Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/762743-7164-433e-8bb6-a19507de75b4/1/yNsq1HP8PFarXl8iGJv5RwLphv0.roa
File:                     yNsq1HP8PFarXl8iGJv5RwLphv0.roa (raw, json)
Hash identifier:          RimVTmTRZRbNVAD7fFNNycbtgqPVdmLUHdPZ1Yjm2rg=
Subject key identifier:   C8:DB:2A:D4:73:FC:3C:56:AB:5E:5F:22:18:9B:F9:47:02:E9:86:FD
Certificate issuer:       /CN=9d66a5cfa39cfa91e313443f613e73cce73f2140
Certificate serial:       018CC2DB1201BD85B83BE3012DB2D4D963FF
Authority key identifier: 9D:66:A5:CF:A3:9C:FA:91:E3:13:44:3F:61:3E:73:CC:E7:3F:21:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWalz6Oc-pHjE0Q_YT5zzOc_IUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/762743-7164-433e-8bb6-a19507de75b4/1/yNsq1HP8PFarXl8iGJv5RwLphv0.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13127
IP address blocks:        2a0c:9180::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/762743-7164-433e-8bb6-a19507de75b4/1/nWalz6Oc-pHjE0Q_YT5zzOc_IUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/762743-7164-433e-8bb6-a19507de75b4/1/nWalz6Oc-pHjE0Q_YT5zzOc_IUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWalz6Oc-pHjE0Q_YT5zzOc_IUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:12:01:bd:85:b8:3b:e3:01:2d:b2:d4:d9:63:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d66a5cfa39cfa91e313443f613e73cce73f2140
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8db2ad473fc3c56ab5e5f22189bf94702e986fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a6:19:43:36:84:e2:11:bf:ec:e3:66:a9:9d:
                    99:56:fa:ec:ed:3f:c8:82:bd:e7:e1:6c:b3:fb:cd:
                    e1:ab:ca:28:f7:14:3a:4c:bb:cf:5d:13:cf:ff:72:
                    73:3f:ed:ad:16:48:a3:8c:70:cc:f5:78:c9:47:b6:
                    83:3d:b0:77:4f:d0:8e:cf:3b:f9:06:06:1b:e5:fb:
                    9e:8e:b5:67:1b:64:8f:09:82:2d:24:2a:e9:24:e5:
                    94:a1:73:83:bc:67:24:84:45:c4:4d:b9:e7:dc:d3:
                    f6:2c:fb:bd:d2:45:99:dc:44:b9:3c:86:d5:38:4e:
                    7d:10:a7:61:d9:89:01:74:63:a1:20:8c:5e:1a:f1:
                    64:88:88:13:47:4d:f4:c6:03:95:b0:4a:93:b4:75:
                    1a:6d:90:8f:9c:95:4f:cf:c9:bf:66:4b:0f:fc:4e:
                    32:0e:cd:d9:e2:3e:c6:ee:87:d2:41:14:2c:ba:da:
                    d9:91:e2:a7:12:a3:6c:a4:ab:2c:b7:69:5e:3c:ed:
                    55:2d:7b:63:89:15:4b:8e:d9:e6:11:83:bf:46:dc:
                    84:ad:58:41:0e:a0:f8:58:47:04:7f:56:01:51:a5:
                    d2:06:49:d1:b5:dd:54:5d:9f:dd:f0:b2:c2:dd:58:
                    23:9f:6c:35:b4:8d:94:d8:ee:e7:f1:fb:b8:47:7e:
                    c9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:DB:2A:D4:73:FC:3C:56:AB:5E:5F:22:18:9B:F9:47:02:E9:86:FD
            X509v3 Authority Key Identifier:
