Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/ptTJW3Gbn3KkloBTWMPFHwUFmsI.roa
File:                     ptTJW3Gbn3KkloBTWMPFHwUFmsI.roa (raw, json)
Hash identifier:          RJOa/PGzN2eXuKFdtvvlPx3Gb66Z23+TEyic3bYfR/A=
Subject key identifier:   A6:D4:C9:5B:71:9B:9F:72:A4:96:80:53:58:C3:C5:1F:05:05:9A:C2
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B64F3FA1ADC7C06B7D2AD68397A1A
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/ptTJW3Gbn3KkloBTWMPFHwUFmsI.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137509
IP address blocks:        2a0e:46c4:2c20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:64:f3:fa:1a:dc:7c:06:b7:d2:ad:68:39:7a:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6d4c95b719b9f72a496805358c3c51f05059ac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:35:7c:6a:16:c5:51:f8:c5:c0:c2:f3:30:f6:
                    65:cc:9b:92:b5:00:7a:58:9b:c9:f6:f4:88:ed:c9:
                    35:80:89:41:fe:e6:86:9e:06:c8:8e:1b:e7:4e:69:
                    1d:42:a2:41:b1:85:ff:bd:16:66:f4:02:64:e5:90:
                    a7:d0:f4:f6:eb:cf:de:28:3c:90:91:8a:8e:33:73:
                    b2:ed:26:2a:fe:ec:e2:c4:33:5d:df:64:f8:a9:93:
                    34:48:86:d7:85:3f:fb:00:b7:ff:a0:ef:9f:b1:19:
                    03:11:c1:14:f8:55:84:fa:ae:57:13:2c:93:9f:15:
                    f9:ad:4f:ca:35:04:fa:49:2e:b9:d9:ad:07:f4:62:
                    33:47:67:37:60:97:14:5d:27:e2:ea:2e:86:92:78:
                    3a:0d:9c:e5:41:a7:d0:98:a4:59:c8:4d:01:40:c7:
                    f4:1f:26:86:4b:3e:67:18:7a:72:c4:74:2c:00:74:
                    b2:d5:b6:0b:7a:0d:23:cb:b0:e0:4d:5b:eb:84:a5:
                    90:52:05:84:57:2b:39:ad:8e:a9:01:ab:3a:66:9c:
                    e7:77:c8:f1:4d:0d:67:1e:f0:b1:a2:41:85:47:da:
                    02:79:31:95:6f:de:3e:bb:c4:94:32:81:e0:a7:bf:
                    99:24:a3:07:34:8d:ac:a1:81:59:ac:db:84:8c:67:
                    a3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D4:C9:5B:71:9B:9F:72:A4:96:80:53:58:C3:C5:1F:05:05:9A:C2
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/ptTJW3Gbn3KkloBTWMPFHwUFmsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2c20::/44

    Signature Algorithm: sha256WithRSAEncryption
         69:6e:81:cd:6f:df:09:cf:7d:51:67:c8:ee:da:ee:4c:95:a9:
         a7:28:4e:7a:8a:3a:7e:1d:65:51:3d:66:af:39:f8:1a:88:15:
         c8:17:57:f3:9a:21:1c:a5:83:54:03:5e:59:2b:66:0c:16:0a:
         16:b2:fb:80:ce:62:36:46:0b:d3:04:78:ca:a7:a0:bf:b0:f3:
         f5:e4:b5:13:bc:a5:6c:ec:dc:34:f8:4e:33:21:7d:da:fd:69:
         4c:ac:c8:d7:cf:26:fb:96:80:15:e9:22:f2:1b:8d:fe:64:73:
         61:3a:3b:22:11:3f:90:e3:1b:04:94:f4:7a:80:6c:3e:b2:c9:
         8c:dd:2c:f6:ff:00:0a:95:63:99:99:a9:f2:ea:be:a7:64:d2:
         52:59:4a:69:68:2d:5f:d9:ae:30:db:3a:78:ab:4d:39:cb:97:
         eb:60:73:b2:53:d6:7d:42:80:3d:0d:0a:a3:77:1f:d1:c5:7c:
         c8:46:fd:58:6d:ea:b9:26:84:93:1b:d3:ac:8b:ca:8e:33:68:
         06:ec:87:dd:f2:27:b4:78:b5:f5:86:85:9f:09:04:30:9f:0c:
         f1:7e:87:0c:b7:53:ea:83:56:c5:25:66:05:6d:a3:ff:e3:d5:
         96:46:54:1e:7e:e3:4e:8a:02:c2:34:aa:a3:fd:83:60:bf:fc:
         1a:90:ae:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS2Tz+hrcfAa30q1oOXoaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmQ0Yzk1YjcxOWI5ZjcyYTQ5NjgwNTM1OGMzYzUxZjA1MDU5YWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTV8ahbFUfjFwMLzMPZlzJuStQB6
WJvJ9vSI7ck1gIlB/uaGngbIjhvnTmkdQqJBsYX/vRZm9AJk5ZCn0PT268/eKDyQ
kYqOM3Oy7SYq/uzixDNd32T4qZM0SIbXhT/7ALf/oO+fsRkDEcEU+FWE+q5XEyyT
nxX5rU/KNQT6SS652a0H9GIzR2c3YJcUXSfi6i6Gkng6DZzlQafQmKRZyE0BQMf0
HyaGSz5nGHpyxHQsAHSy1bYLeg0jy7DgTVvrhKWQUgWEVys5rY6pAas6Zpznd8jx
TQ1nHvCxokGFR9oCeTGVb94+u8SUMoHgp7+ZJKMHNI2soYFZrNuEjGejhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKbUyVtxm59ypJaAU1jDxR8FBZrCMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvcHRUSlczR2JuM0trbG9CVFdNUEZId1VGbXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg5GxCwg
MA0GCSqGSIb3DQEBCwUAA4IBAQBpboHNb98Jz31RZ8ju2u5MlamnKE56ijp+HWVR
PWavOfgaiBXIF1fzmiEcpYNUA15ZK2YMFgoWsvuAzmI2RgvTBHjKp6C/sPP15LUT
vKVs7Nw0+E4zIX3a/WlMrMjXzyb7loAV6SLyG43+ZHNhOjsiET+Q4xsElPR6gGw+
ssmM3Sz2/wAKlWOZmany6r6nZNJSWUppaC1f2a4w2zp4q005y5frYHOyU9Z9QoA9
DQqjdx/RxXzIRv1Ybeq5JoSTG9Osi8qOM2gG7Ifd8ie0eLX1hoWfCQQwnwzxfocM
t1Pqg1bFJWYFbaP/49WWRlQefuNOigLCNKqj/YNgv/wakK4J
-----END CERTIFICATE-----