Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/cITkDHx-asbNV_XcoF_31X_5Yfc.roa
File:                     cITkDHx-asbNV_XcoF_31X_5Yfc.roa (raw, json)
Hash identifier:          qPl3/R5I83gjgMakziKxYOASVy0oC55iuUOK8EAJlpg=
Subject key identifier:   70:84:E4:0C:7C:7E:6A:C6:CD:57:F5:DC:A0:5F:F7:D5:7F:F9:61:F7
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018F193C9A343C238B4249A212A70D107E55
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/cITkDHx-asbNV_XcoF_31X_5Yfc.roa
Signing time:             Fri 26 Apr 2024 07:09:13 +0000
ROA not before:           Fri 26 Apr 2024 07:09:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38255
IP address blocks:        2a0e:aa06:49f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:3c:9a:34:3c:23:8b:42:49:a2:12:a7:0d:10:7e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Apr 26 07:09:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7084e40c7c7e6ac6cd57f5dca05ff7d57ff961f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a5:9f:27:fa:ef:f5:7e:49:63:2a:f1:e0:17:
                    af:f6:ea:a7:85:37:fd:77:f6:92:a4:8b:c2:f9:ab:
                    98:7d:ef:0f:53:ae:60:9b:fb:35:84:58:2b:80:ae:
                    df:a3:14:75:7c:bd:65:c7:22:2c:1f:52:86:6e:ba:
                    5d:88:33:14:cb:ec:4c:56:7e:f5:1b:04:74:73:dd:
                    9a:73:84:60:6b:0c:66:52:79:c4:54:00:7b:be:a6:
                    5f:1b:f4:57:57:5c:a6:bb:e4:97:3a:9d:6e:35:13:
                    12:1c:6d:17:88:e8:be:58:08:89:08:09:88:ff:ad:
                    1b:56:55:8d:2a:73:eb:b8:8c:55:79:9b:9f:f8:b0:
                    ce:74:55:8b:30:87:7a:d7:a6:92:22:fa:76:be:0f:
                    2c:9f:29:3a:cd:fb:ca:9b:a5:d8:0f:d3:85:d3:2d:
                    88:64:b9:3c:ed:16:a2:e8:19:7e:b2:f1:91:5a:46:
                    8b:00:22:2e:d7:b7:e0:a8:96:07:64:c2:d9:9c:59:
                    9f:36:51:30:8d:8b:de:7b:63:01:f5:b0:a6:08:0f:
                    2e:d8:fb:67:56:aa:28:50:ea:78:3e:1d:89:56:06:
                    65:c2:06:1b:98:39:0a:1a:d8:6d:cd:c5:e9:86:f5:
                    14:97:e3:d0:4f:40:e5:7e:64:8f:0b:19:fc:e9:a6:
                    09:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:84:E4:0C:7C:7E:6A:C6:CD:57:F5:DC:A0:5F:F7:D5:7F:F9:61:F7
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/cITkDHx-asbNV_XcoF_31X_5Yfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:49f::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:0f:ec:29:73:7a:9a:d0:6c:ee:77:7a:d9:ee:b9:a2:7c:72:
         b0:f7:4f:60:71:b4:33:69:cd:ac:b1:f8:a4:0b:2f:cb:f5:b3:
         a3:37:04:83:6f:f7:72:48:c5:04:8f:3b:2c:06:bd:dd:b5:41:
         8c:61:3c:bb:49:30:76:df:ac:8f:23:dd:bc:90:87:98:9b:c5:
         64:35:85:de:1c:fb:7d:a5:09:31:24:f1:04:7b:05:ff:6f:2a:
         bf:f9:34:9b:ed:85:ad:4e:e4:e8:d0:85:be:1a:00:dc:44:2c:
         16:31:cf:c5:29:ed:f9:5e:13:2e:30:93:04:e8:7c:8c:83:7c:
         69:f9:37:fb:b2:d4:28:27:b5:78:1d:23:b4:ef:a3:58:f7:aa:
         bb:0e:d0:99:f7:58:e2:df:e2:af:4e:c2:21:bc:bd:e3:1e:b6:
         12:7a:8c:d6:7b:5d:f8:ed:a8:99:bf:68:67:f7:fa:eb:d0:8e:
         e5:88:d1:70:80:0d:1a:cf:b1:3e:1a:99:f6:95:60:77:33:12:
         a0:d2:8f:5f:45:21:3e:a0:1e:91:66:a0:4c:ee:ee:6c:03:4d:
         0c:91:6b:a3:27:f1:6f:0b:7c:37:9c:b2:4c:37:d4:bd:bb:44:
         3b:45:d0:d2:b6:62:9c:db:f3:d4:12:2c:15:97:39:65:39:71:
         15:a4:19:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8ZPJo0PCOLQkmiEqcNEH5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNDI2MDcwOTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg0ZTQwYzdjN2U2YWM2Y2Q1N2Y1ZGNhMDVmZjdkNTdmZjk2MWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKWfJ/rv9X5JYyrx4Bev9uqnhTf9
d/aSpIvC+auYfe8PU65gm/s1hFgrgK7foxR1fL1lxyIsH1KGbrpdiDMUy+xMVn71
GwR0c92ac4RgawxmUnnEVAB7vqZfG/RXV1ymu+SXOp1uNRMSHG0XiOi+WAiJCAmI
/60bVlWNKnPruIxVeZuf+LDOdFWLMId616aSIvp2vg8snyk6zfvKm6XYD9OF0y2I
ZLk87Rai6Bl+svGRWkaLACIu17fgqJYHZMLZnFmfNlEwjYvee2MB9bCmCA8u2Ptn
VqooUOp4Ph2JVgZlwgYbmDkKGthtzcXphvUUl+PQT0DlfmSPCxn86aYJswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHCE5Ax8fmrGzVf13KBf99V/+WH3MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvY0lUa0RIeC1hc2JOVl9YY29GXzMxWF81WWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qBgSf
MA0GCSqGSIb3DQEBCwUAA4IBAQA+D+wpc3qa0Gzud3rZ7rmifHKw909gcbQzac2s
sfikCy/L9bOjNwSDb/dySMUEjzssBr3dtUGMYTy7STB236yPI928kIeYm8VkNYXe
HPt9pQkxJPEEewX/byq/+TSb7YWtTuTo0IW+GgDcRCwWMc/FKe35XhMuMJME6HyM
g3xp+Tf7stQoJ7V4HSO076NY96q7DtCZ91ji3+KvTsIhvL3jHrYSeozWe1347aiZ
v2hn9/rr0I7liNFwgA0az7E+Gpn2lWB3MxKg0o9fRSE+oB6RZqBM7u5sA00MkWuj
J/FvC3w3nLJMN9S9u0Q7RdDStmKc2/PUEiwVlzllOXEVpBk5
-----END CERTIFICATE-----