Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/nVk-2mGpWh1FjuinwaFsnrHQYzY.roa
File:                     nVk-2mGpWh1FjuinwaFsnrHQYzY.roa (raw, json)
Hash identifier:          zx+j+gqZWTLuq6B1RFc2LVOCi5VPUOeXFsslXKQDyZQ=
Subject key identifier:   9D:59:3E:DA:61:A9:5A:1D:45:8E:E8:A7:C1:A1:6C:9E:B1:D0:63:36
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EE2AF863A30DFC8ADA847E539AD8C
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/nVk-2mGpWh1FjuinwaFsnrHQYzY.roa
Signing time:             Thu 02 Jan 2025 05:48:28 +0000
ROA not before:           Thu 02 Jan 2025 05:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210384
IP address blocks:        2a0e:aa07:e02b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e2:af:86:3a:30:df:c8:ad:a8:47:e5:39:ad:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d593eda61a95a1d458ee8a7c1a16c9eb1d06336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5a:ab:5e:a8:33:24:05:ba:62:ce:bf:4e:17:
                    9c:50:b2:b5:e7:7a:64:8f:41:aa:e4:01:54:4b:8e:
                    25:74:bf:28:0c:be:6b:14:81:df:e9:a4:f9:9c:ed:
                    69:d1:69:a7:75:dc:02:20:0f:92:d1:f4:0c:85:59:
                    1d:d0:30:4f:6a:b2:b3:df:45:cc:d4:d7:3f:af:fe:
                    43:ed:aa:74:06:8f:44:ce:09:c5:8c:fc:d8:ee:30:
                    d8:02:18:b5:18:d7:33:ba:d0:63:c7:bf:d1:d0:bc:
                    9e:d4:1d:35:7e:64:57:02:43:ea:00:1f:07:9f:09:
                    68:36:92:d9:01:e1:78:00:62:c7:be:1c:1b:2a:90:
                    69:a2:59:d1:85:ae:91:13:93:1f:17:df:5b:47:d3:
                    49:0b:5a:b3:57:2c:ec:d1:66:c1:7c:27:4d:90:07:
                    fb:5e:fa:ab:ba:47:78:35:81:a5:0c:ec:34:04:56:
                    c6:d3:de:50:77:74:e2:4b:f4:34:8a:56:31:03:c7:
                    6f:6c:4e:8d:bd:52:a1:fa:8a:50:8f:25:e0:60:d5:
                    4b:61:a0:b4:ba:df:03:a5:a6:71:37:8d:f1:22:37:
                    43:19:36:66:60:fe:1a:18:ac:79:65:b7:b3:11:00:
                    94:df:18:fe:20:91:4c:0b:15:7c:76:61:e6:14:6f:
                    cc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:59:3E:DA:61:A9:5A:1D:45:8E:E8:A7:C1:A1:6C:9E:B1:D0:63:36
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/nVk-2mGpWh1FjuinwaFsnrHQYzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e02b::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:57:86:de:fa:38:7a:39:d6:b6:38:74:f1:7b:50:d2:98:5b:
         59:b9:73:67:ab:39:bf:5a:9b:9e:b7:93:22:e3:0c:73:4f:17:
         db:75:ac:07:91:3c:3d:9d:d4:cb:1e:66:d0:89:ce:ae:ad:a8:
         c4:bd:84:80:a6:6c:bb:06:da:97:9a:ce:a3:d7:4e:1e:05:9a:
         a4:e0:04:f4:86:9b:bb:30:eb:6c:48:41:7a:51:50:87:74:ac:
         e6:2e:54:0b:4e:89:98:fb:f0:6f:e1:41:5d:43:5a:2d:c5:5a:
         67:be:8d:54:b7:38:3a:69:57:b9:17:8e:4f:e0:4c:01:0c:e6:
         f8:a7:db:a1:cc:58:e9:50:1d:54:61:d4:9f:96:40:ea:62:a4:
         66:7a:09:94:a8:d6:75:20:bd:0f:90:8e:31:12:ab:6f:ca:73:
         ec:85:c8:c6:4e:f4:65:6e:ce:c0:83:59:36:62:fd:58:ee:12:
         c6:b5:20:8b:40:35:b8:05:b8:08:db:5a:56:9e:fa:26:45:b6:
         ca:94:b3:ff:ca:ab:50:25:c0:8e:8a:c6:4f:50:d4:ce:c2:2d:
         1c:57:cd:91:bd:5e:be:ea:bd:18:22:da:d0:95:19:99:49:93:
         b8:14:ac:03:bb:4c:ae:b8:14:2c:ab:e7:c0:8a:b9:2b:c9:63:
         1b:e5:32:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljuKvhjow38itqEflOa2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDU5M2VkYTYxYTk1YTFkNDU4ZWU4YTdjMWExNmM5ZWIxZDA2MzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslqrXqgzJAW6Ys6/ThecULK153pk
j0Gq5AFUS44ldL8oDL5rFIHf6aT5nO1p0WmnddwCIA+S0fQMhVkd0DBParKz30XM
1Nc/r/5D7ap0Bo9EzgnFjPzY7jDYAhi1GNczutBjx7/R0Lye1B01fmRXAkPqAB8H
nwloNpLZAeF4AGLHvhwbKpBpolnRha6RE5MfF99bR9NJC1qzVyzs0WbBfCdNkAf7
Xvqrukd4NYGlDOw0BFbG095Qd3TiS/Q0ilYxA8dvbE6NvVKh+opQjyXgYNVLYaC0
ut8DpaZxN43xIjdDGTZmYP4aGKx5ZbezEQCU3xj+IJFMCxV8dmHmFG/MLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ1ZPtphqVodRY7op8GhbJ6x0GM2MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvblZrLTJtR3BXaDFGanVpbndhRnNuckhRWXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Ar
MA0GCSqGSIb3DQEBCwUAA4IBAQBMV4be+jh6Oda2OHTxe1DSmFtZuXNnqzm/Wpue
t5Mi4wxzTxfbdawHkTw9ndTLHmbQic6urajEvYSApmy7BtqXms6j104eBZqk4AT0
hpu7MOtsSEF6UVCHdKzmLlQLTomY+/Bv4UFdQ1otxVpnvo1Utzg6aVe5F45P4EwB
DOb4p9uhzFjpUB1UYdSflkDqYqRmegmUqNZ1IL0PkI4xEqtvynPshcjGTvRlbs7A
g1k2Yv1Y7hLGtSCLQDW4BbgI21pWnvomRbbKlLP/yqtQJcCOisZPUNTOwi0cV82R
vV6+6r0YItrQlRmZSZO4FKwDu0yuuBQsq+fAirkryWMb5TJr
-----END CERTIFICATE-----