Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/2MOWvStREzM0Pof9MmB_TQPTL5I.roa
File:                     2MOWvStREzM0Pof9MmB_TQPTL5I.roa (raw, json)
Hash identifier:          C0raf+vxVMiLgEY0Tw2Pw2nLCXSelQQ6E2CwvaHs0yw=
Subject key identifier:   D8:C3:96:BD:2B:51:13:33:34:3E:87:FD:32:60:7F:4D:03:D3:2F:92
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D37D78FC313602867728E2E1D3221
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/2MOWvStREzM0Pof9MmB_TQPTL5I.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209306
IP address blocks:        2a0e:aa06:400::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:37:d7:8f:c3:13:60:28:67:72:8e:2e:1d:32:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8c396bd2b511333343e87fd32607f4d03d32f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fb:25:c5:f1:3d:38:7b:db:fe:85:8a:94:14:
                    5f:04:c8:8b:7d:80:45:45:66:cd:7a:13:92:fa:1c:
                    73:2a:c4:59:48:3d:eb:93:21:a9:5d:c4:00:e4:ea:
                    95:6d:cb:9c:73:4e:a9:26:a5:40:e7:a2:62:b9:32:
                    c3:66:7f:6b:11:3d:5d:e4:0c:1b:c4:b2:74:95:2c:
                    2f:f5:f0:61:0b:16:e3:61:96:79:4b:21:90:b4:95:
                    b9:8d:73:94:13:c2:4e:85:9c:53:22:d7:b6:fa:ec:
                    1d:76:b1:1f:2d:44:5f:5d:28:0c:1c:3c:fc:1d:dd:
                    a2:cd:69:b4:31:24:33:bf:ce:94:55:92:8f:d1:98:
                    0f:34:8d:95:72:9e:5a:ee:aa:4c:74:2b:6a:a7:4b:
                    03:2b:01:36:db:f4:49:3b:81:b6:d2:b6:5b:96:e7:
                    b7:79:4a:00:99:85:e9:34:78:83:c9:cc:cb:74:db:
                    5a:a1:8b:28:9e:da:f5:1d:7f:d3:bf:b5:30:06:75:
                    04:4a:ba:7f:e8:27:b6:78:73:b0:04:0c:b3:94:4e:
                    52:27:86:b8:a6:44:f3:c7:82:ec:9f:74:b7:0d:78:
                    9b:1b:f6:74:48:5e:97:a7:ef:92:fe:2e:89:87:a2:
                    b1:c6:ec:bc:bb:2b:0a:59:49:b6:9d:48:0d:45:63:
                    b5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C3:96:BD:2B:51:13:33:34:3E:87:FD:32:60:7F:4D:03:D3:2F:92
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/2MOWvStREzM0Pof9MmB_TQPTL5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:fc:6e:4c:94:5b:32:61:c8:63:13:eb:0c:2d:80:69:46:c6:
         88:50:d4:d5:14:6d:a0:cf:61:25:b5:44:53:32:48:5e:1c:03:
         8e:93:27:2c:a5:6d:d2:04:4c:f9:6f:82:51:09:fd:3e:3a:32:
         74:7b:cb:a2:ae:33:8b:02:a4:cc:be:29:f2:2c:71:ba:4c:b5:
         39:5d:71:20:ad:82:1a:5f:ef:1b:63:89:cc:6d:5a:7b:c1:69:
         44:42:24:6f:0e:4b:2f:7a:1a:28:60:93:d6:96:d8:51:0f:65:
         f9:10:7b:6c:8b:99:9d:9c:09:a2:7e:1f:5d:8c:30:32:c3:b1:
         a1:82:bd:21:01:e1:b0:b2:b4:05:54:46:fc:83:99:f4:65:86:
         87:a5:be:15:72:96:f0:0f:46:11:59:36:34:65:ba:ca:7d:d1:
         09:cf:9e:84:67:46:b5:55:4d:12:ca:e7:bb:e6:4e:d8:14:b2:
         24:4a:68:09:72:af:19:29:5c:a7:1f:af:82:c6:23:ec:f5:50:
         55:dc:d3:a8:0f:d6:5a:a2:48:51:87:92:91:fb:64:71:80:09:
         67:26:c8:10:d0:aa:b2:b4:51:41:8a:dd:ee:1f:e4:56:b0:67:
         d1:d8:d6:a3:c0:48:2e:af:b2:cf:7a:61:dd:11:33:59:97:4a:
         b9:65:6b:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTfXj8MTYChnco4uHTIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGMzOTZiZDJiNTExMzMzMzQzZTg3ZmQzMjYwN2Y0ZDAzZDMyZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivslxfE9OHvb/oWKlBRfBMiLfYBF
RWbNehOS+hxzKsRZSD3rkyGpXcQA5OqVbcucc06pJqVA56JiuTLDZn9rET1d5Awb
xLJ0lSwv9fBhCxbjYZZ5SyGQtJW5jXOUE8JOhZxTIte2+uwddrEfLURfXSgMHDz8
Hd2izWm0MSQzv86UVZKP0ZgPNI2Vcp5a7qpMdCtqp0sDKwE22/RJO4G20rZblue3
eUoAmYXpNHiDyczLdNtaoYsontr1HX/Tv7UwBnUESrp/6Ce2eHOwBAyzlE5SJ4a4
pkTzx4Lsn3S3DXibG/Z0SF6Xp++S/i6Jh6Kxxuy8uysKWUm2nUgNRWO1zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNjDlr0rURMzND6H/TJgf00D0y+SMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvMk1PV3ZTdFJFek0wUG9mOU1tQl9UUVBUTDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgQA
MA0GCSqGSIb3DQEBCwUAA4IBAQB0/G5MlFsyYchjE+sMLYBpRsaIUNTVFG2gz2El
tURTMkheHAOOkycspW3SBEz5b4JRCf0+OjJ0e8uirjOLAqTMvinyLHG6TLU5XXEg
rYIaX+8bY4nMbVp7wWlEQiRvDksvehooYJPWlthRD2X5EHtsi5mdnAmifh9djDAy
w7Ghgr0hAeGwsrQFVEb8g5n0ZYaHpb4VcpbwD0YRWTY0ZbrKfdEJz56EZ0a1VU0S
yue75k7YFLIkSmgJcq8ZKVynH6+CxiPs9VBV3NOoD9ZaokhRh5KR+2RxgAlnJsgQ
0KqytFFBit3uH+RWsGfR2NajwEgur7LPemHdETNZl0q5ZWs9
-----END CERTIFICATE-----