Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uStRsVAJXAM2I1AzWY6uUkErqY0.roa
File:                     uStRsVAJXAM2I1AzWY6uUkErqY0.roa (raw, json)
Hash identifier:          tPSC+iYgwszW9MQ0l1Cm/c/teNgKPTixQx2DRW7qXe8=
Subject key identifier:   B9:2B:51:B1:50:09:5C:03:36:23:50:33:59:8E:AE:52:41:2B:A9:8D
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018F718496F2E339695BD11FA26740771B86
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uStRsVAJXAM2I1AzWY6uUkErqY0.roa
Signing time:             Mon 13 May 2024 10:34:25 +0000
ROA not before:           Mon 13 May 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214921
IP address blocks:        2a0e:aa06:500::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:71:84:96:f2:e3:39:69:5b:d1:1f:a2:67:40:77:1b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: May 13 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b92b51b150095c0336235033598eae52412ba98d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4c:e2:8e:5b:3f:f1:ee:1a:bb:53:6a:ed:04:
                    f1:cd:1f:40:02:d1:ee:db:09:f5:e0:10:e0:db:87:
                    3a:ab:4e:44:33:5e:14:cb:f4:9d:36:07:4a:f7:04:
                    6d:cd:ec:87:b2:21:0a:5a:2f:2e:7f:f1:b9:e4:e9:
                    5c:80:89:b4:44:05:c5:8e:f8:6d:6e:08:a4:dd:1f:
                    87:0c:7d:c5:95:b4:b5:66:09:ef:fd:ff:f0:24:34:
                    d9:ab:61:15:85:52:4c:58:14:2d:d6:a9:d7:de:3a:
                    d5:30:e5:ad:b5:8e:e9:06:8a:19:08:c6:74:1c:55:
                    c0:d2:fb:13:ec:89:d1:15:9c:93:35:dd:ab:d8:a0:
                    87:7a:ad:25:b5:77:d0:5a:05:7e:bd:07:30:c6:59:
                    33:53:19:92:52:ee:c0:59:a9:d2:3a:76:58:ee:a7:
                    82:9c:99:44:62:61:17:76:a4:7b:ca:da:49:3b:d1:
                    66:26:9c:6e:57:2e:9a:f0:f1:13:1f:cb:40:89:4f:
                    4e:ae:f4:c6:76:e5:b1:00:76:6b:57:27:05:5d:9d:
                    74:f9:0d:9c:d7:af:a6:fc:0f:f1:07:df:e3:ea:72:
                    9e:16:f6:91:25:6e:bd:58:56:cb:e2:60:06:4c:0c:
                    e3:01:12:6f:02:ef:1a:31:e2:07:d8:dd:ed:68:53:
                    82:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2B:51:B1:50:09:5C:03:36:23:50:33:59:8E:AE:52:41:2B:A9:8D
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uStRsVAJXAM2I1AzWY6uUkErqY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:500::/44

    Signature Algorithm: sha256WithRSAEncryption
         33:85:85:4e:9a:99:85:7e:c4:5a:f4:db:9b:5d:7c:c6:77:82:
         86:0b:57:40:7e:2b:5a:a6:4e:93:ca:fe:0c:f0:c7:b5:31:37:
         a8:ef:62:e7:17:b3:78:61:d3:a6:c2:ad:dd:df:d5:82:12:dd:
         68:ca:73:a0:7f:56:e7:be:c6:db:47:4e:a9:1d:43:66:4b:af:
         88:ff:c5:66:87:88:fd:fd:a8:9b:87:db:0f:50:a1:71:60:b2:
         06:6d:19:6e:cd:8f:a6:d0:f8:99:3c:1f:69:47:0c:fd:e9:85:
         da:4b:0e:44:a0:25:15:81:20:3d:23:78:fa:8b:b8:6d:73:4e:
         7a:9f:9e:1b:8a:64:4e:82:be:94:99:39:18:6a:19:9a:d9:9f:
         6f:c6:09:35:31:65:e8:a9:32:5b:05:15:a6:ce:26:de:44:2b:
         b1:d7:f0:fd:8b:e6:22:d0:10:43:f2:65:01:e8:38:f0:33:d8:
         f3:65:db:03:cb:03:12:a7:64:0b:64:f0:c0:e8:90:d9:9f:93:
         06:05:18:36:f3:3a:d3:6c:e4:82:30:e1:ee:a8:87:e9:7c:2c:
         d5:2d:25:46:5f:4a:53:c5:36:98:6d:29:bb:1c:fd:1f:35:cf:
         37:f2:6b:af:54:b0:b7:38:a6:03:8e:35:ae:cf:e9:e2:57:1a:
         65:4a:93:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY9xhJby4zlpW9EfomdAdxuGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNTEzMTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTJiNTFiMTUwMDk1YzAzMzYyMzUwMzM1OThlYWU1MjQxMmJhOThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUzijls/8e4au1Nq7QTxzR9AAtHu
2wn14BDg24c6q05EM14Uy/SdNgdK9wRtzeyHsiEKWi8uf/G55OlcgIm0RAXFjvht
bgik3R+HDH3FlbS1Zgnv/f/wJDTZq2EVhVJMWBQt1qnX3jrVMOWttY7pBooZCMZ0
HFXA0vsT7InRFZyTNd2r2KCHeq0ltXfQWgV+vQcwxlkzUxmSUu7AWanSOnZY7qeC
nJlEYmEXdqR7ytpJO9FmJpxuVy6a8PETH8tAiU9OrvTGduWxAHZrVycFXZ10+Q2c
16+m/A/xB9/j6nKeFvaRJW69WFbL4mAGTAzjARJvAu8aMeIH2N3taFOCfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLkrUbFQCVwDNiNQM1mOrlJBK6mNMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdVN0UnNWQUpYQU0ySTFBeldZNnVVa0VycVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgUA
MA0GCSqGSIb3DQEBCwUAA4IBAQAzhYVOmpmFfsRa9NubXXzGd4KGC1dAfitapk6T
yv4M8Me1MTeo72LnF7N4YdOmwq3d39WCEt1oynOgf1bnvsbbR06pHUNmS6+I/8Vm
h4j9/aibh9sPUKFxYLIGbRluzY+m0PiZPB9pRwz96YXaSw5EoCUVgSA9I3j6i7ht
c056n54bimROgr6UmTkYahma2Z9vxgk1MWXoqTJbBRWmzibeRCux1/D9i+Yi0BBD
8mUB6DjwM9jzZdsDywMSp2QLZPDA6JDZn5MGBRg28zrTbOSCMOHuqIfpfCzVLSVG
X0pTxTaYbSm7HP0fNc838muvVLC3OKYDjjWuz+niVxplSpMN
-----END CERTIFICATE-----