Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/9idU_VLb1TUhnXi4Kl3nYAghP8U.roa
File:                     9idU_VLb1TUhnXi4Kl3nYAghP8U.roa (raw, json)
Hash identifier:          ALn3b13rn46Xcv6Vhs1kZ7+uLeq8RneX7+lRkz0goMY=
Subject key identifier:   F6:27:54:FD:52:DB:D5:35:21:9D:78:B8:2A:5D:E7:60:08:21:3F:C5
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       018CCA2ADF26706D002D2B8204B9DD91F0BB
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/9idU_VLb1TUhnXi4Kl3nYAghP8U.roa
Signing time:             Tue 02 Jan 2024 12:34:16 +0000
ROA not before:           Tue 02 Jan 2024 12:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213253
IP address blocks:        2a0e:e704:42::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:df:26:70:6d:00:2d:2b:82:04:b9:dd:91:f0:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Jan  2 12:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f62754fd52dbd535219d78b82a5de76008213fc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:74:0e:2e:22:85:f4:4e:6f:e6:61:9a:bc:72:
                    92:2f:cd:2d:64:19:21:29:d3:7b:aa:6b:b1:fc:0f:
                    a4:aa:49:4b:32:36:c0:b4:59:de:c0:ce:78:ab:15:
                    45:e1:00:8f:6e:bc:0c:60:00:9b:bb:d2:30:25:e5:
                    8b:0e:24:e3:2d:9c:b6:4e:0f:ca:ce:e6:60:b8:8b:
                    79:47:44:a6:76:35:70:44:29:1f:fd:22:55:69:b6:
                    af:71:5c:58:ca:1b:b9:fc:f1:2d:3c:81:7c:d8:a5:
                    32:db:0b:64:a3:9b:1d:bc:f9:55:54:3b:7b:6a:40:
                    60:34:a8:ed:a3:f1:b3:c2:3c:25:c1:f9:d6:d2:f5:
                    6f:13:cd:43:92:d7:24:23:e5:e0:8c:3c:37:55:30:
                    b0:e3:81:c4:26:be:9e:23:8b:c8:4f:fd:3e:f7:65:
                    96:08:e7:44:73:80:3d:18:a8:22:c5:a9:d3:50:1c:
                    26:b9:dc:20:c0:28:fe:cb:5c:bb:4b:92:88:66:05:
                    f0:f6:21:2b:78:4f:75:27:a1:da:e3:73:29:ee:f1:
                    a2:60:9b:8e:fa:a4:5e:c6:a3:17:11:7c:62:a8:4e:
                    13:0a:eb:fb:fa:f0:fc:48:64:b9:a1:c0:82:27:f1:
                    b0:76:d3:ac:10:16:22:19:81:0b:af:b7:10:45:19:
                    25:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:27:54:FD:52:DB:D5:35:21:9D:78:B8:2A:5D:E7:60:08:21:3F:C5
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/9idU_VLb1TUhnXi4Kl3nYAghP8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:42::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:11:08:ba:2c:53:b6:f2:59:5e:53:9c:2f:80:a0:b7:12:20:
         2a:c8:f7:82:f2:7b:e8:dc:65:15:25:6f:b5:5e:7d:98:fb:c3:
         e5:ca:09:76:5a:fd:72:d5:3b:78:ec:68:d4:f9:5a:7e:eb:01:
         16:7e:4c:be:70:de:98:3c:33:c0:54:f7:46:e8:67:72:42:2e:
         c2:1d:84:4a:44:e1:02:35:4e:b0:f5:ae:2d:f9:b6:7c:ea:ff:
         b5:76:64:7f:21:83:3f:33:5c:35:a9:9f:61:3a:bc:5c:fb:43:
         f2:6a:d4:64:d9:e4:7a:7c:c7:57:2e:d3:67:58:46:72:e8:97:
         f2:00:b0:a1:66:79:1f:92:5b:69:bd:e7:0a:3d:12:cc:4c:9f:
         6b:a0:09:37:ec:aa:87:28:ae:cb:d9:e4:e3:58:d8:18:5e:9c:
         23:d6:15:8e:f8:d3:07:05:48:cf:ba:06:1e:02:02:f5:fb:4a:
         f7:3b:47:85:54:f8:46:5c:9c:31:4a:a3:af:bd:ed:b2:0b:5a:
         b4:b6:cf:88:f6:c4:1a:fb:c1:5b:5b:0f:2c:c8:74:77:8d:28:
         d9:54:ec:bb:97:a4:ad:82:3e:e0:0b:a1:d1:e9:5e:75:ea:6c:
         29:d0:4d:4e:45:65:46:c5:4d:63:a9:b9:05:45:75:71:f1:fc:
         25:50:8c:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKt8mcG0ALSuCBLndkfC7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjQwMTAyMTIzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjI3NTRmZDUyZGJkNTM1MjE5ZDc4YjgyYTVkZTc2MDA4MjEzZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHQOLiKF9E5v5mGavHKSL80tZBkh
KdN7qmux/A+kqklLMjbAtFnewM54qxVF4QCPbrwMYACbu9IwJeWLDiTjLZy2Tg/K
zuZguIt5R0SmdjVwRCkf/SJVabavcVxYyhu5/PEtPIF82KUy2wtko5sdvPlVVDt7
akBgNKjto/GzwjwlwfnW0vVvE81DktckI+XgjDw3VTCw44HEJr6eI4vIT/0+92WW
COdEc4A9GKgixanTUBwmudwgwCj+y1y7S5KIZgXw9iEreE91J6Ha43Mp7vGiYJuO
+qRexqMXEXxiqE4TCuv7+vD8SGS5ocCCJ/GwdtOsEBYiGYELr7cQRRkltQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPYnVP1S29U1IZ14uCpd52AIIT/FMB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvOWlkVV9WTGIxVFVoblhpNEtsM25ZQWdoUDhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7nBABC
MA0GCSqGSIb3DQEBCwUAA4IBAQALEQi6LFO28lleU5wvgKC3EiAqyPeC8nvo3GUV
JW+1Xn2Y+8Plygl2Wv1y1Tt47GjU+Vp+6wEWfky+cN6YPDPAVPdG6GdyQi7CHYRK
ROECNU6w9a4t+bZ86v+1dmR/IYM/M1w1qZ9hOrxc+0PyatRk2eR6fMdXLtNnWEZy
6JfyALChZnkfkltpvecKPRLMTJ9roAk37KqHKK7L2eTjWNgYXpwj1hWO+NMHBUjP
ugYeAgL1+0r3O0eFVPhGXJwxSqOvve2yC1q0ts+I9sQa+8FbWw8syHR3jSjZVOy7
l6Stgj7gC6HR6V516mwp0E1ORWVGxU1jqbkFRXVx8fwlUIzi
-----END CERTIFICATE-----