Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/1-0JPHvFw3UpJEvL9yIMvCuxEFSk.roa
File:                     1-0JPHvFw3UpJEvL9yIMvCuxEFSk.roa (raw, json)
Hash identifier:          8ZTSs7ba4TpAkpYP+ouqOhrOF/U0RAaUZqk0pTcYqPE=
Subject key identifier:   FB:42:4F:1E:F1:70:DD:4A:49:12:F2:FD:C8:83:2F:0A:EC:44:15:29
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EC80D9C2D7B6D8CE131DF15575B90
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/1-0JPHvFw3UpJEvL9yIMvCuxEFSk.roa
Signing time:             Thu 02 Jan 2025 05:48:21 +0000
ROA not before:           Thu 02 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135028
IP address blocks:        2a0e:aa07:f010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 14:41:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c8:0d:9c:2d:7b:6d:8c:e1:31:df:15:57:5b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb424f1ef170dd4a4912f2fdc8832f0aec441529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:f5:da:49:69:c1:c8:b2:b4:e2:d0:42:a9:7c:
                    c3:cd:da:08:eb:b7:8c:db:6c:f6:0c:1e:d7:4d:fc:
                    8f:2d:87:c2:9b:70:86:43:4f:c3:28:dc:42:a1:51:
                    af:fe:50:20:11:cd:b0:55:7d:ff:a4:3f:18:25:7f:
                    92:65:92:f7:f3:f7:9e:52:f2:ae:ef:4c:66:8d:72:
                    07:07:82:24:76:24:a1:43:99:b0:59:af:0d:cd:16:
                    df:fc:9d:0f:38:0b:25:85:12:6c:94:bf:e4:fb:34:
                    f9:da:02:ab:f4:82:ae:a3:66:ec:dc:d4:6d:1a:e0:
                    cb:76:d9:9a:cd:5d:a1:78:32:39:1f:b9:52:36:b0:
                    80:38:80:04:00:39:ef:f1:b1:93:1a:f1:45:fd:6f:
                    f9:78:52:27:e5:09:02:f0:5a:58:be:18:93:4a:5b:
                    5b:bf:03:d0:a2:8e:74:df:b5:15:ce:67:31:b7:97:
                    5f:2a:26:07:1d:fb:51:9d:52:e9:15:65:6d:d2:98:
                    00:c9:8c:25:c2:b7:81:40:e1:d4:55:4c:91:15:c2:
                    9a:72:9b:25:62:a9:ee:f8:c7:32:ef:b7:92:0a:41:
                    44:de:43:b1:37:12:cd:45:32:2a:93:59:c2:fe:94:
                    ab:00:6d:4a:b1:39:d6:b1:49:b4:14:b1:1b:34:ee:
                    fa:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:42:4F:1E:F1:70:DD:4A:49:12:F2:FD:C8:83:2F:0A:EC:44:15:29
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/1-0JPHvFw3UpJEvL9yIMvCuxEFSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f010::/44

    Signature Algorithm: sha256WithRSAEncryption
         24:38:76:46:01:8d:4b:c4:fa:55:0c:e7:a6:e0:d3:9c:35:d1:
         b5:cc:43:e4:5a:95:c2:ba:61:56:16:5e:f6:b5:53:fb:95:d1:
         18:78:7a:19:b1:b3:83:7c:19:96:6b:e2:49:1c:f0:cc:05:33:
         ff:a4:ea:82:33:09:7a:a8:2d:c7:b3:66:b5:bd:23:32:a1:98:
         20:30:a9:e6:d9:3f:56:37:97:b0:02:e4:89:71:af:68:12:30:
         aa:a8:78:9d:28:2e:ae:2a:f0:86:4f:f5:93:70:57:f3:2b:79:
         ce:51:e5:cc:34:af:64:2b:23:18:af:4f:63:a6:88:ae:84:25:
         09:0c:ea:a9:fb:f4:fc:ce:c1:a0:4e:e3:a5:45:0a:81:ff:e3:
         5a:bf:7d:53:de:30:5c:e9:af:1c:e8:6e:be:e3:54:18:28:ec:
         dc:22:c4:1b:c3:90:6e:e9:50:6f:63:b0:43:64:f8:11:a3:98:
         e1:e6:84:f6:f3:4a:ab:17:ee:4c:ce:7f:2b:2d:93:be:c8:94:
         84:59:4a:79:d1:ca:cd:ea:e9:8a:cf:e6:b7:a5:cc:a0:f3:e5:
         aa:c7:2a:7d:0e:4a:fd:68:85:e6:f3:e5:9a:35:22:e2:b7:c5:
         12:6b:97:60:a8:ec:9b:00:20:80:c8:27:87:b8:7e:28:e5:10:
         a4:b8:cc:47
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQljsgNnC17bYzhMd8VV1uQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjQyNGYxZWYxNzBkZDRhNDkxMmYyZmRjODgzMmYwYWVjNDQxNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6/XaSWnByLK04tBCqXzDzdoI67eM
22z2DB7XTfyPLYfCm3CGQ0/DKNxCoVGv/lAgEc2wVX3/pD8YJX+SZZL38/eeUvKu
70xmjXIHB4IkdiShQ5mwWa8NzRbf/J0POAslhRJslL/k+zT52gKr9IKuo2bs3NRt
GuDLdtmazV2heDI5H7lSNrCAOIAEADnv8bGTGvFF/W/5eFIn5QkC8FpYvhiTSltb
vwPQoo5037UVzmcxt5dfKiYHHftRnVLpFWVt0pgAyYwlwreBQOHUVUyRFcKacpsl
Yqnu+Mcy77eSCkFE3kOxNxLNRTIqk1nC/pSrAG1KsTnWsUm0FLEbNO768wIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPtCTx7xcN1KSRLy/ciDLwrsRBUpMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvMS0wSlBIdkZ3M1VwSkV2TDl5SU12Q3V4RUZTay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2YvNzJiZjJmLThlMzQtNDhhMi04NDlhLWE1NDFkMWJjZWUx
OS8xL2syRzF6V2xvSmJkUHpMcDlsOFBRb25KTzg2by5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOqgfw
EDANBgkqhkiG9w0BAQsFAAOCAQEAJDh2RgGNS8T6VQznpuDTnDXRtcxD5FqVwrph
VhZe9rVT+5XRGHh6GbGzg3wZlmviSRzwzAUz/6TqgjMJeqgtx7Nmtb0jMqGYIDCp
5tk/VjeXsALkiXGvaBIwqqh4nSgurirwhk/1k3BX8yt5zlHlzDSvZCsjGK9PY6aI
roQlCQzqqfv0/M7BoE7jpUUKgf/jWr99U94wXOmvHOhuvuNUGCjs3CLEG8OQbulQ
b2OwQ2T4EaOY4eaE9vNKqxfuTM5/Ky2TvsiUhFlKedHKzerpis/mt6XMoPPlqscq
fQ5K/WiF5vPlmjUi4rfFEmuXYKjsmwAggMgnh7h+KOUQpLjMRw==
-----END CERTIFICATE-----