Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/naSc2RUoFgLf-QaTE_pHNlPSmL8.roa
File:                     naSc2RUoFgLf-QaTE_pHNlPSmL8.roa (raw, json)
Hash identifier:          o72Ch/R6q/oCxKDJPLhCAHRaPWLChOyC0710KAaCIR0=
Subject key identifier:   9D:A4:9C:D9:15:28:16:02:DF:F9:06:93:13:FA:47:36:53:D2:98:BF
Certificate issuer:       /CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
Certificate serial:       018CC94E70BA60C86E14C77E21028275E803
Authority key identifier: CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/naSc2RUoFgLf-QaTE_pHNlPSmL8.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400587
IP address blocks:        2a07:e04::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:70:ba:60:c8:6e:14:c7:7e:21:02:82:75:e8:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9da49cd915281602dff9069313fa473653d298bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:30:d4:69:cf:89:08:fe:91:21:ed:1b:6d:36:
                    cb:d1:2b:7a:4b:76:0b:2d:b3:d5:e1:10:7f:a1:5d:
                    52:00:1d:ce:38:e2:06:19:17:a2:30:34:6c:9e:9f:
                    ed:ad:cb:5c:c9:c0:a7:fd:d5:aa:0e:91:70:a7:3e:
                    dc:46:9c:09:91:09:2f:cc:04:2c:c7:32:bc:dd:80:
                    dc:4f:df:2d:bb:7b:a1:ea:a7:e2:3b:c6:75:1f:5c:
                    08:6e:2d:3c:24:6a:8e:fd:44:d4:7f:1b:d3:ac:f5:
                    72:46:71:73:b7:8b:f5:b9:7b:42:3c:ad:de:26:25:
                    d5:97:f3:c3:19:32:ad:2d:05:ba:cb:72:e3:d7:eb:
                    1e:ab:b9:81:52:f3:19:e3:85:7a:50:95:d6:aa:10:
                    ca:4c:07:1f:6a:97:8e:7d:5f:49:e1:6d:ae:77:e8:
                    8a:ab:d6:21:a8:8c:8b:f9:d8:a9:7a:30:86:b4:ed:
                    6e:bb:a8:cc:1f:8a:d5:c1:87:78:e8:9f:90:cb:88:
                    9e:74:0f:7a:f9:ca:3a:1a:40:7d:38:75:4d:d3:b2:
                    9e:9a:14:5d:57:a8:9c:57:e5:56:8d:3a:dd:5e:95:
                    24:40:ce:a0:c6:31:e9:ef:2e:c4:64:19:25:44:12:
                    e3:3a:8d:5c:f9:8e:a7:9a:e4:cb:23:3b:47:06:6b:
                    9a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A4:9C:D9:15:28:16:02:DF:F9:06:93:13:FA:47:36:53:D2:98:BF
            X509v3 Authority Key Identifier:
                keyid:CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/naSc2RUoFgLf-QaTE_pHNlPSmL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e04::/36

    Signature Algorithm: sha256WithRSAEncryption
         b9:75:a5:a4:57:7e:ca:c3:64:80:2b:36:0a:88:01:83:ea:a6:
         56:03:2d:45:a7:ef:2b:96:67:5f:b2:6e:9c:5c:e7:c0:50:ac:
         39:95:a5:49:5e:8f:b4:3e:db:05:77:45:27:1d:7c:57:ad:fe:
         a2:e2:c1:78:02:66:1d:94:8b:d0:d3:df:e9:ec:17:b9:e4:04:
         75:d3:ec:e2:79:d4:d6:f1:df:73:32:7e:95:a1:a5:7e:3f:84:
         84:ee:5d:bb:0a:c7:4c:1a:75:88:b0:b1:d6:8d:82:8a:bf:b6:
         04:8b:da:36:6b:d5:6b:9e:ab:ab:f4:c1:e5:63:a0:a8:a2:32:
         f5:db:e8:8b:ae:73:df:e1:5d:9c:cd:4a:06:45:e7:4a:03:5c:
         09:0b:fd:ec:de:a6:5f:12:3f:ed:5a:0b:4b:1d:6b:4c:b9:94:
         59:5c:8a:8f:b4:60:1b:74:b1:1d:3f:2f:d7:ae:b2:22:61:64:
         75:60:00:bb:64:80:71:93:4d:84:c1:1b:98:5b:4e:25:a9:0c:
         49:2c:d2:ba:c1:37:71:6f:ea:f9:7f:db:19:97:96:e4:f2:e5:
         1d:3a:fa:de:81:98:25:13:14:9c:94:2d:7a:1e:76:40:72:65:
         86:18:75:fe:bd:f9:ad:2c:71:46:a1:26:ae:11:8d:26:4f:a3:
         f2:49:01:cb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTnC6YMhuFMd+IQKCdegDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMmViNWIzOGJiNjJlZGU1Yzk4Y2JmYmNmZjk1MzI4NTIx
ODA1MTYwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGE0OWNkOTE1MjgxNjAyZGZmOTA2OTMxM2ZhNDczNjUzZDI5OGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTDUac+JCP6RIe0bbTbL0St6S3YL
LbPV4RB/oV1SAB3OOOIGGReiMDRsnp/trctcycCn/dWqDpFwpz7cRpwJkQkvzAQs
xzK83YDcT98tu3uh6qfiO8Z1H1wIbi08JGqO/UTUfxvTrPVyRnFzt4v1uXtCPK3e
JiXVl/PDGTKtLQW6y3Lj1+seq7mBUvMZ44V6UJXWqhDKTAcfapeOfV9J4W2ud+iK
q9YhqIyL+dipejCGtO1uu6jMH4rVwYd46J+Qy4iedA96+co6GkB9OHVN07KemhRd
V6icV+VWjTrdXpUkQM6gxjHp7y7EZBklRBLjOo1c+Y6nmuTLIztHBmua+wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJ2knNkVKBYC3/kGkxP6RzZT0pi/MB8GA1UdIwQY
MBaAFMwutbOLti7eXJjL+8/5UyhSGAUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEt
ZjFmODAyZTY2MTNiLzEvbmFTYzJSVW9GZ0xmLVFhVEVfcEhObFBTbUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEtZjFmODAyZTY2MTNi
LzEvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgcOBAAw
DQYJKoZIhvcNAQELBQADggEBALl1paRXfsrDZIArNgqIAYPqplYDLUWn7yuWZ1+y
bpxc58BQrDmVpUlej7Q+2wV3RScdfFet/qLiwXgCZh2Ui9DT3+nsF7nkBHXT7OJ5
1Nbx33MyfpWhpX4/hITuXbsKx0wadYiwsdaNgoq/tgSL2jZr1Wueq6v0weVjoKii
MvXb6Iuuc9/hXZzNSgZF50oDXAkL/ezepl8SP+1aC0sda0y5lFlcio+0YBt0sR0/
L9eusiJhZHVgALtkgHGTTYTBG5hbTiWpDEks0rrBN3Fv6vl/2xmXluTy5R06+t6B
mCUTFJyULXoedkByZYYYdf69+a0scUahJq4RjSZPo/JJAcs=
-----END CERTIFICATE-----