Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/560gkvz4G_cMhJQUhJmeT0Y2TVM.roa
File:                     560gkvz4G_cMhJQUhJmeT0Y2TVM.roa (raw, json)
Hash identifier:          gXCWIs7Noy3Aena3AON4C0a1hs2TKvJVrBIi5cqiEKE=
Subject key identifier:   E7:AD:20:92:FC:F8:1B:F7:0C:84:94:14:84:99:9E:4F:46:36:4D:53
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EDFE42339A0617CD6674031AC2830
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/560gkvz4G_cMhJQUhJmeT0Y2TVM.roa
Signing time:             Thu 02 Jan 2025 05:48:27 +0000
ROA not before:           Thu 02 Jan 2025 05:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209584
IP address blocks:        2a0e:aa07:e04c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:df:e4:23:39:a0:61:7c:d6:67:40:31:ac:28:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7ad2092fcf81bf70c84941484999e4f46364d53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:81:b8:18:33:3b:e3:13:c2:05:13:37:03:91:
                    48:f1:e0:2c:80:2d:c3:e3:63:14:5a:4e:a0:e9:79:
                    1d:d2:f6:92:e5:f4:19:77:cc:c9:76:0a:17:94:fc:
                    3b:1f:50:e9:c6:9d:43:7e:58:d7:6c:fc:ba:96:26:
                    28:1d:cb:ff:ae:35:f9:9a:bb:a1:eb:61:99:32:bd:
                    84:53:2d:99:76:a2:71:79:42:f8:0e:60:9f:a4:2c:
                    ea:30:ae:9b:60:b2:43:07:14:b5:15:ca:98:05:78:
                    3d:f1:39:9f:ca:8b:09:5f:8a:07:23:ea:fd:b4:d0:
                    d4:33:a8:7a:40:22:3c:2d:b4:5b:a2:ba:49:a7:35:
                    33:48:ff:6b:f5:6c:23:4b:42:ff:c0:72:d1:e5:96:
                    3f:95:56:b2:43:79:bc:74:26:bb:fd:01:24:e7:0a:
                    3c:3c:5f:b3:14:e5:9e:e5:22:09:ab:86:20:63:b9:
                    a5:fd:9e:bd:46:b7:fb:f3:70:f5:07:47:56:b4:dc:
                    96:4e:3c:b6:a9:1f:b4:b8:50:26:b3:81:23:37:82:
                    f0:72:79:0c:6d:d3:3a:b4:11:4e:45:87:0f:77:9b:
                    1e:b4:8a:4b:b7:33:f8:e3:f4:5a:45:ff:a0:f5:e8:
                    a7:99:d2:c6:54:43:f8:99:e1:d9:39:ec:a1:c6:2b:
                    a2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:AD:20:92:FC:F8:1B:F7:0C:84:94:14:84:99:9E:4F:46:36:4D:53
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/560gkvz4G_cMhJQUhJmeT0Y2TVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e04c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:0b:98:34:33:c7:4a:5a:f2:c3:d0:ff:68:64:01:35:23:a4:
         cc:7e:eb:44:c2:66:97:c1:46:34:d6:e4:33:39:43:44:a4:be:
         f0:7e:e7:1e:7e:e3:95:3c:19:ab:75:81:44:31:95:3f:36:c2:
         22:45:0d:9c:e8:0d:ea:e0:10:d3:20:36:38:fc:78:d2:98:bb:
         c5:b8:60:e4:34:0c:aa:d0:45:a4:3a:5e:a7:d4:1e:93:fd:a2:
         0e:46:31:87:50:f6:45:7d:31:c1:36:f0:e5:5a:35:17:75:e1:
         db:28:80:64:6e:a9:af:03:fd:d5:d9:92:42:e4:04:79:ab:2f:
         fb:92:08:f0:fc:82:46:7d:df:33:7d:1b:03:e4:d0:b8:71:0d:
         da:1f:75:4a:b4:d7:8f:bf:bd:8f:e1:0b:f7:ff:d4:f8:f3:95:
         7e:3d:bc:a1:3c:a5:25:93:a6:22:0e:cd:c1:91:ff:f2:17:cc:
         a3:5b:3f:74:a3:2d:2a:2a:28:5d:10:3d:af:78:e0:66:32:32:
         f4:ff:97:61:13:92:ec:7b:98:17:95:ad:bf:22:a2:87:86:ea:
         e2:51:b7:cb:12:0b:71:26:86:25:dd:c1:d1:6f:c0:5a:62:3a:
         2f:17:ad:56:4b:f6:50:11:b6:fa:04:a1:ab:4a:41:b1:d0:00:
         d4:8b:2c:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljt/kIzmgYXzWZ0AxrCgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2FkMjA5MmZjZjgxYmY3MGM4NDk0MTQ4NDk5OWU0ZjQ2MzY0ZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoG4GDM74xPCBRM3A5FI8eAsgC3D
42MUWk6g6Xkd0vaS5fQZd8zJdgoXlPw7H1Dpxp1DfljXbPy6liYoHcv/rjX5mruh
62GZMr2EUy2ZdqJxeUL4DmCfpCzqMK6bYLJDBxS1FcqYBXg98TmfyosJX4oHI+r9
tNDUM6h6QCI8LbRborpJpzUzSP9r9WwjS0L/wHLR5ZY/lVayQ3m8dCa7/QEk5wo8
PF+zFOWe5SIJq4YgY7ml/Z69Rrf783D1B0dWtNyWTjy2qR+0uFAms4EjN4LwcnkM
bdM6tBFORYcPd5setIpLtzP44/RaRf+g9einmdLGVEP4meHZOeyhxiuiTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOetIJL8+Bv3DISUFISZnk9GNk1TMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNTYwZ2t2ejRHX2NNaEpRVWhKbWVUMFkyVFZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BM
MA0GCSqGSIb3DQEBCwUAA4IBAQBbC5g0M8dKWvLD0P9oZAE1I6TMfutEwmaXwUY0
1uQzOUNEpL7wfucefuOVPBmrdYFEMZU/NsIiRQ2c6A3q4BDTIDY4/HjSmLvFuGDk
NAyq0EWkOl6n1B6T/aIORjGHUPZFfTHBNvDlWjUXdeHbKIBkbqmvA/3V2ZJC5AR5
qy/7kgjw/IJGfd8zfRsD5NC4cQ3aH3VKtNePv72P4Qv3/9T485V+PbyhPKUlk6Yi
Ds3Bkf/yF8yjWz90oy0qKihdED2veOBmMjL0/5dhE5Lse5gXla2/IqKHhuriUbfL
EgtxJoYl3cHRb8BaYjovF61WS/ZQEbb6BKGrSkGx0ADUiyyt
-----END CERTIFICATE-----