Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZtvKPknGapGwnvVNh0GnD6obdfs.roa
File:                     ZtvKPknGapGwnvVNh0GnD6obdfs.roa (raw, json)
Hash identifier:          yS8q/G/K0Z+hflI9skaiCLeWSnujNpyXozM+CgNmQak=
Subject key identifier:   66:DB:CA:3E:49:C6:6A:91:B0:9E:F5:4D:87:41:A7:0F:AA:1B:75:FB
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ECF94CF4872E8B4C3D38848CB6211
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZtvKPknGapGwnvVNh0GnD6obdfs.roa
Signing time:             Thu 02 Jan 2025 05:48:23 +0000
ROA not before:           Thu 02 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198768
IP address blocks:        2a0e:aa07:e080::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:cf:94:cf:48:72:e8:b4:c3:d3:88:48:cb:62:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66dbca3e49c66a91b09ef54d8741a70faa1b75fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ee:a0:a5:77:0a:21:3f:de:45:3b:8c:c3:43:
                    51:2c:77:2d:7a:76:08:4f:78:cb:8d:fc:5e:05:ca:
                    48:13:3a:40:bc:e7:b3:d1:68:fe:4b:37:d1:9f:f7:
                    31:ed:05:5a:97:df:ae:0f:4f:d3:41:e2:bf:f6:24:
                    47:97:8f:57:5f:1a:b3:6b:d4:a2:77:34:7e:4d:95:
                    89:50:00:4e:80:07:0f:05:87:b4:57:e6:b0:23:a8:
                    bb:08:75:e7:43:00:d8:35:34:e6:cf:9a:45:a8:c0:
                    4a:09:c6:36:ab:26:2e:bd:eb:87:df:c1:b2:45:90:
                    5f:6e:04:ec:cf:47:85:9d:b0:70:12:d2:a7:96:a9:
                    78:c9:11:08:32:4d:6a:a9:c4:c0:21:e7:3f:16:f0:
                    56:09:1e:1e:49:19:93:ad:7b:ff:28:08:7f:49:46:
                    e8:34:c2:04:40:42:2c:0c:db:15:bf:17:03:23:15:
                    1d:cf:64:95:ee:83:9f:36:72:25:d2:49:7f:58:70:
                    cc:79:e8:69:29:5c:37:3b:01:43:58:6a:c8:50:2f:
                    17:5e:f3:87:76:c3:e5:da:13:28:71:13:c9:6e:31:
                    08:74:20:7e:8b:f5:3e:08:07:fa:33:32:e8:3e:fe:
                    ff:b3:2d:6c:35:b0:54:1e:cd:67:90:78:98:9d:76:
                    22:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DB:CA:3E:49:C6:6A:91:B0:9E:F5:4D:87:41:A7:0F:AA:1B:75:FB
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZtvKPknGapGwnvVNh0GnD6obdfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e080::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:57:b9:cd:e7:ea:20:42:f9:5a:33:4d:af:90:3c:c0:0a:83:
         f5:21:0e:fe:58:ad:df:f1:78:2a:81:d1:8f:d5:89:81:f1:29:
         d9:c8:08:75:07:67:29:f5:0d:47:51:a6:16:d1:d9:08:d3:d1:
         3b:cc:6c:6f:a8:4c:98:c4:80:dc:d9:04:be:e4:db:2e:13:1b:
         e4:fd:2b:5b:9c:fd:59:eb:60:c2:52:ed:48:a4:23:9d:28:7a:
         32:dc:c4:c5:4f:0a:c5:e9:3b:4c:2d:48:50:20:08:8e:4e:d3:
         cb:96:90:de:6c:ce:82:d9:30:55:61:e2:8f:9b:c9:d9:5c:8f:
         32:fd:a4:73:e2:e5:6f:1a:39:bd:63:6f:1a:fc:81:b8:ce:9e:
         a6:53:fa:0c:c3:9d:d5:0b:90:03:09:9e:3b:4d:22:a0:f4:dc:
         39:aa:09:5a:11:ed:a3:2a:ec:9f:48:24:24:b3:00:c4:a2:fe:
         0d:18:43:ce:cb:56:f1:5e:2a:0d:c5:69:69:ba:16:81:2e:7f:
         c0:00:e3:d7:0d:34:50:8d:ec:d6:4b:23:77:3a:9f:6d:7d:5f:
         fe:5e:a1:11:6d:04:49:34:74:2f:46:0f:69:57:d9:46:b0:a2:
         d1:4f:9e:42:50:ef:6b:50:f6:87:18:11:e3:b0:53:e0:1d:17:
         98:c3:ca:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljs+Uz0hy6LTD04hIy2IRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmRiY2EzZTQ5YzY2YTkxYjA5ZWY1NGQ4NzQxYTcwZmFhMWI3NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAou6gpXcKIT/eRTuMw0NRLHctenYI
T3jLjfxeBcpIEzpAvOez0Wj+SzfRn/cx7QVal9+uD0/TQeK/9iRHl49XXxqza9Si
dzR+TZWJUABOgAcPBYe0V+awI6i7CHXnQwDYNTTmz5pFqMBKCcY2qyYuveuH38Gy
RZBfbgTsz0eFnbBwEtKnlql4yREIMk1qqcTAIec/FvBWCR4eSRmTrXv/KAh/SUbo
NMIEQEIsDNsVvxcDIxUdz2SV7oOfNnIl0kl/WHDMeehpKVw3OwFDWGrIUC8XXvOH
dsPl2hMocRPJbjEIdCB+i/U+CAf6MzLoPv7/sy1sNbBUHs1nkHiYnXYinwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGbbyj5JxmqRsJ71TYdBpw+qG3X7MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvWnR2S1BrbkdhcEd3bnZWTmgwR25ENm9iZGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+CA
MA0GCSqGSIb3DQEBCwUAA4IBAQBZV7nN5+ogQvlaM02vkDzACoP1IQ7+WK3f8Xgq
gdGP1YmB8SnZyAh1B2cp9Q1HUaYW0dkI09E7zGxvqEyYxIDc2QS+5NsuExvk/Stb
nP1Z62DCUu1IpCOdKHoy3MTFTwrF6TtMLUhQIAiOTtPLlpDebM6C2TBVYeKPm8nZ
XI8y/aRz4uVvGjm9Y28a/IG4zp6mU/oMw53VC5ADCZ47TSKg9Nw5qglaEe2jKuyf
SCQkswDEov4NGEPOy1bxXioNxWlpuhaBLn/AAOPXDTRQjezWSyN3Op9tfV/+XqER
bQRJNHQvRg9pV9lGsKLRT55CUO9rUPaHGBHjsFPgHReYw8pU
-----END CERTIFICATE-----