Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jywJgaa-dGNhsCI3L76qwwfYZok.roa
File:                     jywJgaa-dGNhsCI3L76qwwfYZok.roa (raw, json)
Hash identifier:          UJMbX6tKVlPNBFbAt8j8ZJPy+eskRz97/H6LyROLN7M=
Subject key identifier:   8F:2C:09:81:A6:BE:74:63:61:B0:22:37:2F:BE:AA:C3:07:D8:66:89
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ED528BC210D863B46F6A7D6F9283B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jywJgaa-dGNhsCI3L76qwwfYZok.roa
Signing time:             Thu 02 Jan 2025 05:48:25 +0000
ROA not before:           Thu 02 Jan 2025 05:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205455
IP address blocks:        2a0e:aa07:e04e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d5:28:bc:21:0d:86:3b:46:f6:a7:d6:f9:28:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f2c0981a6be746361b022372fbeaac307d86689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:eb:c4:3b:2d:3d:21:8e:21:28:8e:a4:8d:b3:
                    9f:9d:87:a7:4e:ed:9d:56:c9:74:11:dc:f3:73:49:
                    97:ca:5c:1d:ac:15:5d:a0:42:13:60:12:56:31:5d:
                    9d:cb:75:ec:c9:79:eb:b9:ac:05:43:c2:0c:95:c0:
                    e6:77:c8:35:09:b0:bb:a4:34:68:e3:dc:cc:ce:37:
                    10:4a:6e:59:d4:41:e8:bc:4e:f2:f5:24:97:37:3e:
                    97:c0:f3:bb:4a:69:db:6e:b4:5a:fd:ff:1c:ae:c0:
                    e8:22:40:e0:f0:23:53:e1:3a:0d:7d:1d:76:46:30:
                    30:aa:e0:35:bf:12:21:55:ae:5f:4a:e8:d0:6d:98:
                    a8:ca:4b:1b:13:dd:16:81:dd:dd:ad:6b:4f:7b:b4:
                    f6:7f:e8:f6:09:98:12:f5:59:dc:7c:fd:a8:13:0b:
                    09:c3:12:50:9e:82:cf:8b:8c:41:61:12:74:a8:73:
                    5d:0c:87:1d:b0:4a:4a:bd:7f:25:a0:57:2c:7a:ae:
                    b2:01:a4:63:6f:f2:ca:df:3a:5f:3d:d0:1a:9d:e2:
                    56:46:a3:dc:31:45:24:93:8b:74:5d:42:f3:90:fb:
                    16:26:92:62:40:de:6c:e1:40:ae:72:ed:33:f4:8f:
                    29:13:b2:9e:e8:e3:37:35:ef:da:e4:fa:40:dc:9e:
                    08:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:2C:09:81:A6:BE:74:63:61:B0:22:37:2F:BE:AA:C3:07:D8:66:89
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jywJgaa-dGNhsCI3L76qwwfYZok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e04e::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:34:14:4d:70:7e:2a:33:0f:5e:02:83:56:e5:ea:e8:51:59:
         f6:ff:b2:a1:68:b3:35:5a:5a:c1:88:5f:66:87:7f:8b:7f:11:
         de:02:44:78:b3:1f:be:89:64:d1:dd:4c:c6:08:d4:97:52:e2:
         bd:f5:91:cc:9f:b9:0c:7b:2d:07:5f:f2:42:31:6a:c7:5c:0f:
         7d:1a:7d:a0:d5:9d:e7:66:c6:e2:12:87:3e:ce:fc:d1:04:34:
         1c:3d:d9:bb:c7:5a:f7:de:e9:13:13:39:3b:93:50:f3:49:2d:
         07:53:31:cd:e4:8b:f5:1a:1c:70:07:75:45:1a:0a:10:92:d9:
         0a:06:5f:0c:45:72:a6:d6:21:03:68:97:00:33:05:82:8c:87:
         cc:9a:3d:50:63:ad:c3:3e:39:39:31:b0:88:08:6f:0f:43:18:
         cf:b6:b4:e2:3c:88:a0:d2:28:e7:b4:05:87:8a:39:69:13:12:
         4f:84:73:57:13:44:f0:50:b0:6f:3d:e4:79:19:f1:6e:7c:75:
         af:a3:f7:ca:57:7f:65:b0:79:63:aa:ad:a1:03:fd:00:e4:c7:
         e9:96:c6:99:33:16:a5:ec:4f:10:38:e6:66:69:3a:01:a8:fe:
         a0:b7:e9:b5:1e:12:b7:f4:40:45:1f:08:f2:eb:fa:ec:d0:b7:
         6f:fd:92:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljtUovCENhjtG9qfW+Sg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjJjMDk4MWE2YmU3NDYzNjFiMDIyMzcyZmJlYWFjMzA3ZDg2Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+vEOy09IY4hKI6kjbOfnYenTu2d
Vsl0Edzzc0mXylwdrBVdoEITYBJWMV2dy3XsyXnruawFQ8IMlcDmd8g1CbC7pDRo
49zMzjcQSm5Z1EHovE7y9SSXNz6XwPO7SmnbbrRa/f8crsDoIkDg8CNT4ToNfR12
RjAwquA1vxIhVa5fSujQbZioyksbE90Wgd3drWtPe7T2f+j2CZgS9VncfP2oEwsJ
wxJQnoLPi4xBYRJ0qHNdDIcdsEpKvX8loFcseq6yAaRjb/LK3zpfPdAaneJWRqPc
MUUkk4t0XULzkPsWJpJiQN5s4UCucu0z9I8pE7Ke6OM3Ne/a5PpA3J4ImwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI8sCYGmvnRjYbAiNy++qsMH2GaJMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvanl3SmdhYS1kR05oc0NJM0w3NnF3d2ZZWm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BO
MA0GCSqGSIb3DQEBCwUAA4IBAQB+NBRNcH4qMw9eAoNW5eroUVn2/7KhaLM1WlrB
iF9mh3+LfxHeAkR4sx++iWTR3UzGCNSXUuK99ZHMn7kMey0HX/JCMWrHXA99Gn2g
1Z3nZsbiEoc+zvzRBDQcPdm7x1r33ukTEzk7k1DzSS0HUzHN5Iv1GhxwB3VFGgoQ
ktkKBl8MRXKm1iEDaJcAMwWCjIfMmj1QY63DPjk5MbCICG8PQxjPtrTiPIig0ijn
tAWHijlpExJPhHNXE0TwULBvPeR5GfFufHWvo/fKV39lsHljqq2hA/0A5MfplsaZ
Mxal7E8QOOZmaToBqP6gt+m1HhK39EBFHwjy6/rs0Ldv/ZK6
-----END CERTIFICATE-----