Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/k0pVK80K2jjgpoE2C44l7q4LcPw.roa
File:                     k0pVK80K2jjgpoE2C44l7q4LcPw.roa (raw, json)
Hash identifier:          3cjzvtKdmu6U46f9SblsGfdGUKO12ooQE0Snj4p+vlQ=
Subject key identifier:   93:4A:55:2B:CD:0A:DA:38:E0:A6:81:36:0B:8E:25:EE:AE:0B:70:FC
Certificate issuer:       /CN=97ea541c123faa9c0edc729f829e959fd292e37d
Certificate serial:       018CC9BC1C09A68A0E74D5D70299EF8714C8
Authority key identifier: 97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/k0pVK80K2jjgpoE2C44l7q4LcPw.roa
Signing time:             Tue 02 Jan 2024 10:33:17 +0000
ROA not before:           Tue 02 Jan 2024 10:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0d:9b84:ff00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:1c:09:a6:8a:0e:74:d5:d7:02:99:ef:87:14:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ea541c123faa9c0edc729f829e959fd292e37d
        Validity
            Not Before: Jan  2 10:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=934a552bcd0ada38e0a681360b8e25eeae0b70fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a6:1a:a0:40:10:a2:37:f3:2e:8a:b5:79:b8:
                    82:d5:7d:3d:32:b4:c3:11:1c:b8:64:41:91:f4:cd:
                    5a:0b:2c:cf:5d:68:7a:a5:9a:d4:98:41:1b:2d:ca:
                    81:86:28:ed:60:69:41:c8:42:47:51:34:6d:3c:21:
                    00:37:b1:74:a5:b4:1c:3f:e4:75:17:0b:40:c2:e7:
                    8f:0d:d1:f9:aa:14:7e:09:57:1d:87:06:21:d0:f3:
                    85:23:cd:e5:63:f9:cd:6d:a2:53:d6:51:d5:9f:e7:
                    24:9b:3b:22:04:8c:4c:d4:9a:bb:42:09:00:ce:1c:
                    90:78:a7:34:ce:9d:92:2f:42:79:db:00:9e:0a:d3:
                    77:4e:2e:89:8c:53:53:63:27:72:86:06:18:1c:7b:
                    b3:b7:7d:7f:c1:c2:17:49:7d:3d:be:cb:7c:bc:b8:
                    4a:9b:38:33:d8:f0:90:15:fc:10:11:35:c9:59:57:
                    39:d2:e5:1a:9a:9b:0b:e3:a4:7e:d5:b2:86:34:7e:
                    6a:09:63:5d:39:2b:f6:e6:4c:de:e1:0a:d1:ca:ce:
                    5d:c0:ff:15:e7:a9:0d:c1:cd:98:d6:9a:aa:f6:88:
                    9e:63:05:85:7f:8f:28:5b:e8:d7:48:24:2c:7b:86:
                    a5:b9:b5:ee:b9:8a:41:ce:38:26:9d:56:68:62:76:
                    c9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:4A:55:2B:CD:0A:DA:38:E0:A6:81:36:0B:8E:25:EE:AE:0B:70:FC
            X509v3 Authority Key Identifier:
                keyid:97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/k0pVK80K2jjgpoE2C44l7q4LcPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9b84:ff00::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:2c:34:8f:bb:51:b4:af:48:30:df:fb:3e:d1:4d:3f:cb:e0:
