Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/95HVzytSpUqxIIsx42Kw5BeT3mU.roa
File:                     95HVzytSpUqxIIsx42Kw5BeT3mU.roa (raw, json)
Hash identifier:          wMywacNO/a+Xf8tQS58nNxC0SfFnZxCS3yNGttRd564=
Subject key identifier:   F7:91:D5:CF:2B:52:A5:4A:B1:20:8B:31:E3:62:B0:E4:17:93:DE:65
Certificate issuer:       /CN=6283b6d1d86102e9edf2abddaa7c9347aac717c7
Certificate serial:       018CC492D8BAD739060618A06496EFCBCA27
Authority key identifier: 62:83:B6:D1:D8:61:02:E9:ED:F2:AB:DD:AA:7C:93:47:AA:C7:17:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/95HVzytSpUqxIIsx42Kw5BeT3mU.roa
Signing time:             Mon 01 Jan 2024 10:30:07 +0000
ROA not before:           Mon 01 Jan 2024 10:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0f:d3c0:ff00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 19:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d8:ba:d7:39:06:06:18:a0:64:96:ef:cb:ca:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6283b6d1d86102e9edf2abddaa7c9347aac717c7
        Validity
            Not Before: Jan  1 10:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f791d5cf2b52a54ab1208b31e362b0e41793de65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ef:78:2d:4f:aa:e6:f5:54:d5:a4:4d:e4:28:
                    be:1a:1e:58:53:c6:e0:de:cf:6a:bf:c2:e1:65:fc:
                    99:33:19:f7:81:59:d6:92:3d:4f:63:ec:83:b9:ab:
                    59:30:0c:3d:ba:ce:b9:df:44:3d:f7:bd:16:64:dd:
                    26:d8:22:09:18:78:be:76:75:fb:f0:7d:fd:34:18:
                    93:60:9d:65:e8:fa:9d:b0:8e:8f:90:11:fc:47:04:
                    00:0d:81:af:f4:6e:c5:f4:0e:29:11:c2:a5:27:ee:
                    da:7e:d0:4f:2f:74:0b:3d:26:c9:05:e1:8d:07:66:
                    6b:0a:01:28:6a:88:78:46:4b:f7:1f:61:e0:fc:2b:
                    14:c2:f8:fc:0b:31:8c:66:78:6f:73:5e:fc:79:46:
                    a6:74:50:53:50:f6:f1:89:83:c3:83:b1:35:91:4b:
                    4e:d2:ac:fb:83:14:86:ff:86:b2:6e:d4:0d:85:43:
                    d5:d0:36:9b:b4:a2:aa:5b:4a:44:0a:99:4f:55:02:
                    9c:5f:69:bb:8f:d8:ba:db:c6:3a:76:d7:97:30:09:
                    88:4e:02:56:48:7a:85:22:67:69:3d:07:c5:b7:22:
                    b9:ad:f3:6c:47:8b:85:e1:28:8a:62:51:43:a1:78:
                    4f:91:c2:25:70:46:e5:df:b3:77:55:db:e1:28:72:
                    e5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:91:D5:CF:2B:52:A5:4A:B1:20:8B:31:E3:62:B0:E4:17:93:DE:65
            X509v3 Authority Key Identifier:
