Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/joFXCf9k8D4T8v3n2k2kAaDaNTQ.roa
File:                     joFXCf9k8D4T8v3n2k2kAaDaNTQ.roa (raw, json)
Hash identifier:          8N/1HcoCegIINKmx4/+aX1LOd2qVEiJ+Nbrz58TAqyY=
Subject key identifier:   8E:81:57:09:FF:64:F0:3E:13:F2:FD:E7:DA:4D:A4:01:A0:DA:35:34
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EDC6B2BC247BD02D32245752A518B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/joFXCf9k8D4T8v3n2k2kAaDaNTQ.roa
Signing time:             Thu 02 Jan 2025 05:48:26 +0000
ROA not before:           Thu 02 Jan 2025 05:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208698
IP address blocks:        2a0e:aa07:f0d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 05:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:dc:6b:2b:c2:47:bd:02:d3:22:45:75:2a:51:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e815709ff64f03e13f2fde7da4da401a0da3534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:06:2e:b9:a4:98:c5:c0:3a:42:01:27:35:7d:
                    92:9c:26:31:60:5c:4e:07:16:66:69:d4:df:f1:95:
                    22:7a:e2:c1:ae:2f:7d:90:7c:f7:7d:60:53:0d:af:
                    a9:5f:3d:48:77:41:ee:10:1a:b3:a7:04:bc:6b:01:
                    54:48:0b:b5:1b:95:dd:df:e9:5b:ec:28:84:92:20:
                    ce:ca:6a:6e:f6:5a:15:db:75:83:4a:b9:d0:1a:8f:
                    d3:ed:bd:85:57:3c:e8:41:e9:4c:b0:ab:09:0b:aa:
                    09:1a:8a:79:fd:a4:2f:7b:e1:2d:50:22:db:db:7e:
                    ac:a5:88:37:44:4b:d6:8a:c0:bb:07:76:7e:e2:83:
                    12:f4:cd:cb:48:4f:d7:35:0b:1b:a9:47:96:f1:3f:
                    46:2e:9d:42:77:4a:67:4b:a3:64:a2:f7:72:ab:af:
                    d9:8e:02:08:d2:6a:35:01:fa:95:a4:e0:40:2c:4b:
                    4a:8e:21:c1:5f:8e:6d:91:9f:df:70:83:12:a9:ee:
                    7c:a1:2a:b8:da:ed:46:a4:e2:6f:5e:b4:34:49:72:
                    37:54:86:8c:c7:98:54:e9:ae:d8:67:2f:ae:44:fb:
                    81:a0:2f:97:58:3d:7d:f2:3c:f5:c4:3b:2b:58:f8:
                    6b:7c:51:81:01:ae:ce:96:da:26:96:54:8e:69:08:
                    f2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:81:57:09:FF:64:F0:3E:13:F2:FD:E7:DA:4D:A4:01:A0:DA:35:34
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/joFXCf9k8D4T8v3n2k2kAaDaNTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f0d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:dd:6a:96:44:d6:ca:5a:ca:49:f1:41:2a:34:89:60:75:bf:
         69:fa:24:27:e0:fd:c2:ee:97:c1:eb:4a:6f:c9:1e:1f:f1:34:
         f3:96:7f:6f:f0:18:7c:bf:7d:2b:38:f1:79:26:86:ca:8a:ec:
         8a:1d:ab:cb:d5:f5:52:3f:7f:57:00:dd:cd:cc:9d:09:fa:30:
         6b:61:80:7c:51:c4:e0:52:64:50:de:cc:e4:ab:f1:97:60:98:
         1c:2f:b0:d4:1a:45:43:6b:91:56:58:3e:eb:8d:fc:21:f2:b8:
         7f:32:05:da:8b:25:1c:41:07:5e:e3:e9:29:71:77:d7:72:d4:
         ff:da:7f:33:57:b5:f3:7d:ac:f0:05:0b:43:e8:27:86:0e:4f:
         2c:1c:6b:b2:f2:05:48:97:68:84:c5:f0:68:14:56:b3:1f:75:
         bc:cd:ea:93:33:5a:38:50:3d:01:31:28:0e:db:e6:a1:bd:d6:
         80:36:6f:a7:3b:84:f8:36:d3:23:fd:cc:17:75:95:90:89:70:
         87:e7:f0:b8:f8:e0:60:97:1b:4f:60:38:9e:54:f4:a7:42:62:
         b9:1d:a6:5e:28:18:3b:65:05:27:47:82:0c:f4:74:ba:ca:c2:
         21:b0:d0:ee:bd:f9:8e:c2:28:3b:f0:a7:43:69:73:a3:34:85:
         5b:79:ca:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljtxrK8JHvQLTIkV1KlGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTgxNTcwOWZmNjRmMDNlMTNmMmZkZTdkYTRkYTQwMWEwZGEzNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygYuuaSYxcA6QgEnNX2SnCYxYFxO
BxZmadTf8ZUieuLBri99kHz3fWBTDa+pXz1Id0HuEBqzpwS8awFUSAu1G5Xd3+lb
7CiEkiDOympu9loV23WDSrnQGo/T7b2FVzzoQelMsKsJC6oJGop5/aQve+EtUCLb
236spYg3REvWisC7B3Z+4oMS9M3LSE/XNQsbqUeW8T9GLp1Cd0pnS6Nkovdyq6/Z
jgII0mo1AfqVpOBALEtKjiHBX45tkZ/fcIMSqe58oSq42u1GpOJvXrQ0SXI3VIaM
x5hU6a7YZy+uRPuBoC+XWD198jz1xDsrWPhrfFGBAa7OltomllSOaQjy3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI6BVwn/ZPA+E/L959pNpAGg2jU0MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvam9GWENmOWs4RDRUOHYzbjJrMmtBYURhTlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB/DQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCK3WqWRNbKWspJ8UEqNIlgdb9p+iQn4P3C7pfB
60pvyR4f8TTzln9v8Bh8v30rOPF5JobKiuyKHavL1fVSP39XAN3NzJ0J+jBrYYB8
UcTgUmRQ3szkq/GXYJgcL7DUGkVDa5FWWD7rjfwh8rh/MgXaiyUcQQde4+kpcXfX
ctT/2n8zV7XzfazwBQtD6CeGDk8sHGuy8gVIl2iExfBoFFazH3W8zeqTM1o4UD0B
MSgO2+ahvdaANm+nO4T4NtMj/cwXdZWQiXCH5/C4+OBglxtPYDieVPSnQmK5HaZe
KBg7ZQUnR4IM9HS6ysIhsNDuvfmOwig78KdDaXOjNIVbecoi
-----END CERTIFICATE-----