         f0:ce:70:9b:0b:80:00:65:05:e6:9b:ab:b4:27:cb:10:d0:85:
         f5:46:dd:fc:c7:99:89:64:65:28:3e:90:91:8b:b2:28:43:94:
         bb:cd:f9:60:73:a7:8e:4b:65:6b:fa:1d:81:d4:fa:6a:08:80:
         ef:a1:87:45:02:83:d9:e7:ac:e8:60:d9:a9:3e:22:da:4f:05:
         f0:46:3d:f6:40:21:b8:0e:a1:59:93:99:23:86:3c:3d:32:31:
         e5:89:50:c4:5a:ed:e1:a3:02:60:ab:4b:48:2a:8b:92:fd:21:
         2e:67:70:cc:45:40:9d:8f:75:6c:2f:91:46:2c:7b:a6:c7:0b:
         c4:73:97:ca:ac:02:87:e6:dc:36:e6:74:16:b7:4f:6e:8d:6a:
         d8:c2:56:74:85:de:e5:3f:9f:f6:af:07:dd:aa:f1:c4:99:43:
         35:78:eb:e4:6b:db:66:c2:55:f9:77:d3:5d:9a:bf:4b:75:30:
         14:e3:ea:97:0c:03:12:9c:b0:eb:92:d0:11:9e:95:94:c4:e0:
         2f:7b:85:d3:5d:55:2e:bd:c3:97:45:39:16:f6:88:91:61:04:
         7c:97:b4:71:a3:ea:89:96:d8:c0:fa:f3:41:68:8f:66:60:bc:
         74:e0:d9:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvBwJpooOdNXXApnvhxTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWE1NDFjMTIzZmFhOWMwZWRjNzI5ZjgyOWU5NTlmZDI5
MmUzN2QwHhcNMjQwMTAyMTAzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzRhNTUyYmNkMGFkYTM4ZTBhNjgxMzYwYjhlMjVlZWFlMGI3MGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqYaoEAQojfzLoq1ebiC1X09MrTD
ERy4ZEGR9M1aCyzPXWh6pZrUmEEbLcqBhijtYGlByEJHUTRtPCEAN7F0pbQcP+R1
FwtAwuePDdH5qhR+CVcdhwYh0POFI83lY/nNbaJT1lHVn+ckmzsiBIxM1Jq7QgkA
zhyQeKc0zp2SL0J52wCeCtN3Ti6JjFNTYydyhgYYHHuzt31/wcIXSX09vst8vLhK
mzgz2PCQFfwQETXJWVc50uUampsL46R+1bKGNH5qCWNdOSv25kze4QrRys5dwP8V
56kNwc2Y1pqq9oieYwWFf48oW+jXSCQse4alubXuuYpBzjgmnVZoYnbJRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJNKVSvNCto44KaBNguOJe6uC3D8MB8GA1UdIwQY
MBaAFJfqVBwSP6qcDtxyn4KelZ/SkuN9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC1wVUhCSV9xcHdPM0hLZmdwNlZuOUtTNDMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xMjE1NWMtY2QxMy00YWE3LTg5NDkt
NjM4ZGNmYTEzMDAzLzEvazBwVks4MEsyampncG9FMkM0NGw3cTRMY1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xMjE1NWMtY2QxMy00YWE3LTg5NDktNjM4ZGNmYTEzMDAz
LzEvbC1wVUhCSV9xcHdPM0hLZmdwNlZuOUtTNDMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2bhP8A
MA0GCSqGSIb3DQEBCwUAA4IBAQCyLDSPu1G0r0gw3/s+0U0/y+DwznCbC4AAZQXm
m6u0J8sQ0IX1Rt38x5mJZGUoPpCRi7IoQ5S7zflgc6eOS2Vr+h2B1PpqCIDvoYdF
AoPZ56zoYNmpPiLaTwXwRj32QCG4DqFZk5kjhjw9MjHliVDEWu3howJgq0tIKouS
/SEuZ3DMRUCdj3VsL5FGLHumxwvEc5fKrAKH5tw25nQWt09ujWrYwlZ0hd7lP5/2
rwfdqvHEmUM1eOvka9tmwlX5d9Ndmr9LdTAU4+qXDAMSnLDrktARnpWUxOAve4XT
XVUuvcOXRTkW9oiRYQR8l7Rxo+qJltjA+vNBaI9mYLx04Nne
-----END CERTIFICATE-----