Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/THk72XNffKwtPzEM3-n1CJi-G2M.roa
File:                     THk72XNffKwtPzEM3-n1CJi-G2M.roa (raw, json)
Hash identifier:          QMYstTqrPR1BPdCK+0Nf+dnfTyW8gwwhOaPE4U+oFPY=
Subject key identifier:   4C:79:3B:D9:73:5F:7C:AC:2D:3F:31:0C:DF:E9:F5:08:98:BE:1B:63
Certificate issuer:       /CN=c9b232958097b5863eafd047bb315171eaa01fb7
Certificate serial:       018CC56EBA5ED2211987ACA71B2EEC3B3F74
Authority key identifier: C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/THk72XNffKwtPzEM3-n1CJi-G2M.roa
Signing time:             Mon 01 Jan 2024 14:30:17 +0000
ROA not before:           Mon 01 Jan 2024 14:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12672
IP address blocks:        2a00:ff0:8888::/48 maxlen: 48
                          2a00:ff0:9999::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ba:5e:d2:21:19:87:ac:a7:1b:2e:ec:3b:3f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b232958097b5863eafd047bb315171eaa01fb7
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c793bd9735f7cac2d3f310cdfe9f50898be1b63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7f:5d:2b:df:83:68:69:39:d9:39:13:ce:58:
                    44:4f:98:55:97:81:df:54:2c:45:8d:01:64:2a:b5:
                    c9:4a:86:22:fb:10:81:28:ab:9e:60:4b:ce:4f:93:
                    9e:45:4a:2f:d0:1c:29:ad:c4:77:b0:67:55:14:9d:
                    f0:48:1a:b6:8a:d8:7e:d0:d4:d6:56:35:0f:a0:27:
                    9e:d8:9f:d1:a5:7e:01:36:81:e7:21:9d:eb:66:28:
                    87:74:fc:54:ff:21:28:fc:97:03:16:65:69:4a:c2:
                    ee:0b:e1:b1:bf:ee:7f:cf:05:7f:07:a7:7a:5f:e8:
                    7c:de:24:94:3c:8c:97:34:6b:36:bc:c8:1d:0f:a2:
                    76:48:10:e5:e9:37:98:3f:d9:31:99:b5:d5:c1:19:
                    59:f7:ec:6f:6b:bc:96:00:05:a7:d6:26:cb:b3:f1:
                    d1:8b:d2:d6:94:ae:45:9f:a7:d0:33:f0:32:64:07:
                    86:2b:a8:04:38:4c:60:8e:54:82:73:e7:0d:67:6d:
                    be:c3:69:d7:ae:7e:86:7b:08:27:f4:50:2c:2d:2f:
                    d8:2a:25:ff:c6:1e:25:af:20:97:92:b5:27:95:dd:
                    e5:10:e6:85:04:65:84:fe:ba:22:e1:8d:96:61:0c:
                    58:ee:06:ad:77:ba:ba:46:35:18:51:8d:54:2f:97:
                    c0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:79:3B:D9:73:5F:7C:AC:2D:3F:31:0C:DF:E9:F5:08:98:BE:1B:63
            X509v3 Authority Key Identifier:
                keyid:C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/THk72XNffKwtPzEM3-n1CJi-G2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ff0:8888::/48
                  2a00:ff0:9999::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:a2:81:7b:ef:a2:23:b2:3a:5d:60:92:72:60:5c:f0:dd:33:
         c6:db:39:2f:4c:55:e2:46:15:be:60:e9:47:cd:49:47:17:75:
         1c:51:10:70:59:88:10:76:d0:28:2d:1a:f0:71:6c:d8:43:c2:
         19:80:14:3c:d6:2d:ec:50:e5:f8:f9:a2:09:14:8c:56:21:45:
         35:50:66:d5:5f:a2:1d:b6:f8:90:cf:6d:a3:13:ff:10:e2:76:
         2d:cd:6c:50:da:12:20:69:78:6f:09:fa:d2:ec:a0:8c:93:45:
         c7:14:fb:ee:fc:ec:9f:fb:e6:de:de:18:86:c9:8b:45:db:00:
         6c:e0:73:ab:cd:30:59:88:9f:52:d5:51:cf:c6:6a:48:af:b2:
         5e:73:6a:4b:c8:6a:5e:7e:d4:7e:db:7c:07:7e:ed:c8:8a:5a:
         76:2e:94:6f:5b:ac:26:90:71:cf:ce:82:c1:8f:96:e9:42:92:
         d8:f5:0f:20:71:9f:8b:bf:bd:25:f3:7d:b2:29:d2:d5:bc:b3:
         7b:20:60:ba:65:03:69:fa:ae:4a:71:a4:1f:a7:26:b8:02:be:
         57:f2:e3:f3:a2:ef:34:71:38:74:45:02:3a:9f:85:f6:ce:1a:
         74:80:93:1d:47:33:c6:a9:fb:84:a9:9c:e7:e6:cc:f1:ce:0f:
         97:3d:a8:3a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbrpe0iEZh6ynGy7sOz90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjIzMjk1ODA5N2I1ODYzZWFmZDA0N2JiMzE1MTcxZWFh
MDFmYjcwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzc5M2JkOTczNWY3Y2FjMmQzZjMxMGNkZmU5ZjUwODk4YmUxYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlH9dK9+DaGk52TkTzlhET5hVl4Hf
VCxFjQFkKrXJSoYi+xCBKKueYEvOT5OeRUov0BwprcR3sGdVFJ3wSBq2ith+0NTW
VjUPoCee2J/RpX4BNoHnIZ3rZiiHdPxU/yEo/JcDFmVpSsLuC+Gxv+5/zwV/B6d6
X+h83iSUPIyXNGs2vMgdD6J2SBDl6TeYP9kxmbXVwRlZ9+xva7yWAAWn1ibLs/HR
i9LWlK5Fn6fQM/AyZAeGK6gEOExgjlSCc+cNZ22+w2nXrn6Gewgn9FAsLS/YKiX/
xh4lryCXkrUnld3lEOaFBGWE/roi4Y2WYQxY7gatd7q6RjUYUY1UL5fAqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEx5O9lzX3ysLT8xDN/p9QiYvhtjMB8GA1UdIwQY
MBaAFMmyMpWAl7WGPq/QR7sxUXHqoB+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUt
MDdiN2ZlZjA4NThmLzEvVEhrNzJYTmZmS3d0UHpFTTMtbjFDSmktRzJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUtMDdiN2ZlZjA4NThm
LzEveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgAP8IiI
AwcAKgAP8JmZMA0GCSqGSIb3DQEBCwUAA4IBAQBzooF776IjsjpdYJJyYFzw3TPG
2zkvTFXiRhW+YOlHzUlHF3UcURBwWYgQdtAoLRrwcWzYQ8IZgBQ81i3sUOX4+aIJ
FIxWIUU1UGbVX6IdtviQz22jE/8Q4nYtzWxQ2hIgaXhvCfrS7KCMk0XHFPvu/Oyf
++be3hiGyYtF2wBs4HOrzTBZiJ9S1VHPxmpIr7Jec2pLyGpeftR+23wHfu3Iilp2
LpRvW6wmkHHPzoLBj5bpQpLY9Q8gcZ+Lv70l832yKdLVvLN7IGC6ZQNp+q5KcaQf
pya4Ar5X8uPzou80cTh0RQI6n4X2zhp0gJMdRzPGqfuEqZzn5szxzg+XPag6
-----END CERTIFICATE-----