Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/nK_B3-FLV0bP6Y2hENMckP7xj_k.roa
File:                     nK_B3-FLV0bP6Y2hENMckP7xj_k.roa (raw, json)
Hash identifier:          OPJNeVIECo28SF1LJdHL7pOK5lICwA3/BF27LCREoJo=
Subject key identifier:   9C:AF:C1:DF:E1:4B:57:46:CF:E9:8D:A1:10:D3:1C:90:FE:F1:8F:F9
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018CC6B932C2C21732F2AB41851D0606389F
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/nK_B3-FLV0bP6Y2hENMckP7xj_k.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147173
IP address blocks:        2a0e:da40:100::/40 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:32:c2:c2:17:32:f2:ab:41:85:1d:06:06:38:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cafc1dfe14b5746cfe98da110d31c90fef18ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a6:42:0a:d2:d3:66:ed:be:af:d1:c3:99:42:
                    de:a2:82:52:3d:e7:18:a4:ed:89:10:cf:d0:db:bd:
                    d1:9d:f0:f8:d5:2d:02:5a:c3:20:95:1b:68:81:7b:
                    ca:08:01:d3:00:28:1c:66:9b:17:6a:8e:df:de:87:
                    57:58:9e:47:90:88:bc:f2:f1:28:9a:42:81:f9:04:
                    67:6e:c3:2e:02:4c:a9:89:7d:b9:ed:e0:07:72:fc:
                    ed:6a:f3:f6:72:2e:f8:a3:43:9a:73:0f:a0:bb:cf:
                    29:97:04:93:f4:6a:f6:b8:b4:69:1b:28:26:c7:a5:
                    58:79:96:b4:1f:33:1d:c8:24:11:21:9b:84:e7:95:
                    b6:6c:0f:da:88:75:db:00:f2:c4:ce:0f:37:e8:49:
                    4e:70:87:25:21:4c:8f:84:ed:37:c8:bb:74:74:80:
                    89:30:27:b6:5f:d6:21:51:08:11:16:ff:14:62:db:
                    e5:57:db:ae:bb:82:a8:f7:69:6b:ae:73:13:f1:04:
                    a1:fb:b9:97:61:70:a8:4a:c4:de:af:c8:64:1c:70:
                    a4:d6:04:59:1d:3b:d2:6b:7a:64:59:ff:8b:a5:0f:
                    8f:18:e8:79:b7:94:c1:90:d8:a5:c7:5a:c1:8c:f3:
                    a0:8c:6a:13:35:08:38:ae:b6:4f:9c:67:3b:db:bf:
                    66:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:AF:C1:DF:E1:4B:57:46:CF:E9:8D:A1:10:D3:1C:90:FE:F1:8F:F9
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/nK_B3-FLV0bP6Y2hENMckP7xj_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:da40:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:9f:ac:0f:15:81:41:32:bf:6e:17:e5:16:c2:81:fb:b4:af:
         10:12:3c:07:09:cf:1a:38:73:ef:81:77:5f:64:46:62:53:f4:
         e5:16:ca:d4:1b:d0:25:9a:09:6b:f6:c9:8c:93:b1:62:9a:c1:
         eb:e9:6a:a6:30:fa:9e:40:2b:87:07:29:fd:34:d7:3a:ea:09:
         c5:ae:9e:d9:a4:7c:9d:24:5b:3a:1f:65:c9:14:6a:83:e1:26:
         d2:5e:23:f4:ee:91:fd:b7:c3:52:25:a4:44:78:f8:61:d9:be:
         06:dc:3c:59:f9:87:32:67:4a:c0:1a:1c:2a:6c:a5:6f:00:e5:
         fe:c0:18:31:d5:b3:d5:c4:11:de:21:d0:4e:fa:4b:b1:52:d3:
         9c:67:1b:3f:1d:21:c2:c5:77:8b:5f:23:ae:03:d3:5e:73:94:
         d0:aa:91:37:56:ee:b3:35:48:95:31:ea:c0:ee:2c:a4:97:24:
         36:15:15:4e:6e:43:c3:49:06:c8:f8:e8:ab:2c:33:7f:9f:06:
         e4:1f:5a:0a:76:47:aa:ff:a9:12:3a:23:13:1c:36:43:60:88:
         8e:ea:43:a9:52:5b:da:1d:68:af:a8:a7:a5:9e:a7:40:9c:fd:
         83:c2:ec:f8:1f:e5:5e:c3:08:c0:e8:05:82:92:b0:4d:a5:d7:
         f9:1a:d7:47
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuTLCwhcy8qtBhR0GBjifMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2FmYzFkZmUxNGI1NzQ2Y2ZlOThkYTExMGQzMWM5MGZlZjE4ZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6ZCCtLTZu2+r9HDmULeooJSPecY
pO2JEM/Q273RnfD41S0CWsMglRtogXvKCAHTACgcZpsXao7f3odXWJ5HkIi88vEo
mkKB+QRnbsMuAkypiX257eAHcvztavP2ci74o0Oacw+gu88plwST9Gr2uLRpGygm
x6VYeZa0HzMdyCQRIZuE55W2bA/aiHXbAPLEzg836ElOcIclIUyPhO03yLt0dICJ
MCe2X9YhUQgRFv8UYtvlV9uuu4Ko92lrrnMT8QSh+7mXYXCoSsTer8hkHHCk1gRZ
HTvSa3pkWf+LpQ+PGOh5t5TBkNilx1rBjPOgjGoTNQg4rrZPnGc7279mzQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJyvwd/hS1dGz+mNoRDTHJD+8Y/5MB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvbktfQjMtRkxWMGJQNlkyaEVOTWNrUDd4al9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg7aQAEw
DQYJKoZIhvcNAQELBQADggEBAJCfrA8VgUEyv24X5RbCgfu0rxASPAcJzxo4c++B
d19kRmJT9OUWytQb0CWaCWv2yYyTsWKawevpaqYw+p5AK4cHKf001zrqCcWuntmk
fJ0kWzofZckUaoPhJtJeI/Tukf23w1IlpER4+GHZvgbcPFn5hzJnSsAaHCpspW8A
5f7AGDHVs9XEEd4h0E76S7FS05xnGz8dIcLFd4tfI64D015zlNCqkTdW7rM1SJUx
6sDuLKSXJDYVFU5uQ8NJBsj46KssM3+fBuQfWgp2R6r/qRI6IxMcNkNgiI7qQ6lS
W9odaK+op6Wep0Cc/YPC7Pgf5V7DCMDoBYKSsE2l1/ka10c=
-----END CERTIFICATE-----