Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/96pAISftcipH55lBQJ9koqztuk8.roa
File:                     96pAISftcipH55lBQJ9koqztuk8.roa (raw, json)
Hash identifier:          ZbWKFGo/+uajw2tDYFIPaWBjKzas09OeKyaZmQJGJd4=
Subject key identifier:   F7:AA:40:21:27:ED:72:2A:47:E7:99:41:40:9F:64:A2:AC:ED:BA:4F
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348A5C2FA1B1ED56A55184954434380
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/96pAISftcipH55lBQJ9koqztuk8.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9095
IP address blocks:        2001:a98:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a5:c2:fa:1b:1e:d5:6a:55:18:49:54:43:43:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7aa402127ed722a47e79941409f64a2acedba4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:be:8f:96:a5:ef:c3:a2:d2:48:5a:a3:3c:0b:
                    6d:37:cf:c6:c9:df:7b:02:af:73:73:7e:32:d7:4f:
                    97:88:96:9a:3d:ab:4d:12:e8:6f:db:c2:e4:45:a6:
                    50:ed:db:e4:4e:df:e0:1d:76:94:79:5c:52:29:c6:
                    7a:e1:66:df:4e:43:d6:c5:89:a3:36:00:c7:46:54:
                    df:4e:73:e7:5c:93:25:32:e3:11:16:79:f2:9f:82:
                    af:47:73:43:f3:86:68:c8:3d:1a:3d:5e:c1:41:a5:
                    34:23:79:b0:99:12:89:c1:7a:ab:cc:b8:ad:cf:f6:
                    48:a7:d5:00:a0:88:47:07:a1:d1:81:8d:c0:9f:9e:
                    42:4e:19:8d:a1:df:bb:c6:12:e3:ac:ef:0f:d9:33:
                    8e:8d:24:7a:5b:c8:d7:73:03:3b:d4:6a:f5:c3:31:
                    01:fb:de:60:27:8f:f3:a2:cd:17:be:3e:f6:08:62:
                    44:36:a5:f8:be:b5:d0:2b:b4:33:65:3b:6a:a3:34:
                    5f:51:7b:5a:88:d5:83:dd:5b:36:9c:25:1e:10:9f:
                    4d:36:09:b3:b6:fd:9f:61:8f:cf:61:02:1a:5a:44:
                    dc:38:f1:aa:4c:67:8b:a1:7d:2c:78:68:da:8c:03:
                    29:4e:26:67:5b:69:fa:ed:0b:56:d6:bc:29:a5:f8:
                    be:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:AA:40:21:27:ED:72:2A:47:E7:99:41:40:9F:64:A2:AC:ED:BA:4F
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/96pAISftcipH55lBQJ9koqztuk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:a98:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:d2:68:48:75:cd:c3:37:ce:8d:54:45:04:7a:77:d2:93:6c:
         d6:f4:57:c8:02:61:ea:57:a6:f3:60:b5:68:1c:08:44:d0:a7:
         d3:f2:c9:c3:b3:69:5b:3a:56:68:ac:fc:76:b8:0d:a1:d3:a6:
         13:af:10:22:7c:b8:29:ac:b1:06:88:a2:cd:18:9e:ca:47:91:
         87:6a:08:17:e9:03:50:07:95:9f:86:3f:f9:db:de:db:b9:ed:
         90:fb:40:f6:2c:a7:68:93:50:90:a3:a4:29:27:22:3f:0a:22:
         ad:f1:16:88:35:c8:d3:bd:64:88:ce:f3:b2:45:6e:0a:39:e5:
         56:8d:e3:a4:8c:82:a2:fd:29:8d:f5:2f:32:d1:29:72:de:35:
         62:28:e9:5e:31:b1:32:7f:07:f5:42:f4:88:b0:51:a6:72:dd:
         fc:1f:61:0b:4e:51:b9:40:df:0b:2f:05:60:f8:41:fa:2a:c4:
         7c:08:b7:40:90:b9:52:f2:a6:cb:b4:b1:af:cc:5b:75:f9:f6:
         00:96:74:a2:5b:53:ae:9f:f5:97:29:4c:cb:07:3e:c7:e3:49:
         bb:8f:8d:d2:c2:e7:68:89:bf:b1:a9:1f:ae:bf:d9:0b:bf:16:
         cc:30:ca:cd:a8:b7:c1:15:a7:f9:96:81:8a:76:19:56:85:04:
         58:8e:6d:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSKXC+hse1WpVGElUQ0OAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2FhNDAyMTI3ZWQ3MjJhNDdlNzk5NDE0MDlmNjRhMmFjZWRiYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuL6PlqXvw6LSSFqjPAttN8/Gyd97
Aq9zc34y10+XiJaaPatNEuhv28LkRaZQ7dvkTt/gHXaUeVxSKcZ64WbfTkPWxYmj
NgDHRlTfTnPnXJMlMuMRFnnyn4KvR3ND84ZoyD0aPV7BQaU0I3mwmRKJwXqrzLit
z/ZIp9UAoIhHB6HRgY3An55CThmNod+7xhLjrO8P2TOOjSR6W8jXcwM71Gr1wzEB
+95gJ4/zos0Xvj72CGJENqX4vrXQK7QzZTtqozRfUXtaiNWD3Vs2nCUeEJ9NNgmz
tv2fYY/PYQIaWkTcOPGqTGeLoX0seGjajAMpTiZnW2n67QtW1rwppfi+zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPeqQCEn7XIqR+eZQUCfZKKs7bpPMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvOTZwQUlTZnRjaXBINTVsQlFKOWtvcXp0dWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEKmIAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCd0mhIdc3DN86NVEUEenfSk2zW9FfIAmHqV6bz
YLVoHAhE0KfT8snDs2lbOlZorPx2uA2h06YTrxAifLgprLEGiKLNGJ7KR5GHaggX
6QNQB5Wfhj/5297bue2Q+0D2LKdok1CQo6QpJyI/CiKt8RaINcjTvWSIzvOyRW4K
OeVWjeOkjIKi/SmN9S8y0Sly3jViKOleMbEyfwf1QvSIsFGmct38H2ELTlG5QN8L
LwVg+EH6KsR8CLdAkLlS8qbLtLGvzFt1+fYAlnSiW1Oun/WXKUzLBz7H40m7j43S
wudoib+xqR+uv9kLvxbMMMrNqLfBFaf5loGKdhlWhQRYjm2R
-----END CERTIFICATE-----