Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/DNicS5Z-pPn3vaFMKKeEekmdrlE.roa
File:                     DNicS5Z-pPn3vaFMKKeEekmdrlE.roa (raw, json)
Hash identifier:          0l5NIvCXr3fLIjFuKLLTFlQSm8AET6cVJnwaQTJnACk=
Subject key identifier:   0C:D8:9C:4B:96:7E:A4:F9:F7:BD:A1:4C:28:A7:84:7A:49:9D:AE:51
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EC313828E706BA6D44FBA847D40C1
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/DNicS5Z-pPn3vaFMKKeEekmdrlE.roa
Signing time:             Thu 02 Jan 2025 05:48:20 +0000
ROA not before:           Thu 02 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24239
IP address blocks:        2a0e:aa06:490::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c3:13:82:8e:70:6b:a6:d4:4f:ba:84:7d:40:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cd89c4b967ea4f9f7bda14c28a7847a499dae51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5c:be:c6:c1:a1:0e:f6:b4:8c:a6:4c:30:aa:
                    d3:1c:14:e0:3f:dd:a2:36:ff:76:7e:81:ab:b7:89:
                    0b:8a:71:52:7a:ff:8f:7d:4f:45:b5:c1:05:7b:c4:
                    e9:4d:7b:ae:e8:fa:a6:10:a7:75:fd:1f:33:fc:b5:
                    e9:ce:cc:23:5a:be:f7:c1:ae:9d:42:b8:8e:64:2b:
                    21:e3:63:b7:76:2e:8f:f9:55:f2:08:33:c7:20:fa:
                    99:03:f4:ea:28:4a:72:b6:f7:3a:b4:eb:01:7b:ee:
                    1f:77:c4:b7:50:9e:47:5d:7b:c1:8f:03:44:1e:88:
                    53:53:f8:01:f7:94:85:25:db:60:f9:0e:45:32:af:
                    ca:92:23:8c:11:8f:3b:3c:d3:3d:5b:ad:a5:6e:23:
                    10:01:1b:65:71:87:f8:f7:c5:9d:f9:b9:ed:15:7a:
                    fe:f7:65:37:3d:b6:57:79:4f:81:ce:17:55:de:61:
                    ac:79:42:a7:1d:9a:a1:68:2b:3e:f5:72:4a:ff:64:
                    83:e8:17:89:71:a6:dd:d6:cd:93:76:fb:69:35:94:
                    67:51:c3:c3:50:32:59:b9:62:c8:71:88:56:80:42:
                    18:5a:61:07:c1:08:47:04:c4:b5:16:de:f9:86:eb:
                    cc:83:bb:31:1f:8c:48:f1:38:d7:f3:44:f9:d1:df:
                    9d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D8:9C:4B:96:7E:A4:F9:F7:BD:A1:4C:28:A7:84:7A:49:9D:AE:51
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/DNicS5Z-pPn3vaFMKKeEekmdrlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:490::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:bb:8d:da:c8:6e:30:74:9a:7b:94:8d:98:d2:fe:15:8b:04:
         79:52:70:b0:4b:b6:8c:31:54:fe:fb:90:95:9f:42:f3:5f:7d:
         fb:11:03:38:e6:67:d3:cd:68:61:11:8d:95:5c:4f:d4:79:33:
         6b:99:61:7f:f9:ce:7b:5f:be:45:78:43:45:49:09:f7:9e:fb:
         fe:07:a2:8b:7b:fb:2a:96:e3:35:5c:01:0b:c3:ee:15:92:3d:
         0b:33:69:4a:f4:24:c6:06:f7:d9:4c:86:1f:7d:f7:91:c8:f3:
         07:de:e5:c5:37:9f:a6:c3:48:5d:28:88:13:7c:91:6a:b1:f1:
         61:d9:14:29:5b:13:5c:cd:93:f8:16:e5:5b:c2:90:9a:31:aa:
         df:17:57:42:b1:5b:1e:74:86:50:aa:54:b2:66:8d:c3:9d:15:
         5f:cb:91:dd:24:6b:d9:75:b0:88:be:4a:5c:d2:b5:52:a3:55:
         c6:df:48:95:73:83:68:2a:3b:c6:89:e2:de:47:29:4b:c1:3f:
         30:f2:9a:9e:d4:eb:08:7b:4e:ed:b4:3d:b2:a4:5e:b7:c8:ed:
         33:cd:d2:7c:56:6e:ed:4a:54:1f:64:87:79:47:64:52:75:51:
         fe:61:87:c5:09:38:66:9f:f5:e0:9c:cf:65:8e:a6:9d:de:c7:
         ad:05:35:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljsMTgo5wa6bUT7qEfUDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Q4OWM0Yjk2N2VhNGY5ZjdiZGExNGMyOGE3ODQ3YTQ5OWRhZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFy+xsGhDva0jKZMMKrTHBTgP92i
Nv92foGrt4kLinFSev+PfU9FtcEFe8TpTXuu6PqmEKd1/R8z/LXpzswjWr73wa6d
QriOZCsh42O3di6P+VXyCDPHIPqZA/TqKEpytvc6tOsBe+4fd8S3UJ5HXXvBjwNE
HohTU/gB95SFJdtg+Q5FMq/KkiOMEY87PNM9W62lbiMQARtlcYf498Wd+bntFXr+
92U3PbZXeU+BzhdV3mGseUKnHZqhaCs+9XJK/2SD6BeJcabd1s2TdvtpNZRnUcPD
UDJZuWLIcYhWgEIYWmEHwQhHBMS1Ft75huvMg7sxH4xI8TjX80T50d+d+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAzYnEuWfqT5972hTCinhHpJna5RMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvRE5pY1M1Wi1wUG4zdmFGTUtLZUVla21kcmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAqu43ayG4wdJp7lI2Y0v4ViwR5UnCwS7aMMVT+
+5CVn0LzX337EQM45mfTzWhhEY2VXE/UeTNrmWF/+c57X75FeENFSQn3nvv+B6KL
e/sqluM1XAELw+4Vkj0LM2lK9CTGBvfZTIYfffeRyPMH3uXFN5+mw0hdKIgTfJFq
sfFh2RQpWxNczZP4FuVbwpCaMarfF1dCsVsedIZQqlSyZo3DnRVfy5HdJGvZdbCI
vkpc0rVSo1XG30iVc4NoKjvGieLeRylLwT8w8pqe1OsIe07ttD2ypF63yO0zzdJ8
Vm7tSlQfZId5R2RSdVH+YYfFCThmn/XgnM9ljqad3setBTWY
-----END CERTIFICATE-----