Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/zTlI2FZF4paEg9ObJ5lgEA9i0Dg.roa
File:                     zTlI2FZF4paEg9ObJ5lgEA9i0Dg.roa (raw, json)
Hash identifier:          XMdT2ZSsW1GPIVBihzHtVnZAZSuGYS00u9iZtKL0R6g=
Subject key identifier:   CD:39:48:D8:56:45:E2:96:84:83:D3:9B:27:99:60:10:0F:62:D0:38
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ECCAFC16E7A2EF3DF3F30894EC418
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/zTlI2FZF4paEg9ObJ5lgEA9i0Dg.roa
Signing time:             Thu 02 Jan 2025 05:48:23 +0000
ROA not before:           Thu 02 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197626
IP address blocks:        2a0e:aa07:e0f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:cc:af:c1:6e:7a:2e:f3:df:3f:30:89:4e:c4:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd3948d85645e2968483d39b279960100f62d038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:41:c8:22:3d:c5:6f:b3:86:2a:3d:a6:1f:81:
                    16:fc:16:68:08:8b:2e:3f:39:b5:45:aa:87:40:ae:
                    73:2c:48:a3:bd:e7:c9:5d:d3:b6:ed:fc:5e:bc:78:
                    24:12:31:ab:69:a6:83:ed:0d:85:26:79:c4:45:26:
                    83:dc:5a:f0:c2:e4:0b:38:9c:de:e4:b5:34:c6:ee:
                    a1:19:53:d5:32:7a:0d:5a:03:f0:7c:0d:3a:dd:42:
                    ba:a7:29:df:ad:6f:92:c5:95:66:42:0f:5c:4b:1a:
                    37:ed:06:af:fe:df:9f:2f:f7:ca:95:94:84:d9:91:
                    dc:88:ed:38:de:de:af:fa:98:c7:02:1f:00:ab:30:
                    18:f9:57:67:ff:f9:81:1b:0f:ee:85:36:70:ba:0b:
                    62:8c:da:48:ed:d8:54:96:4c:62:61:dc:c9:50:a3:
                    4d:fe:a5:2c:d6:3e:e9:fa:46:02:f5:bb:62:b8:69:
                    3e:65:4b:8d:2f:28:40:73:8f:ed:7a:48:d4:69:40:
                    45:e4:a7:39:92:b9:3f:82:c6:77:75:9c:a1:59:f1:
                    df:ad:72:99:bf:64:71:b0:88:16:04:50:95:7e:97:
                    b5:76:9e:b2:51:f8:1a:0a:a5:3f:10:90:33:aa:ce:
                    b5:e3:e0:29:50:be:5a:58:23:38:2f:78:b4:de:e1:
                    31:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:39:48:D8:56:45:E2:96:84:83:D3:9B:27:99:60:10:0F:62:D0:38
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/zTlI2FZF4paEg9ObJ5lgEA9i0Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e0f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5f:16:99:bf:c8:da:e4:fa:a2:6a:71:47:9f:35:13:73:51:e3:
         94:53:80:36:de:f6:f9:e3:93:a4:8b:53:0d:7e:de:b6:01:9c:
         95:60:b0:1e:d7:8d:d8:31:a6:c9:bd:e5:80:bf:fa:10:48:31:
         91:43:98:f7:9f:a2:b2:04:b0:ba:5b:8a:14:ad:27:d6:5a:c3:
         60:b3:23:b0:cc:0f:d9:ce:0c:78:51:a7:42:77:bb:e7:a2:22:
         6b:46:ea:4e:fe:df:4c:f4:2e:2f:9c:ca:ab:bd:d3:aa:f3:12:
         7c:50:ba:a5:c0:22:9c:f6:1a:f0:79:64:6b:1e:8b:1b:1b:87:
         ee:35:81:34:f3:a4:e0:a8:f1:4b:b3:40:51:f9:fc:e7:04:4b:
         0e:27:fc:47:45:8b:bd:b4:07:e6:1a:c1:e0:89:1e:95:53:00:
         00:a4:60:92:92:e3:da:76:07:5e:e0:ff:6a:02:77:56:72:52:
         44:35:4d:53:47:a4:5a:b5:67:ff:5a:2a:9b:24:17:1a:fd:15:
         a5:a7:a2:c3:65:dc:96:c0:10:00:16:68:ce:b1:c0:72:9f:bf:
         4b:fc:bc:8f:88:5e:5a:d1:13:dd:e7:98:bd:6b:da:9b:9e:51:
         00:45:9d:2a:4f:fa:af:54:71:7c:09:ad:61:76:76:91:f2:12:
         52:63:03:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljsyvwW56LvPfPzCJTsQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDM5NDhkODU2NDVlMjk2ODQ4M2QzOWIyNzk5NjAxMDBmNjJkMDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEHIIj3Fb7OGKj2mH4EW/BZoCIsu
Pzm1RaqHQK5zLEijvefJXdO27fxevHgkEjGraaaD7Q2FJnnERSaD3FrwwuQLOJze
5LU0xu6hGVPVMnoNWgPwfA063UK6pynfrW+SxZVmQg9cSxo37Qav/t+fL/fKlZSE
2ZHciO043t6v+pjHAh8AqzAY+Vdn//mBGw/uhTZwugtijNpI7dhUlkxiYdzJUKNN
/qUs1j7p+kYC9btiuGk+ZUuNLyhAc4/tekjUaUBF5Kc5krk/gsZ3dZyhWfHfrXKZ
v2RxsIgWBFCVfpe1dp6yUfgaCqU/EJAzqs614+ApUL5aWCM4L3i03uEx7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM05SNhWReKWhIPTmyeZYBAPYtA4MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvelRsSTJGWkY0cGFFZzlPYko1bGdFQTlpMERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Dw
MA0GCSqGSIb3DQEBCwUAA4IBAQBfFpm/yNrk+qJqcUefNRNzUeOUU4A23vb545Ok
i1MNft62AZyVYLAe143YMabJveWAv/oQSDGRQ5j3n6KyBLC6W4oUrSfWWsNgsyOw
zA/Zzgx4UadCd7vnoiJrRupO/t9M9C4vnMqrvdOq8xJ8ULqlwCKc9hrweWRrHosb
G4fuNYE086TgqPFLs0BR+fznBEsOJ/xHRYu9tAfmGsHgiR6VUwAApGCSkuPadgde
4P9qAndWclJENU1TR6RatWf/WiqbJBca/RWlp6LDZdyWwBAAFmjOscByn79L/LyP
iF5a0RPd55i9a9qbnlEARZ0qT/qvVHF8Ca1hdnaR8hJSYwOO
-----END CERTIFICATE-----