Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/wh8oC_5eX3RPYxlU2AUW1WtdlbA.roa
File:                     wh8oC_5eX3RPYxlU2AUW1WtdlbA.roa (raw, json)
Hash identifier:          90TEwsMfYN4fihkeTwEwDmdiTRJ4vqtyMbizC8dMrAQ=
Subject key identifier:   C2:1F:28:0B:FE:5E:5F:74:4F:63:19:54:D8:05:16:D5:6B:5D:95:B0
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EE895A367E68959103A7BAB279815
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/wh8oC_5eX3RPYxlU2AUW1WtdlbA.roa
Signing time:             Thu 02 Jan 2025 05:48:30 +0000
ROA not before:           Thu 02 Jan 2025 05:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211968
IP address blocks:        2a0e:aa07:e01a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e8:95:a3:67:e6:89:59:10:3a:7b:ab:27:98:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c21f280bfe5e5f744f631954d80516d56b5d95b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:96:ed:b2:f1:cb:b6:1c:2e:76:65:44:4d:42:
                    78:dd:b1:51:f4:6f:86:c5:33:a0:ac:44:d0:e6:5a:
                    cf:7f:06:2f:6e:2b:2b:d6:85:48:e4:05:63:2d:57:
                    78:39:a7:df:b5:3e:69:bb:21:31:7a:a3:c7:f6:a4:
                    3c:01:f0:d8:bc:4c:eb:d5:ce:52:fa:5f:76:25:08:
                    51:c0:25:18:0b:41:c5:a7:99:6b:af:5b:27:95:51:
                    89:fc:c7:93:5c:83:2c:52:79:12:9e:b9:29:02:00:
                    26:ef:90:0c:4c:4d:23:57:9e:89:82:8f:ee:b4:be:
                    ac:c4:3e:a1:4e:77:d4:71:80:60:af:06:35:42:40:
                    ba:2a:a7:e1:cb:bb:da:58:c7:ce:2f:10:ec:78:0f:
                    11:b5:c9:a7:04:2c:56:66:b5:6f:99:c8:0f:eb:9d:
                    41:91:f8:f8:7e:8d:46:c0:92:d5:70:0b:29:61:a9:
                    ce:3d:ef:40:55:1f:f1:31:f0:20:bd:ee:6b:c3:1f:
                    e5:87:a1:3b:da:64:2e:a5:1d:9f:4f:92:12:68:7b:
                    7e:7a:b3:5f:9f:0b:40:b9:6f:0a:4a:e3:96:5c:bd:
                    a2:3c:d9:25:40:81:70:ca:44:e6:f4:23:1f:ea:1d:
                    39:ac:f7:39:d8:84:db:03:0e:81:2c:ab:7a:99:68:
                    c1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:1F:28:0B:FE:5E:5F:74:4F:63:19:54:D8:05:16:D5:6B:5D:95:B0
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/wh8oC_5eX3RPYxlU2AUW1WtdlbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e01a::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:2f:65:c9:32:d7:49:99:6a:f0:c9:f2:02:55:c3:38:6e:0d:
         2e:d2:4c:a8:64:c0:88:1c:57:b5:45:70:2d:fe:60:6f:e6:91:
         a8:3a:02:31:5e:bc:53:7c:39:e4:2d:98:4a:65:cf:e9:9e:ab:
         eb:10:9e:08:e9:e5:ce:06:3e:33:85:ba:6b:42:70:c1:24:3c:
         43:bf:6a:4b:c5:ab:a0:27:60:0e:3d:b0:3f:46:72:ff:2f:a1:
         6e:14:c3:44:1f:c8:46:00:13:78:25:18:f1:cc:75:10:94:38:
         fc:03:54:b3:73:0f:0c:d1:32:cc:82:03:b0:36:1a:a6:a7:53:
         2a:7b:e0:b0:30:ea:22:58:9d:15:24:5c:25:e0:bb:b9:67:48:
         52:19:a4:ed:d6:dc:4e:fc:74:e0:f1:ee:c7:37:76:3a:e8:fe:
         17:33:81:35:5a:4c:b3:da:e3:1c:5e:0f:b7:6e:2c:16:36:35:
         cf:b5:75:e5:e3:6a:ae:fe:45:86:d8:56:35:d4:b1:15:f1:2f:
         41:10:45:38:d7:b1:c0:ce:47:07:30:96:3e:aa:e7:a2:6c:32:
         fe:d6:bc:3f:78:8f:af:54:df:a3:20:40:0e:a9:99:34:c2:eb:
         79:4b:a6:1a:21:94:ac:a8:81:77:57:b4:c8:3e:7e:e6:a4:d1:
         e1:ea:71:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljuiVo2fmiVkQOnurJ5gVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjFmMjgwYmZlNWU1Zjc0NGY2MzE5NTRkODA1MTZkNTZiNWQ5NWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5btsvHLthwudmVETUJ43bFR9G+G
xTOgrETQ5lrPfwYvbisr1oVI5AVjLVd4OafftT5puyExeqPH9qQ8AfDYvEzr1c5S
+l92JQhRwCUYC0HFp5lrr1snlVGJ/MeTXIMsUnkSnrkpAgAm75AMTE0jV56Jgo/u
tL6sxD6hTnfUcYBgrwY1QkC6Kqfhy7vaWMfOLxDseA8RtcmnBCxWZrVvmcgP651B
kfj4fo1GwJLVcAspYanOPe9AVR/xMfAgve5rwx/lh6E72mQupR2fT5ISaHt+erNf
nwtAuW8KSuOWXL2iPNklQIFwykTm9CMf6h05rPc52ITbAw6BLKt6mWjB1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIfKAv+Xl90T2MZVNgFFtVrXZWwMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvd2g4b0NfNWVYM1JQWXhsVTJBVVcxV3RkbGJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Aa
MA0GCSqGSIb3DQEBCwUAA4IBAQCLL2XJMtdJmWrwyfICVcM4bg0u0kyoZMCIHFe1
RXAt/mBv5pGoOgIxXrxTfDnkLZhKZc/pnqvrEJ4I6eXOBj4zhbprQnDBJDxDv2pL
xaugJ2AOPbA/RnL/L6FuFMNEH8hGABN4JRjxzHUQlDj8A1Szcw8M0TLMggOwNhqm
p1Mqe+CwMOoiWJ0VJFwl4Lu5Z0hSGaTt1txO/HTg8e7HN3Y66P4XM4E1Wkyz2uMc
Xg+3biwWNjXPtXXl42qu/kWG2FY11LEV8S9BEEU417HAzkcHMJY+queibDL+1rw/
eI+vVN+jIEAOqZk0wut5S6YaIZSsqIF3V7TIPn7mpNHh6nER
-----END CERTIFICATE-----