Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Ap95SaLiiFP5D0tWbu7OhXNwqKo.roa
File:                     Ap95SaLiiFP5D0tWbu7OhXNwqKo.roa (raw, json)
Hash identifier:          pMAjW+olMdvwBHXRjHVce5P4Silbp8+KKpuWkQ85oQY=
Subject key identifier:   02:9F:79:49:A2:E2:88:53:F9:0F:4B:56:6E:EE:CE:85:73:70:A8:AA
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC71C5975FA0653611E6BBF28875A8
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Ap95SaLiiFP5D0tWbu7OhXNwqKo.roa
Signing time:             Tue 02 Jan 2024 10:33:39 +0000
ROA not before:           Tue 02 Jan 2024 10:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210281
IP address blocks:        2a0d:f407:1033::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:71:c5:97:5f:a0:65:36:11:e6:bb:f2:88:75:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=029f7949a2e28853f90f4b566eeece857370a8aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e4:15:26:78:d9:82:10:68:cb:d6:73:5e:f2:
                    70:28:a2:3e:67:28:e0:d9:4a:43:5c:7e:21:8c:2d:
                    07:d0:fd:45:85:57:c8:7d:65:3e:b4:32:d4:04:17:
                    12:d7:56:b1:16:00:c1:a3:63:28:14:18:47:2d:85:
                    e4:b2:76:59:70:4e:50:97:65:41:af:83:a5:c3:20:
                    8c:f9:7c:32:c6:b4:ad:81:3c:08:4d:4b:55:d7:01:
                    1f:97:5d:e3:77:2f:0f:3a:c1:f4:77:33:d5:87:c9:
                    d5:57:c0:cd:08:ae:45:c4:1a:52:9d:61:d9:50:a4:
                    d0:d6:b2:b3:aa:f9:6f:c4:0b:8d:09:59:e4:80:78:
                    6c:c9:66:75:be:38:08:d0:3c:57:54:1f:84:07:53:
                    8b:fb:1b:13:81:da:c4:59:96:b5:7d:24:1f:13:a2:
                    23:d3:a2:32:5e:c8:4d:fb:0d:c7:71:f8:c3:bc:ca:
                    d8:1d:00:8e:c2:d5:c8:84:50:4c:d0:26:5f:0c:6b:
                    55:98:16:7a:b6:38:8d:86:d8:94:ec:71:44:2e:d7:
                    0f:b2:fc:23:8d:9e:bf:7a:0f:ef:f5:68:41:a4:82:
                    75:6c:17:61:98:63:3c:9d:0e:60:91:ec:21:bf:37:
                    9e:a7:df:41:66:ba:84:86:6c:32:40:0b:bc:66:dc:
                    e7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:9F:79:49:A2:E2:88:53:F9:0F:4B:56:6E:EE:CE:85:73:70:A8:AA
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Ap95SaLiiFP5D0tWbu7OhXNwqKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1033::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:8f:db:f2:7e:7d:7a:81:97:49:96:c4:ef:7f:87:13:fe:50:
         3f:94:78:e0:22:84:3e:7f:6c:02:7e:7d:13:d9:38:fd:5b:d5:
         2c:90:c9:7d:2f:84:cc:b4:31:bc:f4:4a:e6:d2:48:7d:d7:d6:
         f7:20:cf:a4:c8:37:71:37:77:15:56:47:ea:3b:aa:00:9d:26:
         1e:bb:90:2b:ff:f7:06:85:68:4b:60:c0:3c:6d:5e:b6:b6:e6:
         73:ab:02:40:9f:77:75:c3:87:31:83:33:b9:7b:da:b1:3a:7e:
         aa:5c:de:50:b5:51:13:da:bf:b3:84:80:55:05:6a:04:9b:ae:
         c8:4b:8c:9c:29:61:96:02:2b:61:a0:09:3f:99:27:63:d5:35:
         4e:93:1f:e3:b4:10:6f:b9:4e:6e:9e:8d:2f:74:b8:a7:06:4e:
         a4:9f:0c:12:38:30:54:c5:67:31:f0:2a:71:4d:12:4f:ee:27:
         8a:17:e5:fb:9a:1e:34:fb:12:d2:3f:08:44:77:48:82:7d:3c:
         43:cf:19:2c:01:2b:bb:96:d7:22:fc:69:71:50:31:35:b6:a3:
         8e:09:2e:fa:68:50:6c:a4:a9:87:49:64:97:e9:2e:da:43:b7:
         9c:a4:fe:3c:bd:8f:05:17:6d:03:05:2e:a9:4d:f2:99:c6:0c:
         40:5e:8b:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvHHFl1+gZTYR5rvyiHWoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjlmNzk0OWEyZTI4ODUzZjkwZjRiNTY2ZWVlY2U4NTczNzBhOGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOQVJnjZghBoy9ZzXvJwKKI+Zyjg
2UpDXH4hjC0H0P1FhVfIfWU+tDLUBBcS11axFgDBo2MoFBhHLYXksnZZcE5Ql2VB
r4OlwyCM+XwyxrStgTwITUtV1wEfl13jdy8POsH0dzPVh8nVV8DNCK5FxBpSnWHZ
UKTQ1rKzqvlvxAuNCVnkgHhsyWZ1vjgI0DxXVB+EB1OL+xsTgdrEWZa1fSQfE6Ij
06IyXshN+w3HcfjDvMrYHQCOwtXIhFBM0CZfDGtVmBZ6tjiNhtiU7HFELtcPsvwj
jZ6/eg/v9WhBpIJ1bBdhmGM8nQ5gkewhvzeep99BZrqEhmwyQAu8ZtznNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAKfeUmi4ohT+Q9LVm7uzoVzcKiqMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvQXA5NVNhTGlpRlA1RDB0V2J1N09oWE53cUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg30BxAz
MA0GCSqGSIb3DQEBCwUAA4IBAQB2j9vyfn16gZdJlsTvf4cT/lA/lHjgIoQ+f2wC
fn0T2Tj9W9UskMl9L4TMtDG89Erm0kh919b3IM+kyDdxN3cVVkfqO6oAnSYeu5Ar
//cGhWhLYMA8bV62tuZzqwJAn3d1w4cxgzO5e9qxOn6qXN5QtVET2r+zhIBVBWoE
m67IS4ycKWGWAithoAk/mSdj1TVOkx/jtBBvuU5uno0vdLinBk6knwwSODBUxWcx
8CpxTRJP7ieKF+X7mh40+xLSPwhEd0iCfTxDzxksASu7ltci/GlxUDE1tqOOCS76
aFBspKmHSWSX6S7aQ7ecpP48vY8FF20DBS6pTfKZxgxAXovq
-----END CERTIFICATE-----