Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/J7jAvhHILDlov65fOsYMsN_IDHo.roa
File:                     J7jAvhHILDlov65fOsYMsN_IDHo.roa (raw, json)
Hash identifier:          3e1IRyQUr3ur0IUwDefN922eapi7DI3Aer+QGjqbQIc=
Subject key identifier:   27:B8:C0:BE:11:C8:2C:39:68:BF:AE:5F:3A:C6:0C:B0:DF:C8:0C:7A
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EDA155066FD1537BB9E4D02D178EA
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/J7jAvhHILDlov65fOsYMsN_IDHo.roa
Signing time:             Thu 02 Jan 2025 05:48:26 +0000
ROA not before:           Thu 02 Jan 2025 05:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208498
IP address blocks:        2a0e:aa01:ab10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:da:15:50:66:fd:15:37:bb:9e:4d:02:d1:78:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27b8c0be11c82c3968bfae5f3ac60cb0dfc80c7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:61:5e:69:e9:29:a9:7e:85:7d:67:e2:1b:68:
                    d9:a0:55:ef:7d:d2:a0:1a:35:cc:9d:30:09:e4:50:
                    8f:7c:71:e6:87:82:98:cf:23:48:2a:73:2d:91:71:
                    3b:9b:c9:54:6a:ce:00:55:1e:91:db:90:a0:92:ff:
                    e1:5b:8e:46:d5:89:79:b2:0c:be:63:69:b7:61:f3:
                    03:5d:b4:95:46:d1:08:ed:a5:f2:fa:43:e0:dc:e5:
                    05:8e:da:72:3c:e7:fe:44:da:06:58:1e:66:10:8d:
                    54:65:61:ee:b4:59:23:51:98:3e:72:84:72:2d:3a:
                    da:06:2d:f8:26:79:b7:7c:d0:5f:a5:d5:e6:a4:dd:
                    a9:59:9c:0a:bf:9f:7d:a0:b0:67:61:93:3c:78:58:
                    00:f4:ee:7f:ca:a6:ca:eb:e4:7d:a3:ab:0f:d3:26:
                    dc:ea:38:6f:d2:85:b2:6e:24:12:f1:a3:ea:f6:31:
                    17:a5:90:b4:79:80:a6:0f:c3:18:4f:ea:69:99:96:
                    bc:c5:dd:63:03:18:39:d3:af:4d:13:04:fc:da:0b:
                    1e:88:ae:3c:f0:82:e9:5a:8c:6a:f0:f5:5c:4d:01:
                    ab:f4:69:c5:de:13:98:ab:8f:f1:e2:fd:3a:45:46:
                    79:a2:04:83:10:67:6b:50:ef:64:cd:e7:dc:04:97:
                    45:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B8:C0:BE:11:C8:2C:39:68:BF:AE:5F:3A:C6:0C:B0:DF:C8:0C:7A
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/J7jAvhHILDlov65fOsYMsN_IDHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:ab10::/44

    Signature Algorithm: sha256WithRSAEncryption
         b1:76:a7:3e:00:02:22:2e:8b:d8:0b:01:d1:49:42:58:ca:6f:
         eb:4f:aa:7f:6c:da:e3:c8:f8:1c:72:74:3d:19:1a:68:6f:12:
         a5:e9:8f:0b:b8:1b:be:ed:04:6f:6c:c0:6e:ba:52:c0:66:67:
         03:f4:b8:c4:2b:33:28:82:0b:08:14:42:89:f6:27:4e:59:d0:
         4e:44:a9:1d:4c:67:8b:44:ab:bd:bc:4d:35:ca:a6:7a:3f:63:
         21:f7:b2:61:12:9f:b3:47:5a:7d:f2:9c:d0:c3:9a:3f:5b:2d:
         55:b5:ca:bf:a5:0d:f1:47:65:85:33:9f:d5:6b:65:1a:d9:1a:
         1b:0b:10:6b:8c:11:3b:1f:ca:c7:00:a0:38:e5:15:b9:a9:5c:
         4c:55:37:c2:c9:ca:62:eb:0e:ba:58:f8:4e:9b:dd:84:b8:6c:
         99:3b:bb:da:42:a6:87:bc:fe:92:5d:96:bd:e9:15:31:79:fa:
         96:26:f4:db:f8:c0:07:63:ac:69:b7:f4:ea:c7:71:2d:96:e7:
         f2:17:04:3f:d6:6b:91:25:f6:87:11:11:02:cd:9a:45:50:77:
         32:77:1c:7a:ae:82:21:2c:d6:a4:28:62:95:e9:a7:c0:2b:df:
         9c:0c:01:44:c0:80:2d:95:b5:fb:79:7b:86:76:61:5c:2d:a5:
         ce:71:53:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljtoVUGb9FTe7nk0C0XjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2I4YzBiZTExYzgyYzM5NjhiZmFlNWYzYWM2MGNiMGRmYzgwYzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWFeaekpqX6FfWfiG2jZoFXvfdKg
GjXMnTAJ5FCPfHHmh4KYzyNIKnMtkXE7m8lUas4AVR6R25Cgkv/hW45G1Yl5sgy+
Y2m3YfMDXbSVRtEI7aXy+kPg3OUFjtpyPOf+RNoGWB5mEI1UZWHutFkjUZg+coRy
LTraBi34Jnm3fNBfpdXmpN2pWZwKv599oLBnYZM8eFgA9O5/yqbK6+R9o6sP0ybc
6jhv0oWybiQS8aPq9jEXpZC0eYCmD8MYT+ppmZa8xd1jAxg5069NEwT82gseiK48
8ILpWoxq8PVcTQGr9GnF3hOYq4/x4v06RUZ5ogSDEGdrUO9kzefcBJdFDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCe4wL4RyCw5aL+uXzrGDLDfyAx6MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvSjdqQXZoSElMRGxvdjY1Zk9zWU1zTl9JREhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qAasQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCxdqc+AAIiLovYCwHRSUJYym/rT6p/bNrjyPgc
cnQ9GRpobxKl6Y8LuBu+7QRvbMBuulLAZmcD9LjEKzMoggsIFEKJ9idOWdBORKkd
TGeLRKu9vE01yqZ6P2Mh97JhEp+zR1p98pzQw5o/Wy1Vtcq/pQ3xR2WFM5/Va2Ua
2RobCxBrjBE7H8rHAKA45RW5qVxMVTfCycpi6w66WPhOm92EuGyZO7vaQqaHvP6S
XZa96RUxefqWJvTb+MAHY6xpt/Tqx3EtlufyFwQ/1muRJfaHERECzZpFUHcydxx6
roIhLNakKGKV6afAK9+cDAFEwIAtlbX7eXuGdmFcLaXOcVNx
-----END CERTIFICATE-----