Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZI6pFfQFRjbpyMSbTRlCWM5WB7A.roa
File:                     ZI6pFfQFRjbpyMSbTRlCWM5WB7A.roa (raw, json)
Hash identifier:          j/OWTZ1no9qA81B2Y21+0O2nBTBE/YirumwTHcD8iJw=
Subject key identifier:   64:8E:A9:15:F4:05:46:36:E9:C8:C4:9B:4D:19:42:58:CE:56:07:B0
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EF368918266964B18609858CE7CB4
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZI6pFfQFRjbpyMSbTRlCWM5WB7A.roa
Signing time:             Thu 02 Jan 2025 05:48:32 +0000
ROA not before:           Thu 02 Jan 2025 05:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     394604
IP address blocks:        2a0e:aa07:f00c::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:f3:68:91:82:66:96:4b:18:60:98:58:ce:7c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=648ea915f4054636e9c8c49b4d194258ce5607b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:4e:93:3a:f6:e1:31:d8:1c:59:a8:6a:93:
                    a7:5d:4a:2b:5a:49:7c:d8:90:ce:e0:89:2d:87:de:
                    fb:ea:ab:90:76:54:d3:b5:9e:0a:9e:b5:60:fc:6d:
                    f1:b4:a0:db:cb:03:c1:ca:95:d1:8f:c0:5f:48:95:
                    bf:97:2c:03:33:c1:2e:f4:12:0a:a4:81:50:e6:78:
                    49:4c:5b:d3:6c:c4:8d:ce:52:02:83:b6:9a:df:3d:
                    bf:97:6b:82:c3:a8:89:51:9d:cb:7a:33:fd:70:e5:
                    60:9f:66:28:e2:53:9d:d5:a1:6c:3d:ed:94:6a:d5:
                    c5:88:8a:7a:60:cd:48:29:62:9c:64:c4:da:e9:e8:
                    ff:db:1c:42:b2:46:b4:d5:52:83:64:5a:14:d9:5b:
                    1a:e6:42:98:23:ff:52:bf:c1:ed:fa:93:f7:12:bf:
                    0d:8b:76:03:ce:09:5f:11:ba:d0:b7:53:fd:cc:a1:
                    72:a8:d7:e9:39:09:4f:e7:2a:88:aa:b7:9a:82:ff:
                    c4:9d:b1:92:25:13:4a:ca:27:ac:2a:aa:94:13:c0:
                    6e:06:23:04:81:be:4c:3e:f4:bd:63:cc:f9:4f:80:
                    05:70:2f:8e:25:59:3d:75:4f:40:b4:c8:d3:f6:ae:
                    15:a9:63:c2:dd:c3:69:da:aa:2e:7e:05:09:e6:33:
                    39:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8E:A9:15:F4:05:46:36:E9:C8:C4:9B:4D:19:42:58:CE:56:07:B0
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZI6pFfQFRjbpyMSbTRlCWM5WB7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f00c::/46

    Signature Algorithm: sha256WithRSAEncryption
         4e:73:0c:a1:83:e4:53:7c:ee:aa:a0:64:f5:e0:a9:af:0c:d3:
         12:3b:a6:c6:d7:29:9f:31:b9:26:03:49:64:a9:68:aa:08:20:
         8f:f8:8c:fb:64:a1:c5:9e:85:3d:ab:a4:8a:cd:45:c8:82:12:
         bf:8c:2f:24:b3:a8:3b:0f:eb:d3:a0:6d:9e:4e:0e:d5:6f:f8:
         10:bd:a8:72:50:e7:fc:09:f2:c8:67:f2:f9:4e:63:c7:c2:8e:
         60:7c:95:c3:fb:04:89:53:e6:c5:73:de:61:b0:d9:19:26:98:
         be:50:70:8d:24:bf:ec:97:ba:1b:f7:a9:50:37:d4:c0:30:9b:
         99:ba:2e:ff:75:52:da:e6:87:62:86:7e:99:5f:ca:df:63:3c:
         9f:3a:d1:88:e9:86:d2:4e:f7:35:e6:b7:0b:41:03:fa:60:10:
         d8:75:43:ff:69:76:8e:42:f2:bd:73:c3:69:52:6f:a4:c9:92:
         55:3a:bf:d7:d2:91:4b:23:a8:c8:27:8c:4b:f9:61:05:86:17:
         0f:d5:3d:e3:35:69:49:f4:d8:f3:02:2c:3e:65:a2:36:8c:5a:
         7c:97:43:90:e0:07:22:b5:a8:45:30:9f:12:b7:12:d2:94:22:
         f1:ee:58:07:e3:9e:29:ac:af:61:3e:e0:0c:04:1c:01:83:01:
         3e:21:5a:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljvNokYJmlksYYJhYzny0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDhlYTkxNWY0MDU0NjM2ZTljOGM0OWI0ZDE5NDI1OGNlNTYwN2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaxOkzr24THYHFmoapOnXUorWkl8
2JDO4Ikth9776quQdlTTtZ4KnrVg/G3xtKDbywPBypXRj8BfSJW/lywDM8Eu9BIK
pIFQ5nhJTFvTbMSNzlICg7aa3z2/l2uCw6iJUZ3LejP9cOVgn2Yo4lOd1aFsPe2U
atXFiIp6YM1IKWKcZMTa6ej/2xxCska01VKDZFoU2Vsa5kKYI/9Sv8Ht+pP3Er8N
i3YDzglfEbrQt1P9zKFyqNfpOQlP5yqIqreagv/EnbGSJRNKyiesKqqUE8BuBiME
gb5MPvS9Y8z5T4AFcC+OJVk9dU9AtMjT9q4VqWPC3cNp2qoufgUJ5jM5MwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGSOqRX0BUY26cjEm00ZQljOVgewMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvWkk2cEZmUUZSamJweU1TYlRSbENXTTVXQjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6qB/AM
MA0GCSqGSIb3DQEBCwUAA4IBAQBOcwyhg+RTfO6qoGT14KmvDNMSO6bG1ymfMbkm
A0lkqWiqCCCP+Iz7ZKHFnoU9q6SKzUXIghK/jC8ks6g7D+vToG2eTg7Vb/gQvahy
UOf8CfLIZ/L5TmPHwo5gfJXD+wSJU+bFc95hsNkZJpi+UHCNJL/sl7ob96lQN9TA
MJuZui7/dVLa5odihn6ZX8rfYzyfOtGI6YbSTvc15rcLQQP6YBDYdUP/aXaOQvK9
c8NpUm+kyZJVOr/X0pFLI6jIJ4xL+WEFhhcP1T3jNWlJ9NjzAiw+ZaI2jFp8l0OQ
4AcitahFMJ8StxLSlCLx7lgH454prK9hPuAMBBwBgwE+IVrk
-----END CERTIFICATE-----