Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4kjgx2GEEcVT3P6_A5DxURn7RWc.roa
File:                     4kjgx2GEEcVT3P6_A5DxURn7RWc.roa (raw, json)
Hash identifier:          yidG5V1UToTyfA26DsH9M5v4YXOkt0+dRsgDwx5h+EI=
Subject key identifier:   E2:48:E0:C7:61:84:11:C5:53:DC:FE:BF:03:90:F1:51:19:FB:45:67
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EE615E6DAB40DB4447D5D1A74DBB7
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4kjgx2GEEcVT3P6_A5DxURn7RWc.roa
Signing time:             Thu 02 Jan 2025 05:48:29 +0000
ROA not before:           Thu 02 Jan 2025 05:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211162
IP address blocks:        2a0e:aa07:e01f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e6:15:e6:da:b4:0d:b4:44:7d:5d:1a:74:db:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e248e0c7618411c553dcfebf0390f15119fb4567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9a:b8:f7:82:97:fd:67:64:71:bf:b9:dc:78:
                    42:dc:f7:2f:fc:7a:62:89:31:4f:4c:dd:a6:9e:ae:
                    9a:9a:ea:fe:35:d8:b7:1c:9c:3f:d2:b4:ac:d7:33:
                    5f:73:47:85:f8:98:27:91:2d:05:aa:5b:16:39:8b:
                    b6:14:2f:0c:73:86:f2:85:91:8d:ed:27:bd:7c:a2:
                    91:85:ce:cd:3a:00:f2:00:ba:cc:0c:18:54:1d:8a:
                    fe:bf:5e:98:2b:5f:d4:13:79:10:98:89:83:3e:b9:
                    0e:2b:eb:83:06:be:c8:01:a4:10:78:d8:ed:18:69:
                    76:2f:a7:20:69:00:37:fe:e4:dd:32:4f:bf:a6:b6:
                    65:23:50:df:62:b9:85:e0:41:5e:75:6b:4f:ee:46:
                    7a:85:d9:0e:37:44:58:f0:94:c4:2c:71:17:27:00:
                    58:d0:9e:5d:68:d3:11:0f:4f:e7:76:0a:dc:93:e9:
                    3c:0c:c9:d7:d8:16:3c:b1:7c:86:1a:a4:ae:2e:97:
                    cb:36:87:32:60:b9:4b:b7:35:99:d5:6b:e3:2f:e4:
                    be:e8:3b:77:b5:2e:24:4d:03:aa:26:37:79:7d:62:
                    97:cd:0b:82:aa:d3:57:08:9a:c9:cd:d5:49:a2:40:
                    8c:e6:20:40:76:ed:f4:bb:31:d0:85:bd:04:c9:1f:
                    c8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:48:E0:C7:61:84:11:C5:53:DC:FE:BF:03:90:F1:51:19:FB:45:67
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4kjgx2GEEcVT3P6_A5DxURn7RWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e01f::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:0b:24:dd:4b:82:6d:a5:60:a0:1b:49:45:0a:57:00:8a:26:
         15:29:df:b9:12:c2:04:31:54:74:8d:46:a6:cb:d0:2d:df:a9:
         18:ab:f8:54:71:a8:9a:db:cc:75:55:85:e5:8b:fe:96:7f:9a:
         0b:49:66:47:a7:32:e4:c2:55:d5:87:84:a0:d3:00:33:20:04:
         77:7c:66:74:cd:cf:5c:85:7b:c9:29:32:52:4b:56:09:9f:0b:
         45:41:b4:ca:9e:c2:e1:14:65:20:19:b7:63:1a:3a:2f:14:d4:
         21:6f:01:10:b2:fe:83:6b:a5:b9:3a:71:d2:e1:19:95:6a:21:
         89:75:b0:fc:98:33:3f:75:32:74:60:12:ea:c1:67:bf:b6:82:
         7c:3e:ac:d5:38:7a:52:6d:62:20:86:72:d4:00:ce:44:10:f3:
         bb:88:b7:22:9b:7c:cd:c0:8c:23:94:0e:5e:d6:61:a5:26:e7:
         ad:6f:dd:0d:3a:af:5d:41:ec:a9:01:61:7d:92:fc:9b:39:e6:
         66:35:a3:35:34:dc:49:45:26:a2:00:86:12:2d:88:0f:1f:ed:
         47:50:fe:a5:27:a4:fb:ef:ee:45:40:43:25:fc:5a:88:9c:aa:
         45:73:32:be:d9:d8:67:cb:d1:d5:bb:3a:04:4f:b4:ac:bf:44:
         36:9b:65:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljuYV5tq0DbREfV0adNu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjQ4ZTBjNzYxODQxMWM1NTNkY2ZlYmYwMzkwZjE1MTE5ZmI0NTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJq494KX/Wdkcb+53HhC3Pcv/Hpi
iTFPTN2mnq6amur+Ndi3HJw/0rSs1zNfc0eF+JgnkS0FqlsWOYu2FC8Mc4byhZGN
7Se9fKKRhc7NOgDyALrMDBhUHYr+v16YK1/UE3kQmImDPrkOK+uDBr7IAaQQeNjt
GGl2L6cgaQA3/uTdMk+/prZlI1DfYrmF4EFedWtP7kZ6hdkON0RY8JTELHEXJwBY
0J5daNMRD0/ndgrck+k8DMnX2BY8sXyGGqSuLpfLNocyYLlLtzWZ1WvjL+S+6Dt3
tS4kTQOqJjd5fWKXzQuCqtNXCJrJzdVJokCM5iBAdu30uzHQhb0EyR/I4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOJI4MdhhBHFU9z+vwOQ8VEZ+0VnMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNGtqZ3gyR0VFY1ZUM1A2X0E1RHhVUm43UldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Af
MA0GCSqGSIb3DQEBCwUAA4IBAQCpCyTdS4JtpWCgG0lFClcAiiYVKd+5EsIEMVR0
jUamy9At36kYq/hUcaia28x1VYXli/6Wf5oLSWZHpzLkwlXVh4Sg0wAzIAR3fGZ0
zc9chXvJKTJSS1YJnwtFQbTKnsLhFGUgGbdjGjovFNQhbwEQsv6Da6W5OnHS4RmV
aiGJdbD8mDM/dTJ0YBLqwWe/toJ8PqzVOHpSbWIghnLUAM5EEPO7iLcim3zNwIwj
lA5e1mGlJuetb90NOq9dQeypAWF9kvybOeZmNaM1NNxJRSaiAIYSLYgPH+1HUP6l
J6T77+5FQEMl/FqInKpFczK+2dhny9HVuzoET7Ssv0Q2m2V1
-----END CERTIFICATE-----