Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/cFiGwvEn-4RAiXsHmJwkYRs4Z3o.roa
File:                     cFiGwvEn-4RAiXsHmJwkYRs4Z3o.roa (raw, json)
Hash identifier:          VIOpogHeSUrcasC7odIIEHcgU8YTmmjOL5CVtawRClU=
Subject key identifier:   70:58:86:C2:F1:27:FB:84:40:89:7B:07:98:9C:24:61:1B:38:67:7A
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B658E7FDBF0D55737125FC266FCFF
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/cFiGwvEn-4RAiXsHmJwkYRs4Z3o.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142289
IP address blocks:        2a0e:46c4:2c10::/44 maxlen: 48
                          2a0e:46c4:106::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 19:09:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:65:8e:7f:db:f0:d5:57:37:12:5f:c2:66:fc:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=705886c2f127fb8440897b07989c24611b38677a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:08:dd:cd:b5:cd:c9:5b:b3:86:13:32:ee:ff:
                    7a:bf:8f:de:16:e7:5d:cb:5d:a2:2f:56:8f:18:cb:
                    81:22:5a:9e:67:55:10:b0:5f:86:cf:fd:f4:6d:90:
                    b9:0d:47:7b:87:72:6c:9e:e2:78:9c:12:70:c5:72:
                    c6:b8:6f:66:55:3d:0a:b3:90:66:6c:28:ce:9d:dd:
                    bd:02:49:b8:a8:39:b9:a9:cb:f0:fb:85:07:0a:60:
                    8b:78:05:55:51:13:35:8e:55:03:c0:35:ce:a3:10:
                    40:77:47:a4:6a:b0:ec:82:9e:ed:fe:54:4a:95:1b:
                    9b:8f:e0:28:7d:d8:4d:11:d2:81:7b:99:72:49:c3:
                    45:25:5f:94:b0:07:21:5e:dd:b8:35:5e:9e:f1:d7:
                    63:4f:29:75:91:19:b3:ea:78:9d:37:b4:5c:65:be:
                    83:14:cc:db:ab:8d:80:ee:cc:ec:80:21:96:89:c3:
                    b2:29:da:e7:6a:22:3c:b0:f9:f0:96:6f:a8:24:5d:
                    2e:33:31:bd:e0:07:54:70:3c:08:50:e6:38:10:6a:
                    cc:a4:e1:55:3f:ca:cd:31:86:c5:6b:52:54:36:23:
                    af:01:cb:a8:2f:bc:11:97:f5:6e:f4:5e:e2:55:b2:
                    a1:4e:53:d1:2b:c9:a9:03:5d:8e:7f:5b:4d:38:72:
                    e9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:58:86:C2:F1:27:FB:84:40:89:7B:07:98:9C:24:61:1B:38:67:7A
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/cFiGwvEn-4RAiXsHmJwkYRs4Z3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:106::/48
                  2a0e:46c4:2c10::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:31:e1:54:f7:06:29:d9:50:81:b9:1c:39:6e:cf:17:3a:18:
         e9:22:2b:cc:c9:48:b0:78:32:6b:5c:b8:a0:33:b2:ac:e7:63:
         f1:91:6d:c5:48:e0:0c:4d:2e:b5:9a:0f:2c:6b:10:47:e0:e0:
         09:91:9c:1a:20:0f:98:bc:6d:5a:e3:52:bc:3b:3d:a5:43:f2:
         dc:94:c4:0a:a0:33:1c:e4:58:64:fe:af:45:9f:13:7e:0e:45:
         3f:39:65:b3:01:0e:bb:59:18:0c:74:45:15:6c:30:7d:2d:99:
         b0:ab:91:ce:da:c4:7b:ef:e0:17:47:17:cc:b8:56:4b:9c:db:
         0d:2e:b3:36:cf:01:32:d8:74:b1:c1:5d:b9:ae:12:75:62:31:
         fb:74:be:25:5b:0f:26:27:dc:99:83:c2:f6:f9:b9:4c:a9:bd:
         3d:e1:ff:3d:02:86:b5:63:14:5c:3d:4f:d3:07:ad:ce:ee:55:
         ca:0f:fd:e9:48:9d:15:ce:4a:1e:36:a9:36:a4:37:e7:67:c4:
         f4:94:08:04:1c:8f:0f:56:a4:41:8a:81:6f:d7:9d:7f:8a:1d:
         06:d8:60:17:de:28:fd:99:cb:69:59:1d:1b:5e:96:6e:5b:30:
         4b:07:c3:19:bf:0b:2e:2d:9f:b6:46:7a:5c:25:b2:e0:ef:10:
         0d:03:16:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGS2WOf9vw1Vc3El/CZvz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDU4ODZjMmYxMjdmYjg0NDA4OTdiMDc5ODljMjQ2MTFiMzg2NzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgjdzbXNyVuzhhMy7v96v4/eFudd
y12iL1aPGMuBIlqeZ1UQsF+Gz/30bZC5DUd7h3JsnuJ4nBJwxXLGuG9mVT0Ks5Bm
bCjOnd29Akm4qDm5qcvw+4UHCmCLeAVVURM1jlUDwDXOoxBAd0ekarDsgp7t/lRK
lRubj+AofdhNEdKBe5lyScNFJV+UsAchXt24NV6e8ddjTyl1kRmz6nidN7RcZb6D
FMzbq42A7szsgCGWicOyKdrnaiI8sPnwlm+oJF0uMzG94AdUcDwIUOY4EGrMpOFV
P8rNMYbFa1JUNiOvAcuoL7wRl/Vu9F7iVbKhTlPRK8mpA12Of1tNOHLpsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHBYhsLxJ/uEQIl7B5icJGEbOGd6MB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvY0ZpR3d2RW4tNFJBaVhzSG1Kd2tZUnM0WjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg5GxAEG
AwcEKg5GxCwQMA0GCSqGSIb3DQEBCwUAA4IBAQAIMeFU9wYp2VCBuRw5bs8XOhjp
IivMyUiweDJrXLigM7Ks52PxkW3FSOAMTS61mg8saxBH4OAJkZwaIA+YvG1a41K8
Oz2lQ/LclMQKoDMc5Fhk/q9FnxN+DkU/OWWzAQ67WRgMdEUVbDB9LZmwq5HO2sR7
7+AXRxfMuFZLnNsNLrM2zwEy2HSxwV25rhJ1YjH7dL4lWw8mJ9yZg8L2+blMqb09
4f89Aoa1YxRcPU/TB63O7lXKD/3pSJ0VzkoeNqk2pDfnZ8T0lAgEHI8PVqRBioFv
151/ih0G2GAX3ij9mctpWR0bXpZuWzBLB8MZvwsuLZ+2RnpcJbLg7xANAxbR
-----END CERTIFICATE-----