                keyid:62:83:B6:D1:D8:61:02:E9:ED:F2:AB:DD:AA:7C:93:47:AA:C7:17:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/95HVzytSpUqxIIsx42Kw5BeT3mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:d3c0:ff00::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:33:0b:73:a7:0b:b4:cb:26:75:91:0d:41:69:6a:39:8b:e4:
         91:e9:66:4d:9c:09:42:6b:ea:7f:d1:08:64:36:ca:5d:7e:f1:
         ff:00:fd:06:e5:03:b7:9e:7e:27:10:3a:60:e7:97:49:39:35:
         fa:d1:10:cc:ef:fa:7c:3a:63:20:c4:36:2e:46:96:cd:d7:e8:
         b4:55:dd:68:e8:88:08:85:a9:63:40:76:57:e1:e3:cc:70:f7:
         f0:6f:4e:8f:0b:03:76:19:46:e5:ee:1e:9b:64:33:15:9d:ed:
         21:88:2a:f5:22:de:96:33:bc:6e:8b:c4:0b:18:f0:40:c3:33:
         b1:3e:5c:79:db:81:37:9c:ea:d8:4f:4d:55:c4:ab:a6:6e:64:
         4e:13:87:c3:5c:c2:af:39:f4:44:f8:65:1e:28:eb:f2:79:00:
         57:67:fb:2e:25:41:1a:ba:5c:82:cb:eb:3a:ca:25:28:d9:3b:
         1b:e5:3b:e7:bd:a4:6f:27:22:33:26:46:6e:90:e6:16:4c:97:
         81:9c:d3:32:8c:dc:05:28:d0:24:20:55:01:eb:50:c0:91:77:
         23:4c:a6:f9:64:9f:2f:76:cf:b2:c5:f2:5b:cf:8f:78:a3:6b:
         00:a1:e8:c8:d2:fe:d9:e1:17:81:7d:1b:a2:77:ab:02:c5:36:
         c6:f1:57:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkti61zkGBhigZJbvy8onMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyODNiNmQxZDg2MTAyZTllZGYyYWJkZGFhN2M5MzQ3YWFj
NzE3YzcwHhcNMjQwMTAxMTAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzkxZDVjZjJiNTJhNTRhYjEyMDhiMzFlMzYyYjBlNDE3OTNkZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO94LU+q5vVU1aRN5Ci+Gh5YU8bg
3s9qv8LhZfyZMxn3gVnWkj1PY+yDuatZMAw9us6530Q9970WZN0m2CIJGHi+dnX7
8H39NBiTYJ1l6PqdsI6PkBH8RwQADYGv9G7F9A4pEcKlJ+7aftBPL3QLPSbJBeGN
B2ZrCgEoaoh4Rkv3H2Hg/CsUwvj8CzGMZnhvc178eUamdFBTUPbxiYPDg7E1kUtO
0qz7gxSG/4aybtQNhUPV0DabtKKqW0pECplPVQKcX2m7j9i628Y6dteXMAmITgJW
SHqFImdpPQfFtyK5rfNsR4uF4SiKYlFDoXhPkcIlcEbl37N3VdvhKHLl4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPeR1c8rUqVKsSCLMeNisOQXk95lMB8GA1UdIwQY
MBaAFGKDttHYYQLp7fKr3ap8k0eqxxfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW9PMjBkaGhBdW50OHF2ZHFueVRSNnJIRjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iZDQzMTctYjllZi00YjIzLTgwYWQt
OTE0ZTQ4ODFlZWE4LzEvOTVIVnp5dFNwVXF4SUlzeDQyS3c1QmVUM21VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iZDQzMTctYjllZi00YjIzLTgwYWQtOTE0ZTQ4ODFlZWE4
LzEvWW9PMjBkaGhBdW50OHF2ZHFueVRSNnJIRjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/TwP8A
MA0GCSqGSIb3DQEBCwUAA4IBAQAeMwtzpwu0yyZ1kQ1BaWo5i+SR6WZNnAlCa+p/
0QhkNspdfvH/AP0G5QO3nn4nEDpg55dJOTX60RDM7/p8OmMgxDYuRpbN1+i0Vd1o
6IgIhaljQHZX4ePMcPfwb06PCwN2GUbl7h6bZDMVne0hiCr1It6WM7xui8QLGPBA
wzOxPlx524E3nOrYT01VxKumbmROE4fDXMKvOfRE+GUeKOvyeQBXZ/suJUEaulyC
y+s6yiUo2Tsb5TvnvaRvJyIzJkZukOYWTJeBnNMyjNwFKNAkIFUB61DAkXcjTKb5
ZJ8vds+yxfJbz494o2sAoejI0v7Z4ReBfRuid6sCxTbG8Vd1
-----END CERTIFICATE-----