Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WPfQ6HBfV2iAkl7VWGOJBRbRCN0.roa
File:                     WPfQ6HBfV2iAkl7VWGOJBRbRCN0.roa (raw, json)
Hash identifier:          HfvbZm9SaaoHMR0sY1iWr0raHq4X0jCGSIq/epKn56Q=
Subject key identifier:   58:F7:D0:E8:70:5F:57:68:80:92:5E:D5:58:63:89:05:16:D1:08:DD
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EC86790D78373BBC1A1290A0DE4C9
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WPfQ6HBfV2iAkl7VWGOJBRbRCN0.roa
Signing time:             Thu 02 Jan 2025 05:48:21 +0000
ROA not before:           Thu 02 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135671
IP address blocks:        2a0e:aa06:450::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c8:67:90:d7:83:73:bb:c1:a1:29:0a:0d:e4:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58f7d0e8705f576880925ed55863890516d108dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f1:a3:95:8d:ea:e8:c7:5f:df:26:b9:ba:d4:
                    09:35:54:c1:30:a0:a3:f1:c2:25:31:8c:bb:22:9c:
                    c6:27:40:7c:f6:2d:2f:51:15:8b:4f:ab:9b:52:d3:
                    a6:51:77:f0:7c:b5:9c:86:36:f9:90:c9:fa:5c:8e:
                    bb:9f:3a:9c:06:17:92:0c:72:98:7a:e1:3d:64:da:
                    71:2b:46:1f:fc:91:61:84:06:2c:4b:11:31:8d:00:
                    14:fc:42:26:ba:75:75:00:06:35:ec:a7:57:38:15:
                    ca:f7:b2:92:93:09:0a:e6:0f:c8:7d:cc:ba:ab:13:
                    43:bf:e4:c4:00:4f:b9:63:2b:a2:c5:dc:37:f1:d2:
                    e9:b7:5b:d1:a2:b9:0a:cf:05:fb:34:e3:3b:76:d1:
                    bf:5f:6b:74:a3:6b:ce:66:33:7d:33:5d:01:d7:57:
                    52:69:b6:a3:96:dd:01:60:1f:5e:b2:27:ac:85:67:
                    f7:be:d9:e3:4f:c1:10:83:15:8c:0e:41:2d:80:8c:
                    c3:9a:80:ba:e0:ff:e1:7a:f1:49:02:35:72:f0:5c:
                    d9:41:84:5a:b4:d5:f4:7d:e7:af:c4:56:ee:54:54:
                    33:a2:07:72:84:9d:a7:85:11:21:8b:a0:cd:23:31:
                    d1:e1:69:aa:16:1d:bb:bd:aa:a3:ab:9c:fe:84:ff:
                    a1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F7:D0:E8:70:5F:57:68:80:92:5E:D5:58:63:89:05:16:D1:08:DD
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WPfQ6HBfV2iAkl7VWGOJBRbRCN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:450::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:09:33:05:d1:a0:d3:b7:8f:0c:3c:cb:b9:cd:c8:72:8a:38:
         dd:19:08:ea:27:e5:70:da:46:a9:84:05:8e:73:ab:a2:ac:6d:
         6b:ef:c3:b4:bb:4a:93:5f:fd:5c:5d:1f:a3:7c:8a:e2:5f:6c:
         f7:fe:94:2b:f7:31:84:b9:94:e0:e5:fa:a8:d4:6b:19:31:4f:
         9a:8c:f9:9b:7b:fd:2f:fc:5a:b6:55:52:7e:03:e0:5a:0c:85:
         68:18:18:9a:38:26:ea:85:06:a3:6f:73:cd:22:31:5d:0d:ce:
         5d:6a:54:b1:66:48:f8:90:6b:b5:66:47:e5:68:42:39:64:00:
         63:6b:61:33:b5:d0:af:1b:09:19:a5:b1:ba:26:43:bd:78:f3:
         53:f1:fa:0f:70:ba:3f:ee:7e:ba:d5:fe:5a:52:a0:48:cb:42:
         5e:dc:ca:04:0e:0b:ba:3e:02:07:ed:ee:58:63:f5:f2:0b:12:
         63:3c:cb:cf:3b:98:97:08:db:67:a4:7e:ce:2a:77:c6:43:51:
         e7:4f:4d:ef:4c:4f:0b:a7:4d:47:fc:12:01:13:bc:9a:73:26:
         b6:fc:ff:8e:5d:e3:20:17:67:9f:82:7c:1d:c7:94:1b:70:04:
         49:82:74:b8:64:f2:b7:07:fe:24:57:5c:e1:79:39:a3:28:b9:
         51:f1:fb:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljshnkNeDc7vBoSkKDeTJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGY3ZDBlODcwNWY1NzY4ODA5MjVlZDU1ODYzODkwNTE2ZDEwOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PGjlY3q6Mdf3ya5utQJNVTBMKCj
8cIlMYy7IpzGJ0B89i0vURWLT6ubUtOmUXfwfLWchjb5kMn6XI67nzqcBheSDHKY
euE9ZNpxK0Yf/JFhhAYsSxExjQAU/EImunV1AAY17KdXOBXK97KSkwkK5g/Ifcy6
qxNDv+TEAE+5Yyuixdw38dLpt1vRorkKzwX7NOM7dtG/X2t0o2vOZjN9M10B11dS
abajlt0BYB9esieshWf3vtnjT8EQgxWMDkEtgIzDmoC64P/hevFJAjVy8FzZQYRa
tNX0feevxFbuVFQzogdyhJ2nhREhi6DNIzHR4WmqFh27vaqjq5z+hP+h5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFj30OhwX1dogJJe1VhjiQUW0QjdMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvV1BmUTZIQmZWMmlBa2w3VldHT0pCUmJSQ04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCKCTMF0aDTt48MPMu5zchyijjdGQjqJ+Vw2kap
hAWOc6uirG1r78O0u0qTX/1cXR+jfIriX2z3/pQr9zGEuZTg5fqo1GsZMU+ajPmb
e/0v/Fq2VVJ+A+BaDIVoGBiaOCbqhQajb3PNIjFdDc5dalSxZkj4kGu1ZkflaEI5
ZABja2EztdCvGwkZpbG6JkO9ePNT8foPcLo/7n661f5aUqBIy0Je3MoEDgu6PgIH
7e5YY/XyCxJjPMvPO5iXCNtnpH7OKnfGQ1HnT03vTE8Lp01H/BIBE7yacya2/P+O
XeMgF2efgnwdx5QbcARJgnS4ZPK3B/4kV1zheTmjKLlR8fvt
-----END CERTIFICATE-----