc:9e:8c:92:bb:23:84:90:
                    03:11:d8:54:c8:c9:a2:6b:ba:31:96:8c:27:c5:88:
                    8a:9d:c0:cd:38:0a:e4:b7:75:f2:d1:af:8a:61:31:
                    25:d8:31:ea:c3:6e:ee:67:ee:ee:32:e0:21:20:75:
                    5f:97:af:b9:65:89:25:17:ef:e1:5a:07:21:73:c8:
                    bf:73:46:b6:5d:d2:c9:6f:ce:d1:44:2e:1f:b4:79:
                    31:ed:b6:cb:e0:34:22:a2:2c:fb:d8:21:26:1d:81:
                    c3:44:e6:57:ba:e6:f9:d7:53:f2:c3:e8:b3:46:eb:
                    4d:7f:75:68:b6:18:38:f0:7f:7c:b6:c4:11:f9:70:
                    d7:9b:ff:95:63:6a:81:0f:6c:8c:62:4f:dd:ce:f4:
                    af:8f:f5:a8:84:65:a6:44:89:88:49:76:28:ed:d4:
                    5a:ca:dd:26:f0:d6:d0:96:43:f2:db:93:83:8c:ff:
                    bf:ce:bd:21:93:51:6c:22:0f:83:fd:7a:30:0c:99:
                    4e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:02:BC:7A:C7:7D:42:03:E5:ED:E7:B0:79:F0:8B:24:00:71:73:89
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/DgK8esd9QgPl7eewefCLJABxc4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c3:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         12:d8:2d:53:5c:4d:ed:71:81:c4:51:3e:13:b2:08:6f:d2:97:
         ce:fc:30:ad:45:fa:a9:ea:f9:ad:1d:65:c5:6e:bd:42:75:7d:
         35:6d:6e:1d:72:e8:0e:a5:25:a4:8a:fb:ae:f5:98:05:66:38:
         55:3d:bb:9e:fc:49:73:f8:1f:6e:15:c0:cc:00:d5:7b:20:2e:
         18:c6:32:e9:2e:c1:94:7a:de:36:0c:e6:67:0b:40:85:72:22:
         ab:b2:b2:45:ca:60:12:f7:85:79:17:9c:88:06:08:79:c4:de:
         e1:e5:a9:45:d0:b5:81:9e:16:94:f3:84:81:cc:23:cc:fa:e1:
         c1:90:50:36:2f:98:a6:d6:94:29:ca:fd:8d:70:8f:03:84:f1:
         05:d6:ba:5d:18:70:08:8d:37:d6:1c:fa:94:92:a7:42:59:51:
         db:8b:e1:f0:31:c3:4e:8b:f1:a3:1a:93:0a:ca:d1:a8:ba:bd:
         5f:76:9f:c6:d5:22:a4:41:38:81:a6:d4:bd:97:ec:26:8d:1d:
         c9:46:ca:0d:8c:53:63:f6:e9:6d:aa:68:30:d9:02:ea:d1:60:
         9f:30:07:9e:d3:6b:84:83:97:1c:2f:37:6c:71:5f:40:6e:33:
         63:a6:40:e4:ce:12:3a:cf:08:03:f7:6c:dd:ca:aa:47:ee:5e:
         6b:5d:90:52
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS2nVB6Q5MnxHDDxX73d4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTAyYmM3YWM3N2Q0MjAzZTVlZGU3YjA3OWYwOGIyNDAwNzE3Mzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTvmX9NM/i4nRhfTeN873ctHrEKa
sNcxGSlWLdSl6ce/cpH2q9ZibsJ7i/dGRSwlU72bMgSGxQ082RZzECpJHhVL3J6M
krsjhJADEdhUyMmia7oxlownxYiKncDNOArkt3Xy0a+KYTEl2DHqw27uZ+7uMuAh
IHVfl6+5ZYklF+/hWgchc8i/c0a2XdLJb87RRC4ftHkx7bbL4DQioiz72CEmHYHD
ROZXuub511Pyw+izRutNf3Vothg48H98tsQR+XDXm/+VY2qBD2yMYk/dzvSvj/Wo
hGWmRImISXYo7dRayt0m8NbQlkPy25ODjP+/zr0hk1FsIg+D/XowDJlOfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA4CvHrHfUID5e3nsHnwiyQAcXOJMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvRGdLOGVzZDlRZ1BsN2Vld2VmQ0xKQUJ4YzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg5Gwwgw
DQYJKoZIhvcNAQELBQADggEBABLYLVNcTe1xgcRRPhOyCG/Sl878MK1F+qnq+a0d
ZcVuvUJ1fTVtbh1y6A6lJaSK+671mAVmOFU9u578SXP4H24VwMwA1XsgLhjGMuku
wZR63jYM5mcLQIVyIquyskXKYBL3hXkXnIgGCHnE3uHlqUXQtYGeFpTzhIHMI8z6
4cGQUDYvmKbWlCnK/Y1wjwOE8QXWul0YcAiNN9Yc+pSSp0JZUduL4fAxw06L8aMa
kwrK0ai6vV92n8bVIqRBOIGm1L2X7CaNHclGyg2MU2P26W2qaDDZAurRYJ8wB57T
a4SDlxwvN2xxX0BuM2OmQOTOEjrPCAP3bN3KqkfuXmtdkFI=
-----END CERTIFICATE-----