Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/qSN79NLWEN1hpd8dvkO_HOk2gjY.roa
File:                     qSN79NLWEN1hpd8dvkO_HOk2gjY.roa (raw, json)
Hash identifier:          hLNQZMVsOxEzP8n+hQvUwpyocdqbaCjB7C6d4sqhaFk=
Subject key identifier:   A9:23:7B:F4:D2:D6:10:DD:61:A5:DF:1D:BE:43:BF:1C:E9:36:82:36
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B67D5EA855A474D87FF7715224716
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/qSN79NLWEN1hpd8dvkO_HOk2gjY.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210691
IP address blocks:        2a0e:46c4:1500::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:67:d5:ea:85:5a:47:4d:87:ff:77:15:22:47:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9237bf4d2d610dd61a5df1dbe43bf1ce9368236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:67:2d:ab:92:e2:4d:d4:76:af:a8:5a:35:c9:
                    74:79:c2:46:ce:ec:0e:2b:df:10:52:8c:46:92:09:
                    be:7b:14:e4:a2:12:20:19:96:fa:12:c6:93:f1:50:
                    28:c0:51:e8:32:e5:40:a7:2d:24:0b:b2:8c:29:71:
                    3e:c8:55:fb:44:62:71:b5:d2:a0:3d:fc:22:9f:fc:
                    61:65:56:63:48:64:a5:1c:09:e2:32:35:55:68:87:
                    e1:f1:6c:0c:2f:37:f8:c2:83:55:27:76:1f:48:db:
                    f7:e9:68:e5:09:9f:14:99:5e:d3:19:33:98:e2:f1:
                    e1:f0:ff:e9:d8:f8:91:66:7e:87:21:82:f3:63:85:
                    3d:27:50:bc:ee:95:65:10:f7:c4:86:3b:33:6a:ab:
                    82:ba:f3:4d:0d:95:5d:bb:56:ec:39:cc:aa:63:46:
                    86:13:25:0f:fe:1f:38:29:4e:de:b6:03:da:f2:d0:
                    d2:32:76:a8:4c:92:11:ff:3e:cb:46:e6:a1:ec:28:
                    4d:c4:d7:30:cc:98:6e:10:5b:02:22:b1:9f:01:69:
                    8b:24:62:ee:b6:aa:b9:c6:ef:a9:f3:d9:b8:71:03:
                    af:5e:51:86:77:32:e2:6b:2d:b8:04:ba:b7:94:7a:
                    c7:3d:1e:9e:25:04:ec:b2:3b:34:9b:db:25:ba:77:
                    66:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:23:7B:F4:D2:D6:10:DD:61:A5:DF:1D:BE:43:BF:1C:E9:36:82:36
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/qSN79NLWEN1hpd8dvkO_HOk2gjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:1500::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:75:11:2c:eb:3e:88:78:a2:9f:71:1a:af:4d:08:8f:71:7e:
         e2:ca:89:22:4f:53:7b:cf:3b:ba:82:d7:70:fb:63:47:14:a2:
         51:56:8e:ee:02:8f:b4:e3:85:e9:c4:36:fa:0b:33:e4:4a:cc:
         37:d1:6f:77:cc:70:39:2b:90:f7:6d:9c:26:28:d4:61:ec:25:
         cb:0d:cf:12:9a:ce:14:c8:54:12:70:1d:40:8c:5f:27:69:40:
         15:fc:5e:5f:0b:5d:25:75:be:f0:8c:7d:c2:79:cf:ec:12:18:
         d2:f0:cf:fa:42:b7:d8:f7:25:45:06:8c:9b:9e:16:be:d6:37:
         76:2d:23:61:58:f4:f9:1b:7f:6f:af:93:bb:0b:27:18:2f:89:
         8c:63:b1:f9:d9:5a:33:9c:31:31:40:c1:34:2a:f6:3c:95:fb:
         33:c9:81:db:f6:32:70:e7:56:9f:eb:08:64:0b:2d:0c:d1:64:
         05:d1:ef:50:b7:68:3b:49:d2:55:10:cf:09:79:86:cb:08:2c:
         7d:ad:15:b9:51:e4:1c:48:ca:28:aa:10:90:07:d2:c8:e0:5e:
         91:e8:ef:34:08:71:1f:d1:99:cd:7e:e0:96:df:ae:77:52:ea:
         c4:6c:b5:93:1e:55:3a:fb:28:ca:ca:ab:65:ee:3a:8c:ea:f9:
         42:f2:e3:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS2fV6oVaR02H/3cVIkcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIzN2JmNGQyZDYxMGRkNjFhNWRmMWRiZTQzYmYxY2U5MzY4MjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGctq5LiTdR2r6haNcl0ecJGzuwO
K98QUoxGkgm+exTkohIgGZb6EsaT8VAowFHoMuVApy0kC7KMKXE+yFX7RGJxtdKg
Pfwin/xhZVZjSGSlHAniMjVVaIfh8WwMLzf4woNVJ3YfSNv36WjlCZ8UmV7TGTOY
4vHh8P/p2PiRZn6HIYLzY4U9J1C87pVlEPfEhjszaquCuvNNDZVdu1bsOcyqY0aG
EyUP/h84KU7etgPa8tDSMnaoTJIR/z7LRuah7ChNxNcwzJhuEFsCIrGfAWmLJGLu
tqq5xu+p89m4cQOvXlGGdzLiay24BLq3lHrHPR6eJQTssjs0m9slundmHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKkje/TS1hDdYaXfHb5DvxzpNoI2MB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvcVNONzlOTFdFTjFocGQ4ZHZrT19IT2syZ2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg5GxBUA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVdREs6z6IeKKfcRqvTQiPcX7iyokiT1N7zzu6
gtdw+2NHFKJRVo7uAo+044XpxDb6CzPkSsw30W93zHA5K5D3bZwmKNRh7CXLDc8S
ms4UyFQScB1AjF8naUAV/F5fC10ldb7wjH3Cec/sEhjS8M/6QrfY9yVFBoybnha+
1jd2LSNhWPT5G39vr5O7CycYL4mMY7H52VoznDExQME0KvY8lfszyYHb9jJw51af
6whkCy0M0WQF0e9Qt2g7SdJVEM8JeYbLCCx9rRW5UeQcSMooqhCQB9LI4F6R6O80
CHEf0ZnNfuCW3653UurEbLWTHlU6+yjKyqtl7jqM6vlC8uMn
-----END CERTIFICATE-----