Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/dlQV75OnuBNgozQjPwqG5aodaYw.roa
File:                     dlQV75OnuBNgozQjPwqG5aodaYw.roa (raw, json)
Hash identifier:          16FKew/IxBb6CS+fmVyyC6cD9CnduWjykB+LKiN+jO4=
Subject key identifier:   76:54:15:EF:93:A7:B8:13:60:A3:34:23:3F:0A:86:E5:AA:1D:69:8C
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B62E6F47F1D9EFFA213D1278293FC
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/dlQV75OnuBNgozQjPwqG5aodaYw.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57183
IP address blocks:        2a0e:46c6:900::/40 maxlen: 40
                          2a0e:46c0::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:62:e6:f4:7f:1d:9e:ff:a2:13:d1:27:82:93:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=765415ef93a7b81360a334233f0a86e5aa1d698c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d6:3b:23:f4:2b:66:6e:f3:9c:77:4b:9e:45:
                    f4:7d:5f:cf:f6:95:bd:9e:cc:d6:29:68:85:d4:09:
                    2a:31:e3:2e:89:c0:34:8e:bd:6b:e1:ec:10:f2:50:
                    c8:ee:03:d1:a2:77:af:ae:d6:98:ef:3d:37:18:b6:
                    31:18:d3:7d:bf:4c:ef:d4:aa:2e:0f:91:5e:15:34:
                    15:5c:52:16:db:9a:d2:70:d3:6e:f4:b3:18:69:b6:
                    40:e4:e2:c0:9a:25:a9:ab:73:6b:fb:b4:02:d5:4b:
                    4c:68:3d:89:3e:c1:7f:0b:5c:f2:fd:cc:e2:7d:54:
                    9e:b0:9f:47:3c:0c:be:46:6d:0c:cf:73:7f:32:ab:
                    b3:ce:6b:84:ad:b3:44:88:66:c9:c6:4d:ca:27:eb:
                    81:a9:dc:06:21:ee:ac:1a:aa:e8:a3:8e:b3:4b:88:
                    91:f6:ed:29:52:ed:a2:bd:bb:eb:9c:c6:70:46:8e:
                    b3:93:38:47:e8:b0:39:8e:70:1d:bf:ec:20:3e:d8:
                    d6:25:b9:b3:fd:be:8f:3a:2b:65:7c:73:c0:66:db:
                    5a:47:5a:2d:91:21:60:43:82:53:bb:76:c9:e4:2e:
                    22:f5:c3:94:49:2b:c3:96:c6:16:11:2a:d4:f5:f8:
                    65:58:71:3d:68:c6:c4:69:74:47:83:8a:43:e0:c4:
                    02:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:54:15:EF:93:A7:B8:13:60:A3:34:23:3F:0A:86:E5:AA:1D:69:8C
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/dlQV75OnuBNgozQjPwqG5aodaYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c0::/31
                  2a0e:46c6:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:2d:a7:44:92:bc:07:e2:b3:f8:ca:44:3c:49:8b:0d:fb:c3:
         2b:11:35:cc:dd:06:29:f0:25:b6:b1:3c:96:f6:95:8c:61:d6:
         ac:39:c9:14:9e:11:32:28:25:e0:0e:eb:0b:33:3f:c0:5f:3e:
         f5:64:58:2c:5a:3f:56:e2:ee:bf:bd:19:11:d0:25:46:14:58:
         bb:19:f4:5f:c7:32:08:93:ae:2a:f0:3e:f6:0d:33:b4:10:43:
         8e:ad:69:09:6a:ff:c6:89:ee:31:5f:2a:ef:c2:f8:8e:0a:9c:
         8a:01:60:e1:d5:8c:38:c1:be:a6:34:0c:3a:60:67:27:54:df:
         44:f8:8f:2d:55:b0:72:6d:42:81:8e:19:1c:7d:a2:0e:fe:70:
         6f:da:1a:6b:39:60:8b:b4:25:bb:7b:33:96:6f:5e:b5:4a:e5:
         27:e9:ff:26:84:a0:f7:eb:a9:62:2c:8a:1a:c8:e9:ac:5a:49:
         5f:27:36:da:5e:ac:6c:77:bd:7e:33:52:0b:de:08:9e:04:fe:
         d5:fa:70:b8:68:80:ec:35:d2:b1:31:aa:39:c7:61:f1:65:d8:
         26:d2:76:4c:65:31:23:0a:95:c9:78:51:3b:58:4a:ba:ba:c5:
         9e:a5:94:19:5d:94:eb:1a:86:99:8b:9a:66:a7:cf:bc:2b:1e:
         4f:55:93:b9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAYzGS2Lm9H8dnv+iE9EngpP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjU0MTVlZjkzYTdiODEzNjBhMzM0MjMzZjBhODZlNWFhMWQ2OThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNY7I/QrZm7znHdLnkX0fV/P9pW9
nszWKWiF1AkqMeMuicA0jr1r4ewQ8lDI7gPRonevrtaY7z03GLYxGNN9v0zv1Kou
D5FeFTQVXFIW25rScNNu9LMYabZA5OLAmiWpq3Nr+7QC1UtMaD2JPsF/C1zy/czi
fVSesJ9HPAy+Rm0Mz3N/MquzzmuErbNEiGbJxk3KJ+uBqdwGIe6sGqroo46zS4iR
9u0pUu2ivbvrnMZwRo6zkzhH6LA5jnAdv+wgPtjWJbmz/b6POitlfHPAZttaR1ot
kSFgQ4JTu3bJ5C4i9cOUSSvDlsYWESrU9fhlWHE9aMbEaXRHg4pD4MQCmwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFHZUFe+Tp7gTYKM0Iz8KhuWqHWmMMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvZGxRVjc1T251Qk5nb3pRalB3cUc1YW9kYVl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwUBKg5GwAMG
ACoORsYJMA0GCSqGSIb3DQEBCwUAA4IBAQBdLadEkrwH4rP4ykQ8SYsN+8MrETXM
3QYp8CW2sTyW9pWMYdasOckUnhEyKCXgDusLMz/AXz71ZFgsWj9W4u6/vRkR0CVG
FFi7GfRfxzIIk64q8D72DTO0EEOOrWkJav/Gie4xXyrvwviOCpyKAWDh1Yw4wb6m
NAw6YGcnVN9E+I8tVbBybUKBjhkcfaIO/nBv2hprOWCLtCW7ezOWb161SuUn6f8m
hKD366liLIoayOmsWklfJzbaXqxsd71+M1IL3gieBP7V+nC4aIDsNdKxMao5x2Hx
Zdgm0nZMZTEjCpXJeFE7WEq6usWepZQZXZTrGoaZi5pmp8+8Kx5PVZO5
-----END CERTIFICATE-----