Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/CvR8gbjhtpLMBoK6bMJNkt5bpso.roa
File:                     CvR8gbjhtpLMBoK6bMJNkt5bpso.roa (raw, json)
Hash identifier:          GQgHrsugSEP3gsjyiEkZ7OEux9tl8+O2pvQDy7AioaA=
Subject key identifier:   0A:F4:7C:81:B8:E1:B6:92:CC:06:82:BA:6C:C2:4D:92:DE:5B:A6:CA
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018F7CB371D523BCD833006C1D8FA66C7BCA
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/CvR8gbjhtpLMBoK6bMJNkt5bpso.roa
Signing time:             Wed 15 May 2024 14:41:25 +0000
ROA not before:           Wed 15 May 2024 14:41:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214899
IP address blocks:        2a0e:aa07:e1e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:b3:71:d5:23:bc:d8:33:00:6c:1d:8f:a6:6c:7b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: May 15 14:41:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0af47c81b8e1b692cc0682ba6cc24d92de5ba6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b2:bc:94:4b:04:e9:0f:fd:81:fc:4b:b9:46:
                    c9:75:9b:9a:ef:0b:b2:85:50:ad:8f:2d:6f:71:78:
                    cc:52:1f:90:6c:cf:39:ba:29:a5:ee:8b:ef:5a:94:
                    81:70:dc:8e:12:f8:4b:3c:e9:2c:02:5e:0a:7d:c9:
                    d5:d9:6c:f2:aa:7d:df:8d:b0:66:58:1c:02:d6:f7:
                    db:ca:df:45:14:25:72:ff:b3:34:49:20:f6:1c:84:
                    f9:90:e4:fc:4b:3e:e3:1b:af:dd:fe:f5:2e:08:0e:
                    2b:43:f0:58:69:d4:2d:fc:f7:74:13:4a:2c:0f:f2:
                    37:c5:b9:ca:59:43:86:01:93:5b:98:d8:29:6f:ce:
                    b6:fc:e6:f6:47:86:fe:5c:74:1a:08:0a:0f:72:02:
                    af:6e:ec:49:b1:41:19:b1:bd:1a:13:0f:60:16:de:
                    01:5f:81:9f:6f:f4:19:df:9d:9b:43:b9:90:7f:2f:
                    f0:e1:54:f4:2a:a2:e2:52:61:02:b4:c3:6a:27:dd:
                    6b:51:4c:03:7e:55:5f:eb:95:57:63:7c:9d:2e:73:
                    db:6f:b3:db:73:d4:7c:ac:0e:be:b3:9a:35:0a:23:
                    5e:ec:82:2c:8b:df:32:8f:45:ae:83:ba:80:c7:8e:
                    8f:97:bf:90:41:58:c0:5f:e3:4f:19:18:85:f6:70:
                    16:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F4:7C:81:B8:E1:B6:92:CC:06:82:BA:6C:C2:4D:92:DE:5B:A6:CA
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/CvR8gbjhtpLMBoK6bMJNkt5bpso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e1e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:2e:03:ff:fd:fe:57:90:af:34:57:71:d3:1a:6f:62:f8:ce:
         75:c7:50:55:55:48:28:45:d1:ba:c9:84:a7:dc:78:5c:a9:b5:
         ed:fc:b2:bc:d7:12:51:cf:b3:12:b8:10:9f:1d:9a:6f:60:ff:
         60:58:f0:31:68:77:13:e2:6e:fe:26:17:99:31:1d:b9:20:fe:
         32:fa:9b:28:e1:3e:cc:13:2a:5d:ca:b6:ad:cf:a4:58:4a:60:
         70:13:9b:cc:48:cf:f6:5e:f9:0b:d8:f0:8a:3d:af:4c:a0:d0:
         ad:aa:84:29:13:e8:ce:95:4f:79:e0:1b:72:95:40:89:8a:cd:
         bf:ea:69:c6:49:0f:20:a6:cf:b3:61:ba:b3:13:6a:25:f5:93:
         7b:b4:05:9d:cc:2e:bd:4a:04:dd:b1:d8:19:e6:d1:f0:62:f9:
         0d:d9:2b:3a:ae:65:3f:60:bf:4a:24:dd:71:a0:a0:8b:24:ff:
         82:71:4a:98:60:1b:28:d5:13:ae:31:ca:47:ad:07:c4:12:f1:
         bf:f1:37:c0:de:c0:5b:2c:2c:ab:17:59:c0:80:32:8d:19:b9:
         6a:10:8d:ce:c3:06:96:f8:12:e6:54:e7:fd:1a:c2:c5:73:2b:
         61:52:76:a9:19:65:9d:19:ae:38:32:e2:42:58:a1:e5:b4:46:
         ad:43:de:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY98s3HVI7zYMwBsHY+mbHvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNTE1MTQ0MTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWY0N2M4MWI4ZTFiNjkyY2MwNjgyYmE2Y2MyNGQ5MmRlNWJhNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrK8lEsE6Q/9gfxLuUbJdZua7wuy
hVCtjy1vcXjMUh+QbM85uiml7ovvWpSBcNyOEvhLPOksAl4KfcnV2Wzyqn3fjbBm
WBwC1vfbyt9FFCVy/7M0SSD2HIT5kOT8Sz7jG6/d/vUuCA4rQ/BYadQt/Pd0E0os
D/I3xbnKWUOGAZNbmNgpb862/Ob2R4b+XHQaCAoPcgKvbuxJsUEZsb0aEw9gFt4B
X4Gfb/QZ352bQ7mQfy/w4VT0KqLiUmECtMNqJ91rUUwDflVf65VXY3ydLnPbb7Pb
c9R8rA6+s5o1CiNe7IIsi98yj0Wug7qAx46Pl7+QQVjAX+NPGRiF9nAWIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAr0fIG44baSzAaCumzCTZLeW6bKMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvQ3ZSOGdiamh0cExNQm9LNmJNSk5rdDVicHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Hg
MA0GCSqGSIb3DQEBCwUAA4IBAQAVLgP//f5XkK80V3HTGm9i+M51x1BVVUgoRdG6
yYSn3HhcqbXt/LK81xJRz7MSuBCfHZpvYP9gWPAxaHcT4m7+JheZMR25IP4y+pso
4T7MEypdyratz6RYSmBwE5vMSM/2XvkL2PCKPa9MoNCtqoQpE+jOlU954BtylUCJ
is2/6mnGSQ8gps+zYbqzE2ol9ZN7tAWdzC69SgTdsdgZ5tHwYvkN2Ss6rmU/YL9K
JN1xoKCLJP+CcUqYYBso1ROuMcpHrQfEEvG/8TfA3sBbLCyrF1nAgDKNGblqEI3O
wwaW+BLmVOf9GsLFcythUnapGWWdGa44MuJCWKHltEatQ96t
-----END CERTIFICATE-----