                keyid:9D:66:A5:CF:A3:9C:FA:91:E3:13:44:3F:61:3E:73:CC:E7:3F:21:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWalz6Oc-pHjE0Q_YT5zzOc_IUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/762743-7164-433e-8bb6-a19507de75b4/1/yNsq1HP8PFarXl8iGJv5RwLphv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/762743-7164-433e-8bb6-a19507de75b4/1/nWalz6Oc-pHjE0Q_YT5zzOc_IUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9180::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:52:41:17:71:40:61:e3:91:93:ba:01:e8:a2:df:27:de:fb:
         88:54:31:f9:48:a6:c2:52:8d:1d:a1:af:85:57:e0:cc:a0:9e:
         7c:a0:48:d8:21:40:2d:bb:e6:cf:a8:8f:a9:a1:32:f8:fa:a6:
         49:f4:4a:1a:42:25:c7:83:4a:37:d2:9f:9f:ef:6d:2e:f5:06:
         de:9a:56:c0:98:6f:05:4b:58:fa:96:b3:02:23:61:01:db:47:
         8b:ef:10:f8:52:48:ed:64:85:bb:6e:9b:62:fb:fd:e0:4f:90:
         c7:1a:72:a8:65:be:5d:52:24:62:38:c0:76:60:eb:3c:fd:44:
         39:ef:26:06:46:08:22:45:a3:ea:49:c4:80:bd:0f:44:82:f4:
         36:c0:cb:e5:b9:65:0e:d4:ac:d3:0a:6f:b7:e9:61:06:3c:9d:
         74:ac:c1:d0:ce:09:de:da:fd:c7:a8:48:b4:c3:93:58:93:89:
         1a:5c:53:29:64:e6:bb:44:3a:82:b6:02:2e:7b:50:fa:cf:f1:
         9d:8d:b9:4a:8a:4f:14:19:9a:93:d3:1e:e1:52:9d:45:42:02:
         0b:b5:f3:8f:8b:24:3e:f2:02:65:6c:89:02:44:5a:d4:a0:b0:
         94:1e:06:90:47:93:f4:6b:e4:b8:cf:55:d7:8c:e1:16:87:7d:
         1f:26:6a:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2xIBvYW4O+MBLbLU2WP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNjZhNWNmYTM5Y2ZhOTFlMzEzNDQzZjYxM2U3M2NjZTcz
ZjIxNDAwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGRiMmFkNDczZmMzYzU2YWI1ZTVmMjIxODliZjk0NzAyZTk4NmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKYZQzaE4hG/7ONmqZ2ZVvrs7T/I
gr3n4Wyz+83hq8oo9xQ6TLvPXRPP/3JzP+2tFkijjHDM9XjJR7aDPbB3T9COzzv5
BgYb5fuejrVnG2SPCYItJCrpJOWUoXODvGckhEXETbnn3NP2LPu90kWZ3ES5PIbV
OE59EKdh2YkBdGOhIIxeGvFkiIgTR030xgOVsEqTtHUabZCPnJVPz8m/ZksP/E4y
Ds3Z4j7G7ofSQRQsutrZkeKnEqNspKsst2lePO1VLXtjiRVLjtnmEYO/RtyErVhB
DqD4WEcEf1YBUaXSBknRtd1UXZ/d8LLC3Vgjn2w1tI2U2O7n8fu4R37J+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMjbKtRz/DxWq15fIhib+UcC6Yb9MB8GA1UdIwQY
MBaAFJ1mpc+jnPqR4xNEP2E+c8znPyFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbldhbHo2T2MtcEhqRTBRX1lUNXp6T2NfSVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83NjI3NDMtNzE2NC00MzNlLThiYjYt
YTE5NTA3ZGU3NWI0LzEveU5zcTFIUDhQRmFyWGw4aUdKdjVSd0xwaHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83NjI3NDMtNzE2NC00MzNlLThiYjYtYTE5NTA3ZGU3NWI0
LzEvbldhbHo2T2MtcEhqRTBRX1lUNXp6T2NfSVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyRgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBZUkEXcUBh45GTugHoot8n3vuIVDH5SKbCUo0d
oa+FV+DMoJ58oEjYIUAtu+bPqI+poTL4+qZJ9EoaQiXHg0o30p+f720u9QbemlbA
mG8FS1j6lrMCI2EB20eL7xD4UkjtZIW7bpti+/3gT5DHGnKoZb5dUiRiOMB2YOs8
/UQ57yYGRggiRaPqScSAvQ9EgvQ2wMvluWUO1KzTCm+36WEGPJ10rMHQzgne2v3H
qEi0w5NYk4kaXFMpZOa7RDqCtgIue1D6z/GdjblKik8UGZqT0x7hUp1FQgILtfOP
iyQ+8gJlbIkCRFrUoLCUHgaQR5P0a+S4z1XXjOEWh30fJmqr
-----END CERTIFICATE-----