Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/85b237-d041-4497-a729-6253ad08f858/1/9mviu7JST6AIvEKX9gHv8L_wXHY.roa
File:                     9mviu7JST6AIvEKX9gHv8L_wXHY.roa (raw, json)
Hash identifier:          sNtGVmRruhOkuzd1VXvV+YvrxaMCplBAyvla2w7+4Vc=
Subject key identifier:   F6:6B:E2:BB:B2:52:4F:A0:08:BC:42:97:F6:01:EF:F0:BF:F0:5C:76
Certificate issuer:       /CN=3f2b4fcea4b722f2a6f6c705c5589ee1abc620ae
Certificate serial:       018CC94D96DF727C2DA0C611D4EF4739B910
Authority key identifier: 3F:2B:4F:CE:A4:B7:22:F2:A6:F6:C7:05:C5:58:9E:E1:AB:C6:20:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PytPzqS3IvKm9scFxVie4avGIK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/85b237-d041-4497-a729-6253ad08f858/1/9mviu7JST6AIvEKX9gHv8L_wXHY.roa
Signing time:             Tue 02 Jan 2024 08:32:34 +0000
ROA not before:           Tue 02 Jan 2024 08:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60236
IP address blocks:        2a0f:2a00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/85b237-d041-4497-a729-6253ad08f858/1/PytPzqS3IvKm9scFxVie4avGIK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/85b237-d041-4497-a729-6253ad08f858/1/PytPzqS3IvKm9scFxVie4avGIK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PytPzqS3IvKm9scFxVie4avGIK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:96:df:72:7c:2d:a0:c6:11:d4:ef:47:39:b9:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f2b4fcea4b722f2a6f6c705c5589ee1abc620ae
        Validity
            Not Before: Jan  2 08:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f66be2bbb2524fa008bc4297f601eff0bff05c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:79:31:de:36:62:0f:b3:24:18:ec:9e:6b:b4:
                    3d:07:bb:99:83:17:da:bc:92:36:17:d6:1f:22:1a:
                    a3:10:eb:1e:7e:44:1d:77:05:07:7e:a4:2b:6f:f1:
                    27:f7:3c:70:20:cd:98:7b:5f:b7:f5:6b:69:bc:07:
                    22:a5:86:f0:33:31:7e:1f:c2:13:ec:1d:46:6c:0a:
                    66:11:5d:83:48:1f:43:5e:56:d2:b9:58:3f:64:65:
                    99:64:33:da:48:ab:34:39:25:c1:87:4c:93:df:12:
                    ec:5f:67:83:b8:e7:62:ea:38:1d:29:6e:6f:00:f0:
                    48:41:d9:c4:fd:ca:f3:99:f6:a7:d4:ba:e9:7d:4d:
                    c4:12:e6:1a:fa:28:77:88:c6:6f:5b:c1:6a:dd:50:
                    fb:64:51:de:3b:4a:68:69:48:dc:cf:9f:1c:b2:3b:
                    67:b1:a6:0b:2a:95:c7:8d:42:ac:c7:c2:0b:9c:49:
                    5a:83:15:9b:34:72:87:0b:c9:7e:15:94:cd:3d:df:
                    d5:76:d4:2c:51:61:4c:56:f3:b9:a4:20:56:85:33:
                    aa:f8:ba:e7:fa:1f:2a:6d:05:f5:46:4c:eb:b0:32:
                    48:3b:55:09:c7:76:01:de:46:d0:1b:b6:14:c1:48:
                    83:6d:05:2c:cf:78:d5:c9:55:56:5a:d4:2d:ac:90:
                    d5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:6B:E2:BB:B2:52:4F:A0:08:BC:42:97:F6:01:EF:F0:BF:F0:5C:76
            X509v3 Authority Key Identifier:
