Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4n6chqZ2PpPUabIZijAj4-kpeR8.roa
File:                     4n6chqZ2PpPUabIZijAj4-kpeR8.roa (raw, json)
Hash identifier:          MQBolZCdzqxQwlUXVQy4bVINPO9kujK0YjWg8PaB1dk=
Subject key identifier:   E2:7E:9C:86:A6:76:3E:93:D4:69:B2:19:8A:30:23:E3:E9:29:79:1F
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2BA4EA1091246C35C55C09B5328E
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4n6chqZ2PpPUabIZijAj4-kpeR8.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198768
IP address blocks:        2a0e:aa07:e080::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:a4:ea:10:91:24:6c:35:c5:5c:09:b5:32:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e27e9c86a6763e93d469b2198a3023e3e929791f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:35:74:b8:2c:8a:97:54:4c:32:4d:15:19:06:
                    0b:99:f5:38:64:db:5a:36:cc:41:0b:78:27:f5:f3:
                    73:7e:88:e8:02:2a:35:57:04:a8:ed:d5:54:2c:26:
                    17:56:88:8a:2c:f1:2f:91:ad:a9:c2:5a:14:cf:0c:
                    30:2c:6b:a4:7b:6f:c0:82:3d:18:99:d6:91:99:a7:
                    16:e6:af:ab:40:14:e3:5f:ad:b3:94:20:f3:3a:72:
                    22:52:51:32:ea:20:cc:e6:5f:3d:75:be:ef:d1:1b:
                    b7:a4:a8:57:f6:5e:1f:30:43:6d:dd:fe:66:18:b1:
                    d4:d1:fd:f8:14:e0:a7:7b:67:8e:dc:9b:25:da:53:
                    d7:1c:8f:d6:f6:b6:ab:d0:ad:0f:26:82:59:95:3d:
                    0b:3a:e2:6e:71:cb:71:8c:c6:59:47:02:ec:9f:08:
                    8e:84:4d:d5:bc:38:6d:34:09:e3:b5:5e:7f:4c:f8:
                    0a:ed:8f:bb:1b:93:cd:56:0d:2b:5e:1f:a9:3f:77:
                    b0:b3:37:31:6b:5c:78:5b:c3:03:53:a2:4f:6b:67:
                    9c:c3:99:88:1e:03:f7:bd:54:7d:c9:07:65:2b:5a:
                    3f:43:00:5c:c9:cf:d9:2c:20:cf:d5:0c:fc:fd:1b:
                    ab:df:18:5b:a0:cf:5c:7e:3c:4d:7f:41:5f:33:38:
                    40:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7E:9C:86:A6:76:3E:93:D4:69:B2:19:8A:30:23:E3:E9:29:79:1F
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4n6chqZ2PpPUabIZijAj4-kpeR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e080::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:eb:62:35:b0:eb:97:f9:cc:e0:05:ea:2d:a3:a0:0d:b6:66:
         d7:bb:55:f1:0f:5c:fa:bf:99:a6:b2:bd:6a:64:8c:25:68:79:
         b9:d6:fc:1f:6c:cd:0a:4b:d3:6e:75:3c:5c:f4:cc:60:36:24:
         9b:b0:18:dc:b9:37:37:56:9a:83:0b:5a:eb:fe:41:34:d3:5c:
         90:e8:d4:08:3e:02:14:a4:df:36:e7:d1:db:64:56:97:8c:fb:
         f5:dc:3d:18:a3:d0:72:fd:7c:24:fd:5c:d6:85:2b:1c:27:43:
         a6:6a:f9:85:b4:26:c6:1e:40:62:63:ef:d4:84:f4:de:3a:ea:
         b0:70:a4:8a:29:80:37:77:dc:43:df:fb:52:b1:88:13:fd:67:
         7a:c9:86:2d:b9:8b:98:94:b8:62:99:10:fd:97:57:57:cc:d4:
         a5:3e:64:03:16:17:05:6c:f7:11:0c:4b:db:1b:02:95:f4:a3:
         68:e7:87:b4:3e:29:b0:6a:36:b5:7e:fe:f6:ed:a7:d3:50:7c:
         af:8b:c0:86:61:09:f9:16:1d:48:02:b1:62:ef:02:f6:33:95:
         b1:57:a5:c6:41:4f:5a:08:2f:65:4d:ad:b0:3c:38:25:76:34:
         18:3e:c4:32:d8:e2:aa:41:cb:cf:b9:2d:3f:4e:ef:07:47:08:
         a5:53:1b:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSuk6hCRJGw1xVwJtTKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjdlOWM4NmE2NzYzZTkzZDQ2OWIyMTk4YTMwMjNlM2U5Mjk3OTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTV0uCyKl1RMMk0VGQYLmfU4ZNta
NsxBC3gn9fNzfojoAio1VwSo7dVULCYXVoiKLPEvka2pwloUzwwwLGuke2/Agj0Y
mdaRmacW5q+rQBTjX62zlCDzOnIiUlEy6iDM5l89db7v0Ru3pKhX9l4fMENt3f5m
GLHU0f34FOCne2eO3Jsl2lPXHI/W9rar0K0PJoJZlT0LOuJucctxjMZZRwLsnwiO
hE3VvDhtNAnjtV5/TPgK7Y+7G5PNVg0rXh+pP3ewszcxa1x4W8MDU6JPa2ecw5mI
HgP3vVR9yQdlK1o/QwBcyc/ZLCDP1Qz8/Rur3xhboM9cfjxNf0FfMzhAXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOJ+nIamdj6T1GmyGYowI+PpKXkfMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNG42Y2hxWjJQcFBVYWJJWmlqQWo0LWtwZVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+CA
MA0GCSqGSIb3DQEBCwUAA4IBAQBt62I1sOuX+czgBeoto6ANtmbXu1XxD1z6v5mm
sr1qZIwlaHm51vwfbM0KS9NudTxc9MxgNiSbsBjcuTc3VpqDC1rr/kE001yQ6NQI
PgIUpN8259HbZFaXjPv13D0Yo9By/Xwk/VzWhSscJ0OmavmFtCbGHkBiY+/UhPTe
OuqwcKSKKYA3d9xD3/tSsYgT/Wd6yYYtuYuYlLhimRD9l1dXzNSlPmQDFhcFbPcR
DEvbGwKV9KNo54e0Pimwaja1fv727afTUHyvi8CGYQn5Fh1IArFi7wL2M5WxV6XG
QU9aCC9lTa2wPDgldjQYPsQy2OKqQcvPuS0/Tu8HRwilUxtM
-----END CERTIFICATE-----