Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/chKGvfmonXAZfu3H-G94U8tQt5E.roa
File:                     chKGvfmonXAZfu3H-G94U8tQt5E.roa (raw, json)
Hash identifier:          T6tp6pXrugzwRm384DTUQns3O0dFzr6VgxlytG+Qrf8=
Subject key identifier:   72:12:86:BD:F9:A8:9D:70:19:7E:ED:C7:F8:6F:78:53:CB:50:B7:91
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       018CCA2B337FDD255D20E364D710F7F018A0
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/chKGvfmonXAZfu3H-G94U8tQt5E.roa
Signing time:             Tue 02 Jan 2024 12:34:38 +0000
ROA not before:           Tue 02 Jan 2024 12:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207613
IP address blocks:        2a09:11c0:200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:33:7f:dd:25:5d:20:e3:64:d7:10:f7:f0:18:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jan  2 12:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=721286bdf9a89d70197eedc7f86f7853cb50b791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:95:eb:17:db:76:37:37:f0:d4:5b:be:61:61:
                    cf:97:88:64:87:72:41:fd:53:08:1d:ee:c1:63:a7:
                    2e:fe:7c:5a:79:25:7d:a4:c4:3f:1f:15:b7:d0:bd:
                    e4:53:09:84:24:78:71:79:85:1c:d6:6f:06:25:65:
                    1a:8d:a1:04:f2:21:d5:e9:c8:4e:32:a4:5d:10:b7:
                    81:7c:63:14:57:16:ed:53:20:8c:d4:22:08:85:c0:
                    be:30:00:47:2f:20:20:51:62:e2:e1:21:0b:31:fe:
                    d2:c9:04:d9:35:ef:b6:b5:6f:fd:f6:e8:83:ab:3c:
                    1a:16:42:0d:8f:fd:61:3c:83:23:d6:bd:74:ac:84:
                    d6:cf:33:36:62:11:b6:13:e3:2f:ce:23:a1:0f:30:
                    1c:85:be:71:4d:e5:ef:ff:f7:ea:59:4f:0f:2b:a2:
                    9d:f2:e0:5f:01:93:e4:9c:8a:d5:f7:94:17:82:18:
                    5f:4d:9e:1d:0c:89:1a:ba:25:a6:76:a1:43:38:79:
                    9d:ba:af:45:de:10:a7:e4:39:29:cb:28:0b:51:66:
                    9b:b9:71:00:19:fe:70:ce:0e:e6:ed:8e:ad:a0:d6:
                    b3:eb:95:ec:9f:e9:cc:c7:85:84:18:48:63:6f:b1:
                    92:18:9f:86:0a:2c:6c:66:ac:97:bf:52:e5:5f:d8:
                    33:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:12:86:BD:F9:A8:9D:70:19:7E:ED:C7:F8:6F:78:53:CB:50:B7:91
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/chKGvfmonXAZfu3H-G94U8tQt5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:11c0:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         01:69:a3:ee:e3:5c:06:e6:bb:89:4d:73:90:23:70:84:8b:f7:
         20:c5:05:e5:52:53:1a:f6:45:ef:2d:ed:92:c2:7b:92:63:7f:
         4a:d0:9e:3e:63:3b:af:a1:24:c4:14:4a:b7:00:fb:f9:5b:79:
         c5:9b:d0:31:b5:74:8e:93:18:7d:ea:23:b7:c2:5b:29:1f:83:
         6c:46:dc:fd:ac:bf:4c:a3:1a:08:26:73:6d:55:9b:55:0f:7d:
         eb:38:0c:dc:42:f3:9f:a4:d6:07:60:a2:70:0d:1e:c3:19:01:
         b8:fe:f1:96:1a:1a:7c:fd:2b:d9:75:06:fd:37:44:b4:07:ef:
         49:ab:54:23:33:b9:87:ef:4a:b9:05:c0:51:dc:99:2c:29:e4:
         45:4a:2c:84:22:bc:2d:e6:8b:16:1c:8d:62:59:c3:40:c8:16:
         4e:af:a6:ae:e2:df:07:23:89:32:f1:38:3c:b8:e0:29:0e:bb:
         88:d1:ff:92:02:9d:d8:74:89:d5:75:de:a0:fa:01:b2:36:ad:
         0f:e2:39:1c:80:45:aa:ad:8a:62:6c:93:52:7a:91:9b:ae:e0:
         76:9c:81:a1:b7:c8:fb:f8:70:b5:df:bb:3c:0f:a4:98:d9:ca:
         5a:95:54:b8:9c:fd:03:89:2f:89:3b:a7:e3:fd:2c:b9:71:77:
         3f:c6:d6:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKzN/3SVdIONk1xD38BigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwMTAyMTIzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjEyODZiZGY5YTg5ZDcwMTk3ZWVkYzdmODZmNzg1M2NiNTBiNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopXrF9t2Nzfw1Fu+YWHPl4hkh3JB
/VMIHe7BY6cu/nxaeSV9pMQ/HxW30L3kUwmEJHhxeYUc1m8GJWUajaEE8iHV6chO
MqRdELeBfGMUVxbtUyCM1CIIhcC+MABHLyAgUWLi4SELMf7SyQTZNe+2tW/99uiD
qzwaFkINj/1hPIMj1r10rITWzzM2YhG2E+MvziOhDzAchb5xTeXv//fqWU8PK6Kd
8uBfAZPknIrV95QXghhfTZ4dDIkauiWmdqFDOHmduq9F3hCn5DkpyygLUWabuXEA
Gf5wzg7m7Y6toNaz65Xsn+nMx4WEGEhjb7GSGJ+GCixsZqyXv1LlX9gzQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHIShr35qJ1wGX7tx/hveFPLULeRMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvY2hLR3ZmbW9uWEFaZnUzSC1HOTRVOHRRdDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgkRwAIA
MA0GCSqGSIb3DQEBCwUAA4IBAQABaaPu41wG5ruJTXOQI3CEi/cgxQXlUlMa9kXv
Le2SwnuSY39K0J4+YzuvoSTEFEq3APv5W3nFm9AxtXSOkxh96iO3wlspH4NsRtz9
rL9MoxoIJnNtVZtVD33rOAzcQvOfpNYHYKJwDR7DGQG4/vGWGhp8/SvZdQb9N0S0
B+9Jq1QjM7mH70q5BcBR3JksKeRFSiyEIrwt5osWHI1iWcNAyBZOr6au4t8HI4ky
8Tg8uOApDruI0f+SAp3YdInVdd6g+gGyNq0P4jkcgEWqrYpibJNSepGbruB2nIGh
t8j7+HC137s8D6SY2cpalVS4nP0DiS+JO6fj/Sy5cXc/xtZt
-----END CERTIFICATE-----