Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WjFkdyYYcyeBcP9xoOLr7R5T4HU.roa
File:                     WjFkdyYYcyeBcP9xoOLr7R5T4HU.roa (raw, json)
Hash identifier:          oYIkJ9TvRxq+kAYPl2pO03kr+ZIcufk3yXofQLWxHFw=
Subject key identifier:   5A:31:64:77:26:18:73:27:81:70:FF:71:A0:E2:EB:ED:1E:53:E0:75
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ECCEBEAFAFBF7A49828766A3E0884
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WjFkdyYYcyeBcP9xoOLr7R5T4HU.roa
Signing time:             Thu 02 Jan 2025 05:48:23 +0000
ROA not before:           Thu 02 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198304
IP address blocks:        2a0e:aa07:e0b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:cc:eb:ea:fa:fb:f7:a4:98:28:76:6a:3e:08:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a316477261873278170ff71a0e2ebed1e53e075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2e:cc:18:04:19:dd:b4:f0:45:e5:85:e4:52:
                    20:eb:b4:2a:12:5f:3c:31:49:73:9e:9f:c3:67:fa:
                    8a:e6:e0:65:90:b8:59:3a:88:51:f6:f3:63:6c:ad:
                    35:1b:75:7f:97:6f:b8:6b:41:84:f0:4d:c0:e5:3a:
                    68:07:83:43:b7:7f:1c:bc:cc:6a:c8:29:6a:98:d2:
                    cd:88:17:4e:bb:10:b8:22:cb:ef:ec:40:9a:b6:ad:
                    dd:f2:f6:d4:82:12:9f:e5:ec:78:15:63:3e:96:d6:
                    77:1a:c4:3d:ef:5a:49:ed:a6:50:e0:d7:b8:e3:22:
                    33:89:68:dc:5b:39:f8:50:dc:4b:4c:28:1f:2c:e6:
                    94:28:47:b5:4a:14:c0:7e:a5:ba:f8:1d:90:b2:a7:
                    f5:1c:d9:fa:1d:ec:77:c8:83:70:26:54:14:34:8c:
                    ba:d7:3f:8a:12:cb:18:cd:33:41:8d:51:a0:28:77:
                    a7:0d:48:81:58:80:bd:1c:fe:bb:a2:a9:44:f2:66:
                    90:85:5c:4c:0a:95:6a:a7:24:a8:7a:eb:ea:f0:94:
                    40:c3:7a:68:aa:e9:69:3c:dc:12:76:f0:ea:27:72:
                    18:f1:12:eb:4a:b1:45:66:f9:7a:17:06:2d:ea:9e:
                    70:32:18:9c:4c:de:fe:c1:98:24:a7:9d:e9:a2:95:
                    f6:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:31:64:77:26:18:73:27:81:70:FF:71:A0:E2:EB:ED:1E:53:E0:75
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WjFkdyYYcyeBcP9xoOLr7R5T4HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e0b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         30:5f:52:fc:1a:e0:7e:bf:9f:f2:bd:6c:da:14:89:eb:62:fa:
         72:04:e0:1b:09:83:f3:90:b4:ab:0e:5c:14:d0:21:c6:0f:8d:
         0f:b1:f9:31:2e:2c:34:d8:78:2f:0b:fb:3a:41:61:f8:78:cc:
         7a:e2:d0:82:ea:79:aa:82:e7:0b:7a:88:01:f3:a9:90:ba:51:
         eb:f9:e4:57:41:db:08:13:d2:2d:78:81:27:0b:72:e4:8d:0e:
         08:b1:10:10:c9:da:db:5a:16:f9:a4:f6:fe:e2:08:c1:fa:21:
         87:02:13:59:44:9f:5e:30:91:82:3f:a1:d1:df:84:14:b1:d1:
         16:4f:6f:ea:b9:ff:ed:c1:4f:46:a1:24:1e:3b:25:37:0e:a5:
         6a:0e:b8:63:b9:15:e4:b7:1c:b7:45:96:75:cb:d4:89:a8:b1:
         6d:35:1a:8f:69:53:77:dd:eb:ef:a8:54:83:8c:93:b9:8e:36:
         03:af:a7:04:f8:67:5d:c2:95:d8:41:f6:fb:21:41:d1:11:be:
         cc:8c:7c:78:52:b9:65:b6:53:77:db:b8:d6:24:d5:e5:af:b1:
         12:28:77:dc:ad:99:d5:cf:08:a7:02:85:e3:fb:8d:9a:65:02:
         d1:8b:e8:a3:0f:1f:54:04:89:61:6f:b1:fc:ee:08:e2:32:92:
         8f:2b:aa:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljszr6vr796SYKHZqPgiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTMxNjQ3NzI2MTg3MzI3ODE3MGZmNzFhMGUyZWJlZDFlNTNlMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtC7MGAQZ3bTwReWF5FIg67QqEl88
MUlznp/DZ/qK5uBlkLhZOohR9vNjbK01G3V/l2+4a0GE8E3A5TpoB4NDt38cvMxq
yClqmNLNiBdOuxC4Isvv7ECatq3d8vbUghKf5ex4FWM+ltZ3GsQ971pJ7aZQ4Ne4
4yIziWjcWzn4UNxLTCgfLOaUKEe1ShTAfqW6+B2Qsqf1HNn6Hex3yINwJlQUNIy6
1z+KEssYzTNBjVGgKHenDUiBWIC9HP67oqlE8maQhVxMCpVqpySoeuvq8JRAw3po
qulpPNwSdvDqJ3IY8RLrSrFFZvl6FwYt6p5wMhicTN7+wZgkp53popX27wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFoxZHcmGHMngXD/caDi6+0eU+B1MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvV2pGa2R5WVljeWVCY1A5eG9PTHI3UjVUNEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Cw
MA0GCSqGSIb3DQEBCwUAA4IBAQAwX1L8GuB+v5/yvWzaFInrYvpyBOAbCYPzkLSr
DlwU0CHGD40PsfkxLiw02HgvC/s6QWH4eMx64tCC6nmqgucLeogB86mQulHr+eRX
QdsIE9IteIEnC3LkjQ4IsRAQydrbWhb5pPb+4gjB+iGHAhNZRJ9eMJGCP6HR34QU
sdEWT2/quf/twU9GoSQeOyU3DqVqDrhjuRXktxy3RZZ1y9SJqLFtNRqPaVN33evv
qFSDjJO5jjYDr6cE+GddwpXYQfb7IUHREb7MjHx4UrlltlN327jWJNXlr7ESKHfc
rZnVzwinAoXj+42aZQLRi+ijDx9UBIlhb7H87gjiMpKPK6pb
-----END CERTIFICATE-----