Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/uZz4TDumVqkrTuFirdctLyTxnx4.roa
File:                     uZz4TDumVqkrTuFirdctLyTxnx4.roa (raw, json)
Hash identifier:          nmoiCb9vZStBwVqo8Bc5iMb5wSnzo6eANG1zIFBWPVQ=
Subject key identifier:   B9:9C:F8:4C:3B:A6:56:A9:2B:4E:E1:62:AD:D7:2D:2F:24:F1:9F:1E
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B68F3019C5A130066F130848F13B0
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/uZz4TDumVqkrTuFirdctLyTxnx4.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212008
IP address blocks:        2a0e:46c4:2300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:68:f3:01:9c:5a:13:00:66:f1:30:84:8f:13:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b99cf84c3ba656a92b4ee162add72d2f24f19f1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c1:47:f6:5c:5d:7f:88:dd:d7:db:1b:a2:0f:
                    84:fa:37:26:a2:c9:08:7a:36:35:27:c8:ae:ab:0e:
                    73:24:24:fe:20:0c:74:60:22:57:57:b1:8d:e5:16:
                    39:0d:26:87:e7:17:eb:a7:78:06:e8:27:bf:5c:27:
                    ef:b9:42:c3:4a:4e:20:63:10:70:60:14:c9:f4:6e:
                    aa:fb:43:25:b5:3b:a3:be:96:a7:e4:63:dd:68:14:
                    06:02:56:3d:cb:0f:9e:6b:45:0b:95:1f:ef:39:29:
                    21:81:02:31:9f:c6:d6:5e:27:d3:70:d0:4d:73:12:
                    c0:d2:fd:47:1d:70:07:94:fb:bf:76:29:57:aa:82:
                    c8:3e:1b:b2:c7:1a:74:c0:05:a8:2e:84:34:a0:56:
                    43:9c:53:e1:d3:5c:50:41:e4:a2:7a:43:70:c6:5b:
                    7b:5f:4f:18:a4:cf:d5:15:cf:ff:ce:54:b9:2d:e9:
                    f9:12:45:66:0b:f1:5b:02:75:e2:1c:51:f2:99:0b:
                    54:af:0d:14:86:98:55:de:d5:ea:94:0b:ce:f9:ed:
                    55:ff:82:c4:9f:19:d9:d8:b4:64:91:55:7d:77:f4:
                    1e:17:0f:44:9b:f3:87:07:a6:50:d8:d2:c6:16:c5:
                    34:51:ab:06:bb:44:8b:6a:fa:20:9c:94:91:61:6a:
                    ac:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:9C:F8:4C:3B:A6:56:A9:2B:4E:E1:62:AD:D7:2D:2F:24:F1:9F:1E
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/uZz4TDumVqkrTuFirdctLyTxnx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2300::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:04:ca:bc:77:1a:0a:d4:3c:43:92:61:64:f9:93:1b:eb:6f:
         56:36:35:96:1f:f0:da:28:10:26:63:c4:4a:8f:8f:f3:4b:0c:
         9a:0e:51:eb:2c:1b:df:10:ef:7a:77:94:2c:35:c1:27:f7:31:
         d8:d9:38:5a:0f:56:d4:86:90:8b:dd:74:a2:24:95:78:bf:fd:
         5a:00:fe:a0:a9:c7:cd:29:3d:c9:99:7b:10:3a:25:b4:54:15:
         53:7c:88:67:35:3a:c3:ba:f5:c0:32:6f:f0:6f:c5:50:2c:36:
         7f:d3:6e:2c:d1:f7:f2:4e:d0:47:f6:dd:f8:ce:bc:0c:4e:f0:
         0a:2a:c9:7a:3e:c6:b7:5d:3d:41:e6:03:6a:20:34:ce:dc:e8:
         d0:c7:ce:c6:f2:d6:72:0e:87:71:4e:ed:6b:4d:09:1a:f2:d3:
         f6:22:fb:b5:3c:08:f7:12:5f:1b:84:d5:f0:73:15:69:47:88:
         3c:b6:77:2a:80:bd:94:66:ff:9a:89:44:44:35:70:7a:5e:d6:
         0d:bc:cb:f3:fc:17:b6:33:1c:ba:a6:60:06:11:11:ad:fd:06:
         58:39:91:5f:2e:0c:43:91:92:8f:3e:7c:39:5f:45:98:e0:4e:
         62:43:6a:1a:a9:b2:49:15:46:30:4d:0e:43:2a:76:d2:ee:de:
         ab:86:80:b0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS2jzAZxaEwBm8TCEjxOwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTljZjg0YzNiYTY1NmE5MmI0ZWUxNjJhZGQ3MmQyZjI0ZjE5ZjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosFH9lxdf4jd19sbog+E+jcmoskI
ejY1J8iuqw5zJCT+IAx0YCJXV7GN5RY5DSaH5xfrp3gG6Ce/XCfvuULDSk4gYxBw
YBTJ9G6q+0MltTujvpan5GPdaBQGAlY9yw+ea0ULlR/vOSkhgQIxn8bWXifTcNBN
cxLA0v1HHXAHlPu/dilXqoLIPhuyxxp0wAWoLoQ0oFZDnFPh01xQQeSiekNwxlt7
X08YpM/VFc//zlS5Len5EkVmC/FbAnXiHFHymQtUrw0UhphV3tXqlAvO+e1V/4LE
nxnZ2LRkkVV9d/QeFw9Em/OHB6ZQ2NLGFsU0UasGu0SLavognJSRYWqsPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLmc+Ew7plapK07hYq3XLS8k8Z8eMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvdVp6NFREdW1WcWtyVHVGaXJkY3RMeVR4bng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg5GxCMw
DQYJKoZIhvcNAQELBQADggEBADgEyrx3GgrUPEOSYWT5kxvrb1Y2NZYf8NooECZj
xEqPj/NLDJoOUessG98Q73p3lCw1wSf3MdjZOFoPVtSGkIvddKIklXi//VoA/qCp
x80pPcmZexA6JbRUFVN8iGc1OsO69cAyb/BvxVAsNn/TbizR9/JO0Ef23fjOvAxO
8AoqyXo+xrddPUHmA2ogNM7c6NDHzsby1nIOh3FO7WtNCRry0/Yi+7U8CPcSXxuE
1fBzFWlHiDy2dyqAvZRm/5qJREQ1cHpe1g28y/P8F7YzHLqmYAYREa39Blg5kV8u
DEORko8+fDlfRZjgTmJDahqpskkVRjBNDkMqdtLu3quGgLA=
-----END CERTIFICATE-----