Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9J4u-5FYai0_aTefYKaVZrPMe4o.roa
File:                     9J4u-5FYai0_aTefYKaVZrPMe4o.roa (raw, json)
Hash identifier:          7xHH9eEZXHub/ykTdLEpiept7pnS1vQrv29HRqYAVqA=
Subject key identifier:   F4:9E:2E:FB:91:58:6A:2D:3F:69:37:9F:60:A6:95:66:B3:CC:7B:8A
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EEE981B42DBC4089D7D79133EC23A
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9J4u-5FYai0_aTefYKaVZrPMe4o.roa
Signing time:             Thu 02 Jan 2025 05:48:31 +0000
ROA not before:           Thu 02 Jan 2025 05:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214772
IP address blocks:        2a0e:aa07:e1d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ee:98:1b:42:db:c4:08:9d:7d:79:13:3e:c2:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f49e2efb91586a2d3f69379f60a69566b3cc7b8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2c:d6:0e:3e:c5:83:a8:15:7f:36:79:bb:89:
                    8d:22:d3:c1:e9:15:f4:02:fa:59:55:e1:28:33:a6:
                    4f:ae:75:64:83:75:c3:c2:c6:59:0b:d4:bb:e6:1b:
                    38:75:f0:72:02:6f:1a:7f:e5:96:23:e6:30:43:00:
                    cf:30:ac:69:4b:da:a8:13:19:68:1b:75:91:c7:d2:
                    eb:f3:bf:a6:7a:3d:cf:a7:7b:b8:52:ce:1d:e3:3b:
                    5e:c0:c1:4a:11:84:2d:50:8c:f7:43:ed:2e:63:4a:
                    52:15:e0:43:e9:20:44:5e:3e:78:53:f7:17:2b:38:
                    6e:0e:41:12:d2:92:9e:cc:ef:c4:41:e0:bc:30:5b:
                    46:3d:68:65:12:d7:12:1d:76:ac:4a:5b:e3:83:3c:
                    f0:3c:07:7f:ba:14:2c:b7:ba:55:84:3c:7b:cc:57:
                    6e:96:ee:29:7b:8b:c0:d0:72:7f:f1:c9:aa:ba:4f:
                    d5:28:ef:c8:03:70:ff:4a:a2:d1:97:69:a0:42:b7:
                    bf:bc:1c:56:ec:99:d3:84:dd:82:7d:d6:16:96:bb:
                    df:eb:3c:2a:28:85:09:9b:96:1b:31:a9:2d:f9:84:
                    ab:4c:9e:df:6c:1a:37:04:ea:82:bf:ff:1b:1e:3a:
                    3b:e4:25:75:dc:84:a3:10:1e:0f:38:8c:43:91:c5:
                    97:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:9E:2E:FB:91:58:6A:2D:3F:69:37:9F:60:A6:95:66:B3:CC:7B:8A
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9J4u-5FYai0_aTefYKaVZrPMe4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:2f:d9:b3:45:e7:81:9e:a3:d3:51:83:25:85:99:32:34:34:
         3e:46:a3:9f:f6:52:55:ca:7e:b4:e2:19:f8:f2:b3:15:ed:c0:
         2d:e6:ca:d3:37:d0:c8:28:46:92:ff:a6:89:76:8e:58:38:6b:
         df:5c:d0:47:c3:f6:39:41:04:03:35:87:22:ba:6e:c0:b3:10:
         ff:18:7a:65:3d:02:4c:47:24:61:e5:4f:3d:ae:a0:6a:f9:fe:
         80:9f:ff:80:64:b1:cb:f5:e8:33:84:02:14:b6:b5:24:23:a9:
         59:72:b5:a4:ec:96:e4:89:ee:29:11:28:97:92:ee:09:bf:5c:
         4f:e3:f6:05:6c:8d:8c:c4:fd:05:5a:19:08:1e:b8:fe:2e:50:
         9b:dc:06:7a:50:d4:1b:40:1a:9d:f6:28:fe:7c:85:16:75:e7:
         30:e6:f2:5c:f9:6c:a7:4f:96:94:7e:d1:b8:92:b8:1c:9f:e3:
         6f:28:ca:24:38:28:24:bf:42:93:62:31:4b:65:ec:e0:44:cf:
         89:12:d2:30:43:45:8c:4d:15:d9:b9:1b:c1:3b:d4:2a:26:57:
         30:2b:b0:5d:b6:d1:2b:a2:38:06:48:eb:d3:a7:dc:50:a6:79:
         02:ac:7c:fd:c5:d1:0a:da:38:ec:14:f4:2f:a6:65:36:6a:28:
         fb:49:8d:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlju6YG0LbxAidfXkTPsI6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDllMmVmYjkxNTg2YTJkM2Y2OTM3OWY2MGE2OTU2NmIzY2M3YjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyzWDj7Fg6gVfzZ5u4mNItPB6RX0
AvpZVeEoM6ZPrnVkg3XDwsZZC9S75hs4dfByAm8af+WWI+YwQwDPMKxpS9qoExlo
G3WRx9Lr87+mej3Pp3u4Us4d4ztewMFKEYQtUIz3Q+0uY0pSFeBD6SBEXj54U/cX
KzhuDkES0pKezO/EQeC8MFtGPWhlEtcSHXasSlvjgzzwPAd/uhQst7pVhDx7zFdu
lu4pe4vA0HJ/8cmquk/VKO/IA3D/SqLRl2mgQre/vBxW7JnThN2CfdYWlrvf6zwq
KIUJm5YbMakt+YSrTJ7fbBo3BOqCv/8bHjo75CV13ISjEB4POIxDkcWXzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPSeLvuRWGotP2k3n2CmlWazzHuKMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvOUo0dS01RllhaTBfYVRlZllLYVZaclBNZTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+HQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB0L9mzReeBnqPTUYMlhZkyNDQ+RqOf9lJVyn60
4hn48rMV7cAt5srTN9DIKEaS/6aJdo5YOGvfXNBHw/Y5QQQDNYcium7AsxD/GHpl
PQJMRyRh5U89rqBq+f6An/+AZLHL9egzhAIUtrUkI6lZcrWk7Jbkie4pESiXku4J
v1xP4/YFbI2MxP0FWhkIHrj+LlCb3AZ6UNQbQBqd9ij+fIUWdecw5vJc+WynT5aU
ftG4krgcn+NvKMokOCgkv0KTYjFLZezgRM+JEtIwQ0WMTRXZuRvBO9QqJlcwK7Bd
ttErojgGSOvTp9xQpnkCrHz9xdEK2jjsFPQvpmU2aij7SY1y
-----END CERTIFICATE-----