Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/NB4y9qxp089Hr5-uo2n531iG1hw.roa
File:                     NB4y9qxp089Hr5-uo2n531iG1hw.roa (raw, json)
Hash identifier:          AzCreiq1n8zMxugluakrtWvV2/BO/IatNhSEXorqnJk=
Subject key identifier:   34:1E:32:F6:AC:69:D3:CF:47:AF:9F:AE:A3:69:F9:DF:58:86:D6:1C
Certificate issuer:       /CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
Certificate serial:       018CC8012A5C2D03D11EACAC44A3E49E3FC4
Authority key identifier: 4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/NB4y9qxp089Hr5-uo2n531iG1hw.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202165
IP address blocks:        2a0b:a080:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2a:5c:2d:03:d1:1e:ac:ac:44:a3:e4:9e:3f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=341e32f6ac69d3cf47af9faea369f9df5886d61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:90:5a:2c:39:9c:fc:5c:25:00:99:a7:7b:bf:
                    bd:68:9a:52:91:be:36:c7:27:8a:75:9e:bb:8b:18:
                    09:0d:4c:c1:45:fd:1c:9c:19:56:85:92:a6:bf:a8:
                    80:ef:60:7e:b3:a8:c5:8e:3c:73:34:4e:a9:e3:26:
                    08:d1:92:70:8f:62:5a:ba:b4:83:66:83:eb:0b:65:
                    79:b2:e5:66:fd:93:15:b2:ea:ff:08:c8:12:c4:a1:
                    49:bc:e1:02:42:b2:46:96:5f:27:e0:3f:a6:4a:c5:
                    5c:51:36:a0:e9:bb:bd:a5:3d:3a:6d:2e:c4:46:2b:
                    4c:e2:e4:f1:ee:6c:a0:8f:96:e5:18:7e:8a:cd:60:
                    d2:83:e8:c3:30:19:83:7a:71:f5:96:e3:e9:51:1d:
                    8f:11:21:42:4d:fc:b1:eb:0f:d4:e9:57:da:4c:d0:
                    02:87:96:3b:c1:b9:08:e3:db:1b:51:c8:3c:6e:91:
                    c3:7e:15:31:04:06:25:12:b3:23:51:71:17:14:de:
                    6e:32:7b:d0:74:81:0f:c7:fd:91:19:8a:8e:7b:f1:
                    25:20:37:03:cd:e6:42:b1:31:b6:25:de:2f:c9:b3:
                    e3:e5:5b:40:06:f5:0b:8a:a6:16:3d:01:d1:54:7d:
                    72:f2:97:5a:56:5f:69:0c:4c:88:dd:1c:ee:b0:b0:
                    42:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:1E:32:F6:AC:69:D3:CF:47:AF:9F:AE:A3:69:F9:DF:58:86:D6:1C
            X509v3 Authority Key Identifier:
                keyid:4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/NB4y9qxp089Hr5-uo2n531iG1hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a080:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:8a:4a:b5:88:16:1e:15:c4:d8:fd:f0:fa:ff:a8:c6:73:32:
         cc:ab:92:0a:88:e2:c8:50:92:10:f6:a5:71:89:75:1c:f6:d5:
         a2:97:94:5a:8c:34:4c:cf:1a:b4:7a:4f:77:bd:a5:ab:27:ad:
         54:b5:08:d9:bb:08:55:e9:7b:b0:6b:c0:f9:e1:b5:f5:c0:5e:
         5e:2b:aa:f0:97:d3:b8:5c:75:8f:61:58:7a:dd:64:b5:ab:94:
         1f:a8:f5:c1:d4:d2:d1:3d:0f:31:60:4f:ac:f2:3f:c0:f8:3e:
         6f:68:ee:bb:bb:ea:c8:e4:60:df:96:fa:77:33:43:df:03:ec:
         79:4d:ce:58:55:37:dc:8e:3f:5f:cb:63:7a:eb:69:f6:35:36:
         43:36:d2:75:89:f2:b9:30:dd:a4:99:45:f8:8f:ba:7c:c7:9a:
         89:cc:79:3d:b2:b7:81:6d:85:c6:f0:b9:c5:a2:38:a3:21:39:
         04:11:8a:24:49:de:6f:a4:3c:1c:71:81:e9:c9:f5:00:15:db:
         81:d0:1a:4d:6a:97:12:37:cc:f6:81:c1:6d:60:e0:8e:d3:48:
         f8:47:34:ce:1a:13:a9:35:74:e1:49:b6:f6:aa:2c:76:1c:17:
         74:9d:b2:19:86:88:a9:a3:b3:da:5f:4e:16:76:24:48:ba:ec:
         13:e0:9c:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIASpcLQPRHqysRKPknj/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWFjNmZlMjAzMWFkZGUwMzY2ODI0MGUzYzVkOTFlYzY3
MTFlMWUwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDFlMzJmNmFjNjlkM2NmNDdhZjlmYWVhMzY5ZjlkZjU4ODZkNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5BaLDmc/FwlAJmne7+9aJpSkb42
xyeKdZ67ixgJDUzBRf0cnBlWhZKmv6iA72B+s6jFjjxzNE6p4yYI0ZJwj2JaurSD
ZoPrC2V5suVm/ZMVsur/CMgSxKFJvOECQrJGll8n4D+mSsVcUTag6bu9pT06bS7E
RitM4uTx7mygj5blGH6KzWDSg+jDMBmDenH1luPpUR2PESFCTfyx6w/U6VfaTNAC
h5Y7wbkI49sbUcg8bpHDfhUxBAYlErMjUXEXFN5uMnvQdIEPx/2RGYqOe/ElIDcD
zeZCsTG2Jd4vybPj5VtABvULiqYWPQHRVH1y8pdaVl9pDEyI3RzusLBClwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDQeMvasadPPR6+frqNp+d9YhtYcMB8GA1UdIwQY
MBaAFE+axv4gMa3eA2aCQOPF2R7GcR4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTct
NTI4YTYzYmU0Yzg3LzEvTkI0eTlxeHAwODlIcjUtdW8ybjUzMWlHMWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTctNTI4YTYzYmU0Yzg3
LzEvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKguggAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBCikq1iBYeFcTY/fD6/6jGczLMq5IKiOLIUJIQ
9qVxiXUc9tWil5RajDRMzxq0ek93vaWrJ61UtQjZuwhV6Xuwa8D54bX1wF5eK6rw
l9O4XHWPYVh63WS1q5QfqPXB1NLRPQ8xYE+s8j/A+D5vaO67u+rI5GDflvp3M0Pf
A+x5Tc5YVTfcjj9fy2N662n2NTZDNtJ1ifK5MN2kmUX4j7p8x5qJzHk9sreBbYXG
8LnFojijITkEEYokSd5vpDwccYHpyfUAFduB0BpNapcSN8z2gcFtYOCO00j4RzTO
GhOpNXThSbb2qix2HBd0nbIZhoipo7PaX04WdiRIuuwT4Jwx
-----END CERTIFICATE-----