                keyid:3F:2B:4F:CE:A4:B7:22:F2:A6:F6:C7:05:C5:58:9E:E1:AB:C6:20:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PytPzqS3IvKm9scFxVie4avGIK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/85b237-d041-4497-a729-6253ad08f858/1/9mviu7JST6AIvEKX9gHv8L_wXHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/85b237-d041-4497-a729-6253ad08f858/1/PytPzqS3IvKm9scFxVie4avGIK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:82:bd:3b:a8:55:65:2d:ee:be:cf:b3:0a:e5:2a:1b:7d:e7:
         d2:ec:fb:50:5a:75:9a:e7:64:60:13:fd:8a:1c:ad:38:f2:c0:
         ae:22:7b:9b:50:3e:ca:a5:db:f6:f9:b8:49:54:ce:81:26:37:
         d2:11:3e:1a:a3:b4:0e:65:b9:7e:b4:7b:e2:cf:74:7b:cd:21:
         eb:a5:4a:50:a8:50:6d:50:bb:bc:ef:95:f7:8d:db:ba:38:8b:
         f6:98:51:bd:ac:98:07:75:9f:fb:69:d5:59:e4:7f:19:0f:4e:
         ee:cc:55:f4:97:1f:99:6b:f4:59:81:06:be:2a:e5:40:22:47:
         bc:bb:aa:e1:0a:60:9a:79:a3:af:f1:68:11:3a:dc:10:c0:ed:
         45:c5:b0:3b:af:d5:7c:56:f2:17:0a:20:10:17:f2:74:74:7c:
         5d:08:f6:b2:ab:08:6d:fc:71:e2:7c:d7:c9:d2:99:3c:69:80:
         42:51:0a:b0:a8:c6:69:9f:82:67:28:f6:f7:93:23:4d:63:a1:
         7a:f7:2f:80:dd:af:06:90:c4:e7:04:97:93:9a:33:f7:1f:e3:
         c3:41:46:99:23:17:ab:90:06:6c:e9:3c:f2:d8:9f:5b:a9:b6:
         30:d1:47:43:10:86:a3:ae:6f:a0:23:5e:ab:dd:d9:1d:a9:24:
         49:9f:dd:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTZbfcnwtoMYR1O9HObkQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMmI0ZmNlYTRiNzIyZjJhNmY2YzcwNWM1NTg5ZWUxYWJj
NjIwYWUwHhcNMjQwMTAyMDgzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjZiZTJiYmIyNTI0ZmEwMDhiYzQyOTdmNjAxZWZmMGJmZjA1Yzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHkx3jZiD7MkGOyea7Q9B7uZgxfa
vJI2F9YfIhqjEOsefkQddwUHfqQrb/En9zxwIM2Ye1+39WtpvAcipYbwMzF+H8IT
7B1GbApmEV2DSB9DXlbSuVg/ZGWZZDPaSKs0OSXBh0yT3xLsX2eDuOdi6jgdKW5v
APBIQdnE/crzmfan1LrpfU3EEuYa+ih3iMZvW8Fq3VD7ZFHeO0poaUjcz58csjtn
saYLKpXHjUKsx8ILnElagxWbNHKHC8l+FZTNPd/VdtQsUWFMVvO5pCBWhTOq+Lrn
+h8qbQX1RkzrsDJIO1UJx3YB3kbQG7YUwUiDbQUsz3jVyVVWWtQtrJDVoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPZr4ruyUk+gCLxCl/YB7/C/8Fx2MB8GA1UdIwQY
MBaAFD8rT86ktyLypvbHBcVYnuGrxiCuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHl0UHpxUzNJdkttOXNjRnhWaWU0YXZHSUs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84NWIyMzctZDA0MS00NDk3LWE3Mjkt
NjI1M2FkMDhmODU4LzEvOW12aXU3SlNUNkFJdkVLWDlnSHY4TF93WEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84NWIyMzctZDA0MS00NDk3LWE3MjktNjI1M2FkMDhmODU4
LzEvUHl0UHpxUzNJdkttOXNjRnhWaWU0YXZHSUs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8qAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA5gr07qFVlLe6+z7MK5SobfefS7PtQWnWa52Rg
E/2KHK048sCuInubUD7Kpdv2+bhJVM6BJjfSET4ao7QOZbl+tHviz3R7zSHrpUpQ
qFBtULu875X3jdu6OIv2mFG9rJgHdZ/7adVZ5H8ZD07uzFX0lx+Za/RZgQa+KuVA
Ike8u6rhCmCaeaOv8WgROtwQwO1FxbA7r9V8VvIXCiAQF/J0dHxdCPayqwht/HHi
fNfJ0pk8aYBCUQqwqMZpn4JnKPb3kyNNY6F69y+A3a8GkMTnBJeTmjP3H+PDQUaZ
IxerkAZs6Tzy2J9bqbYw0UdDEIajrm+gI16r3dkdqSRJn93X
-----END CERTIFICATE-----