Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/ZdQ0dnM2KgIPqVQcIYkKaEvTsME.roa
File:                     ZdQ0dnM2KgIPqVQcIYkKaEvTsME.roa (raw, json)
Hash identifier:          wzUTiLbYojo2qSogLs6xGWRQIpokpDkLOWBvlKQ1C28=
Subject key identifier:   65:D4:34:76:73:36:2A:02:0F:A9:54:1C:21:89:0A:68:4B:D3:B0:C1
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B66A47E35545FCF89E7474B0691C6
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/ZdQ0dnM2KgIPqVQcIYkKaEvTsME.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147224
IP address blocks:        2a0e:46c4:2c43::/48 maxlen: 48
                          2a0e:46c4:2c42::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:66:a4:7e:35:54:5f:cf:89:e7:47:4b:06:91:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65d4347673362a020fa9541c21890a684bd3b0c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6d:10:d5:af:bc:02:20:9d:8a:6a:c2:33:1c:
                    ee:d7:a7:7c:d9:93:ba:24:bf:2c:97:bd:87:8c:e1:
                    a2:35:df:c6:eb:16:56:b1:b3:0f:7d:b9:ea:e7:d5:
                    e5:24:27:b5:df:c3:6d:19:9c:bb:e5:5c:58:e0:73:
                    76:72:a6:30:af:a7:e7:ff:a9:34:0d:92:6c:1c:b1:
                    e7:69:72:9f:54:50:00:5e:aa:ad:01:13:55:b8:f9:
                    0f:0b:d4:9c:4b:bc:ab:9e:48:dc:33:60:c4:f4:14:
                    e7:75:29:44:44:61:30:a3:1d:ec:de:12:ff:6c:43:
                    43:3b:1d:f4:d1:81:46:77:be:77:19:e8:55:3c:78:
                    37:03:dd:ba:67:fd:35:28:45:f5:81:3b:0e:01:a9:
                    b9:98:6f:78:51:43:a3:46:3f:5e:fd:89:d3:66:b6:
                    34:5b:3b:12:5a:56:82:d4:8d:a9:1b:b7:f2:36:ec:
                    70:96:22:0c:6b:f5:3d:2f:4f:d7:67:6f:2c:15:76:
                    05:ea:a2:7a:40:63:5b:ab:30:e9:3a:56:86:f4:f2:
                    14:e0:ab:53:7a:f9:d1:0c:b0:15:fe:41:be:92:60:
                    20:87:f4:e0:6c:4c:6c:bd:60:a0:e2:ec:78:fd:24:
                    bc:59:8b:53:f4:22:f4:4d:57:b8:ff:9f:6b:91:96:
                    23:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D4:34:76:73:36:2A:02:0F:A9:54:1C:21:89:0A:68:4B:D3:B0:C1
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/ZdQ0dnM2KgIPqVQcIYkKaEvTsME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2c42::/47

    Signature Algorithm: sha256WithRSAEncryption
         4c:00:b6:a0:b4:8f:bd:7d:5d:01:e8:61:45:69:91:b9:5e:f4:
         42:2e:f2:4b:fc:1c:da:43:87:55:3a:e3:4f:32:3e:2a:cf:dd:
         29:5c:f7:68:45:86:8c:d0:45:01:90:bb:b5:00:7d:91:d7:5c:
         a3:8f:a0:da:8f:a7:d3:db:21:5e:b1:c7:2c:29:7c:25:97:f7:
         52:5c:85:3d:ff:59:a2:5e:c2:52:ae:79:5a:3e:ca:ca:7a:3e:
         08:dc:48:ad:8c:06:66:dc:6f:c4:34:62:65:a5:82:78:0b:2a:
         cf:40:68:38:a7:25:22:79:02:b9:71:63:10:a7:c8:f8:8c:e0:
         3b:83:5b:b7:4b:c7:07:ef:dd:7d:13:4d:6e:a7:44:47:e6:79:
         c0:76:86:80:a8:cb:52:77:c6:bf:6d:ef:d5:19:9f:61:b7:0e:
         58:1b:33:9c:0c:5e:5c:e3:fd:ff:54:38:b4:77:f8:ef:72:4c:
         09:fd:dc:a5:8e:39:49:f8:c6:29:03:6f:e7:6d:86:95:4b:a0:
         68:c6:62:ac:62:1c:47:96:ed:09:8a:7d:e1:b9:60:65:fb:06:
         3f:d8:30:16:20:62:b2:f2:db:54:a9:b5:cb:91:9b:f9:dd:51:
         1a:8e:ce:7a:39:e1:35:cc:33:d2:5b:c8:41:69:70:f5:b1:5b:
         b3:d3:1e:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS2akfjVUX8+J50dLBpHGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQ0MzQ3NjczMzYyYTAyMGZhOTU0MWMyMTg5MGE2ODRiZDNiMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG0Q1a+8AiCdimrCMxzu16d82ZO6
JL8sl72HjOGiNd/G6xZWsbMPfbnq59XlJCe138NtGZy75VxY4HN2cqYwr6fn/6k0
DZJsHLHnaXKfVFAAXqqtARNVuPkPC9ScS7yrnkjcM2DE9BTndSlERGEwox3s3hL/
bENDOx300YFGd753GehVPHg3A926Z/01KEX1gTsOAam5mG94UUOjRj9e/YnTZrY0
WzsSWlaC1I2pG7fyNuxwliIMa/U9L0/XZ28sFXYF6qJ6QGNbqzDpOlaG9PIU4KtT
evnRDLAV/kG+kmAgh/TgbExsvWCg4ux4/SS8WYtT9CL0TVe4/59rkZYjPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGXUNHZzNioCD6lUHCGJCmhL07DBMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvWmRRMGRuTTJLZ0lQcVZRY0lZa0thRXZUc01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg5GxCxC
MA0GCSqGSIb3DQEBCwUAA4IBAQBMALagtI+9fV0B6GFFaZG5XvRCLvJL/BzaQ4dV
OuNPMj4qz90pXPdoRYaM0EUBkLu1AH2R11yjj6Daj6fT2yFesccsKXwll/dSXIU9
/1miXsJSrnlaPsrKej4I3EitjAZm3G/ENGJlpYJ4CyrPQGg4pyUieQK5cWMQp8j4
jOA7g1u3S8cH7919E01up0RH5nnAdoaAqMtSd8a/be/VGZ9htw5YGzOcDF5c4/3/
VDi0d/jvckwJ/dyljjlJ+MYpA2/nbYaVS6BoxmKsYhxHlu0Jin3huWBl+wY/2DAW
IGKy8ttUqbXLkZv53VEajs56OeE1zDPSW8hBaXD1sVuz0x42
-----END CERTIFICATE-----