Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/byrgHjz0ijkdLY8kZzJIgcTB5jg.roa
File:                     byrgHjz0ijkdLY8kZzJIgcTB5jg.roa (raw, json)
Hash identifier:          kRhXPuz1/DxHAM5NR3V4dYlqb/fIKWBCc88a8alq3ks=
Subject key identifier:   6F:2A:E0:1E:3C:F4:8A:39:1D:2D:8F:24:67:32:48:81:C4:C1:E6:38
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EEE4DD30196B662AC346BD5FA5D32
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/byrgHjz0ijkdLY8kZzJIgcTB5jg.roa
Signing time:             Thu 02 Jan 2025 05:48:31 +0000
ROA not before:           Thu 02 Jan 2025 05:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214699
IP address blocks:        2a0e:aa07:e1c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ee:4d:d3:01:96:b6:62:ac:34:6b:d5:fa:5d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f2ae01e3cf48a391d2d8f2467324881c4c1e638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7b:f3:f0:45:2d:82:00:2f:58:42:5b:25:31:
                    63:e3:a2:26:f8:b0:ec:7e:68:63:2d:2c:d5:d2:1b:
                    5f:d4:e5:92:82:6b:70:12:fb:70:77:7b:a2:d9:99:
                    b9:14:64:7b:5a:5b:1b:e4:cb:14:b4:49:21:87:44:
                    8d:1e:a9:42:f5:0d:f2:03:51:b0:99:c1:1e:1a:c1:
                    6e:09:f1:56:58:d0:94:a7:83:e3:3b:72:41:69:b0:
                    5b:ec:a7:0e:04:d3:6c:e9:21:02:1f:64:75:58:ee:
                    63:75:ae:3e:76:d1:44:ea:a7:aa:f1:a7:18:60:17:
                    59:08:6e:c0:19:b0:e9:ed:80:f2:34:6b:8b:1f:3c:
                    d3:60:f2:c5:58:93:db:76:85:a7:4d:16:bc:b8:e2:
                    d1:68:a6:3d:68:36:32:d9:19:e5:0a:bc:02:1f:f4:
                    2d:68:2d:55:4c:ae:f7:fc:79:a3:f1:c2:d2:fe:3f:
                    40:96:9f:f6:07:fd:07:a8:e4:d0:f2:93:0e:ce:1a:
                    bb:a0:42:af:e0:04:94:0f:d2:43:62:07:df:66:62:
                    50:c7:63:22:7b:fc:dd:c7:a3:3d:0e:50:49:d2:dd:
                    1d:3a:76:de:a0:eb:4d:d9:10:73:17:57:1b:a3:c1:
                    a2:d8:7e:6c:b1:69:a2:8b:3e:fd:2b:45:b8:5d:dc:
                    b4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:2A:E0:1E:3C:F4:8A:39:1D:2D:8F:24:67:32:48:81:C4:C1:E6:38
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/byrgHjz0ijkdLY8kZzJIgcTB5jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:8f:8c:00:fc:5c:7e:42:48:df:07:a1:e0:fa:42:7f:47:a3:
         d9:b1:95:a9:3d:dc:c4:ae:22:88:51:20:9f:40:b0:87:41:fa:
         c3:f0:fc:d5:db:5e:a8:d7:e1:27:7a:7e:74:6b:cf:88:25:6f:
         ee:ea:f8:ee:3e:a8:6a:3f:28:12:46:41:64:c3:24:e4:65:ae:
         ae:ba:b6:00:76:e1:3c:92:63:a6:fe:c6:c9:dc:e4:05:a7:25:
         96:28:7e:10:2d:8a:33:1a:04:1a:73:34:7e:1f:d7:12:61:53:
         91:1f:b5:8c:d9:e3:fa:35:3e:07:56:9a:76:a5:5d:47:3c:7c:
         61:b8:66:8f:59:a5:8c:4d:54:ee:14:f9:fc:cb:86:95:05:a3:
         41:c7:89:1f:ff:3e:2e:ab:5d:39:85:78:7b:11:88:b7:39:08:
         47:00:b0:e6:ee:9f:db:a1:82:5e:83:98:2f:11:0b:4f:7f:4b:
         64:cd:7a:25:1b:fa:a1:c6:09:5b:3c:52:be:5e:b6:af:df:79:
         30:75:7b:7f:79:f4:ac:eb:f0:a7:20:cf:b0:47:09:e3:8b:72:
         94:00:c3:0c:fa:4c:1c:cc:24:36:13:41:a6:e4:77:f4:96:bc:
         ca:49:74:53:ab:9d:e5:64:04:66:ec:17:72:c4:3b:b2:50:9c:
         a3:30:61:9d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlju5N0wGWtmKsNGvV+l0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjJhZTAxZTNjZjQ4YTM5MWQyZDhmMjQ2NzMyNDg4MWM0YzFlNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnvz8EUtggAvWEJbJTFj46Im+LDs
fmhjLSzV0htf1OWSgmtwEvtwd3ui2Zm5FGR7Wlsb5MsUtEkhh0SNHqlC9Q3yA1Gw
mcEeGsFuCfFWWNCUp4PjO3JBabBb7KcOBNNs6SECH2R1WO5jda4+dtFE6qeq8acY
YBdZCG7AGbDp7YDyNGuLHzzTYPLFWJPbdoWnTRa8uOLRaKY9aDYy2RnlCrwCH/Qt
aC1VTK73/Hmj8cLS/j9Alp/2B/0HqOTQ8pMOzhq7oEKv4ASUD9JDYgffZmJQx2Mi
e/zdx6M9DlBJ0t0dOnbeoOtN2RBzF1cbo8Gi2H5ssWmiiz79K0W4Xdy0pQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG8q4B489Io5HS2PJGcySIHEweY4MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvYnlyZ0hqejBpamtkTFk4a1p6SklnY1RCNWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+HA
MA0GCSqGSIb3DQEBCwUAA4IBAQBLj4wA/Fx+QkjfB6Hg+kJ/R6PZsZWpPdzEriKI
USCfQLCHQfrD8PzV216o1+Enen50a8+IJW/u6vjuPqhqPygSRkFkwyTkZa6uurYA
duE8kmOm/sbJ3OQFpyWWKH4QLYozGgQaczR+H9cSYVORH7WM2eP6NT4HVpp2pV1H
PHxhuGaPWaWMTVTuFPn8y4aVBaNBx4kf/z4uq105hXh7EYi3OQhHALDm7p/boYJe
g5gvEQtPf0tkzXolG/qhxglbPFK+Xrav33kwdXt/efSs6/CnIM+wRwnji3KUAMMM
+kwczCQ2E0Gm5Hf0lrzKSXRTq53lZARm7BdyxDuyUJyjMGGd
-----END CERTIFICATE-----