Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/2jlPNaKIJlPytgaB12ghL99p45g.roa
File:                     2jlPNaKIJlPytgaB12ghL99p45g.roa (raw, json)
Hash identifier:          bFbn84HDAPTN60qeCpZbxKmp4GXaFIpI2/nOW/rvQXk=
Subject key identifier:   DA:39:4F:35:A2:88:26:53:F2:B6:06:81:D7:68:21:2F:DF:69:E3:98
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D468C1FE16C0737D4A3E01B111226
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/2jlPNaKIJlPytgaB12ghL99p45g.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216173
IP address blocks:        2a0e:aa07:e130::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:46:8c:1f:e1:6c:07:37:d4:a3:e0:1b:11:12:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da394f35a2882653f2b60681d768212fdf69e398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:91:05:d7:b9:7f:49:01:c8:26:ba:91:17:09:
                    ea:8b:1d:de:ed:13:26:85:44:34:d3:fc:8b:d0:f3:
                    b0:0a:c7:f7:9d:6b:e3:68:d6:24:80:2c:3b:32:9b:
                    b8:fd:1f:6d:36:f4:f0:9e:37:ea:34:e9:14:6e:34:
                    40:3b:15:49:c3:f0:64:64:5b:e5:12:f8:08:93:26:
                    d0:4c:17:ac:77:a6:6a:a6:bc:37:1e:fb:40:2e:e5:
                    99:b6:88:08:cc:a1:6e:df:fa:c3:63:99:e4:69:e8:
                    60:96:e0:90:12:78:df:2a:16:a7:c4:69:18:b6:60:
                    b2:ec:28:2c:f6:09:80:4a:eb:15:f8:ee:a0:a9:b8:
                    de:3a:66:ef:9f:40:d7:2a:35:87:57:03:62:be:3f:
                    86:0a:1a:4a:ec:ff:ba:ec:09:db:4f:0a:d3:f3:d7:
                    c9:14:ce:bf:c3:e7:00:32:25:ba:3d:6a:bd:5e:fe:
                    2d:3a:fc:58:a0:bd:12:e1:52:57:27:8b:b2:a8:d8:
                    b9:b7:85:5e:6c:30:f9:b4:a9:c6:3c:fe:e0:36:b9:
                    bf:4f:50:37:1b:d2:69:4f:0f:b9:c5:57:f8:d4:95:
                    44:c2:be:ff:f7:04:af:c9:2b:0b:c0:74:fa:5d:86:
                    e8:97:66:c4:0a:9a:3f:33:29:c5:0b:77:92:e7:8b:
                    38:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:39:4F:35:A2:88:26:53:F2:B6:06:81:D7:68:21:2F:DF:69:E3:98
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/2jlPNaKIJlPytgaB12ghL99p45g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e130::/44

    Signature Algorithm: sha256WithRSAEncryption
         42:57:84:a8:de:ad:5d:84:06:3d:7c:2b:3e:8c:d4:a6:c2:46:
         b7:bc:50:a5:18:15:25:c8:3a:e7:5b:ec:9c:3a:94:42:b6:ff:
         ae:5f:1f:b6:93:e2:7e:c8:e8:de:24:6d:04:b3:96:4b:8a:0c:
         9d:d2:a8:0f:f0:08:23:83:6b:5a:dd:80:9b:7e:8d:04:b5:1c:
         9a:f4:7f:01:5a:ad:ca:6d:21:30:6f:86:b8:d7:d3:a8:71:37:
         42:3c:26:c1:80:a0:fb:7e:96:2f:6b:0b:ac:d1:b8:a8:1a:48:
         39:e7:66:70:0b:d8:b3:e9:16:c0:95:a3:6b:2e:c3:bf:cb:11:
         7b:03:89:ae:02:6b:b1:c9:a7:ac:52:10:3d:c1:c1:6a:77:c1:
         cd:55:80:cf:61:16:9e:15:12:5a:e6:1c:84:ae:b7:22:a0:7f:
         da:5b:0c:8d:e2:61:b2:5b:22:f3:1e:22:04:a4:4c:d4:28:f3:
         56:bf:a3:98:a0:b6:b4:6c:89:7c:32:60:73:15:b8:41:4c:65:
         84:07:f0:97:af:08:80:9c:e6:88:aa:66:e8:9e:46:79:a1:88:
         d5:e3:e3:f0:b6:1b:1f:51:01:e9:ca:e5:66:fe:ea:a7:8d:7e:
         5e:dc:93:42:02:ee:fd:7c:49:e7:dc:aa:06:ac:7f:81:9e:59:
         09:69:fb:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUaMH+FsBzfUo+AbERImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTM5NGYzNWEyODgyNjUzZjJiNjA2ODFkNzY4MjEyZmRmNjllMzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJEF17l/SQHIJrqRFwnqix3e7RMm
hUQ00/yL0POwCsf3nWvjaNYkgCw7Mpu4/R9tNvTwnjfqNOkUbjRAOxVJw/BkZFvl
EvgIkybQTBesd6Zqprw3HvtALuWZtogIzKFu3/rDY5nkaehgluCQEnjfKhanxGkY
tmCy7Cgs9gmASusV+O6gqbjeOmbvn0DXKjWHVwNivj+GChpK7P+67AnbTwrT89fJ
FM6/w+cAMiW6PWq9Xv4tOvxYoL0S4VJXJ4uyqNi5t4VebDD5tKnGPP7gNrm/T1A3
G9JpTw+5xVf41JVEwr7/9wSvySsLwHT6XYbol2bECpo/MynFC3eS54s48QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNo5TzWiiCZT8rYGgddoIS/faeOYMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvMmpsUE5hS0lKbFB5dGdhQjEyZ2hMOTlwNDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Ew
MA0GCSqGSIb3DQEBCwUAA4IBAQBCV4So3q1dhAY9fCs+jNSmwka3vFClGBUlyDrn
W+ycOpRCtv+uXx+2k+J+yOjeJG0Es5ZLigyd0qgP8Agjg2ta3YCbfo0EtRya9H8B
Wq3KbSEwb4a419OocTdCPCbBgKD7fpYvawus0bioGkg552ZwC9iz6RbAlaNrLsO/
yxF7A4muAmuxyaesUhA9wcFqd8HNVYDPYRaeFRJa5hyErrcioH/aWwyN4mGyWyLz
HiIEpEzUKPNWv6OYoLa0bIl8MmBzFbhBTGWEB/CXrwiAnOaIqmbonkZ5oYjV4+Pw
thsfUQHpyuVm/uqnjX5e3JNCAu79fEnn3KoGrH+BnlkJafuK
-----END CERTIFICATE-----