Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4v09e-PzNG7MsMP0keLchq9rawU.roa
File:                     4v09e-PzNG7MsMP0keLchq9rawU.roa (raw, json)
Hash identifier:          sOsgwLntiBACBFTp+eZqqpMaRlAxRG0FXKNSl1d3tmw=
Subject key identifier:   E2:FD:3D:7B:E3:F3:34:6E:CC:B0:C3:F4:91:E2:DC:86:AF:6B:6B:05
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2E33072CE23E6EFC94FD122B7BA8
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4v09e-PzNG7MsMP0keLchq9rawU.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203804
IP address blocks:        2a0e:aa07:e043::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2e:33:07:2c:e2:3e:6e:fc:94:fd:12:2b:7b:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2fd3d7be3f3346eccb0c3f491e2dc86af6b6b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fd:ac:03:cc:9b:9d:ac:5d:e2:b9:c6:a1:11:
                    0e:bf:05:bc:95:d1:fe:08:49:a3:e4:2b:de:7e:8d:
                    8e:98:23:28:9c:aa:01:bb:a4:bd:a4:86:01:32:b5:
                    08:99:93:e0:34:ae:df:94:e9:0e:9d:cc:e4:fd:f5:
                    f9:65:27:2a:5b:0e:cb:ea:58:ec:67:1e:53:8b:99:
                    70:38:f3:15:0f:e9:7b:fb:02:88:ff:80:d1:6f:22:
                    47:ec:42:ba:b6:20:f1:c0:86:bf:d8:a5:5c:cb:6c:
                    cb:23:9d:52:cb:d2:8d:8d:a9:78:0f:76:c3:93:dd:
                    39:f3:9a:5b:3d:0b:34:d5:57:eb:75:81:eb:03:2b:
                    7e:ef:78:e2:d3:18:02:80:30:b1:d8:3c:92:78:11:
                    86:13:c9:4c:9f:d9:01:9a:40:97:b3:92:24:eb:7e:
                    cf:be:4d:7b:e3:c8:7d:88:b9:5e:9d:b9:3b:c8:79:
                    99:d9:39:3d:25:4c:08:ef:7c:b3:55:8a:9d:a4:b9:
                    20:38:c5:62:d6:b0:14:63:6f:78:5e:2b:66:58:ef:
                    03:6b:cb:b6:05:54:68:df:9b:58:78:45:43:38:a3:
                    2e:f9:36:90:de:37:4a:ec:7f:51:a2:7d:0d:ed:10:
                    88:28:86:67:da:c5:0f:51:ac:ca:3f:d9:3f:4a:38:
                    57:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:FD:3D:7B:E3:F3:34:6E:CC:B0:C3:F4:91:E2:DC:86:AF:6B:6B:05
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4v09e-PzNG7MsMP0keLchq9rawU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e043::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:f0:cc:77:56:76:04:c3:9a:1b:48:fa:5a:9b:4a:36:78:93:
         7b:13:ac:2d:35:e9:71:bd:fb:af:f3:94:58:22:47:fb:6a:83:
         89:eb:5c:95:8f:ea:cc:21:a4:2e:60:2f:cd:c4:54:3a:77:8c:
         cb:29:ed:a2:c9:27:77:fe:28:5a:5f:f8:71:d4:ca:b1:97:47:
         6f:00:0d:f5:ed:71:1a:0c:d3:df:e0:2c:b5:a2:b1:00:f0:02:
         60:6e:44:9a:c3:13:f0:38:ab:da:8b:5c:01:36:5c:42:53:b2:
         bf:79:6f:76:19:ef:b9:2c:fb:69:58:de:a4:25:b9:27:13:ba:
         d3:71:f8:2d:ec:18:3b:0f:67:35:1f:62:c2:36:29:14:75:34:
         d7:cc:c1:48:5b:62:92:c0:ff:e4:22:7b:a1:63:97:19:c1:bc:
         f0:ee:d7:29:d5:3a:e4:ae:bb:8d:b5:c9:0f:8e:70:83:6c:f2:
         e1:cd:0d:8f:15:73:f3:01:a3:8f:57:74:e4:25:49:2b:12:0a:
         2c:b0:f7:6e:68:28:33:26:81:ee:8f:e6:2e:eb:c5:89:ab:79:
         2a:41:d5:a0:2f:0f:72:51:10:11:e6:9f:04:16:d3:14:c1:b4:
         a1:99:44:1e:c4:8e:f8:5a:4d:0a:94:12:99:22:3b:66:f9:7f:
         fb:67:5c:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbS4zByziPm78lP0SK3uoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmZkM2Q3YmUzZjMzNDZlY2NiMGMzZjQ5MWUyZGM4NmFmNmI2YjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhP2sA8ybnaxd4rnGoREOvwW8ldH+
CEmj5Cvefo2OmCMonKoBu6S9pIYBMrUImZPgNK7flOkOnczk/fX5ZScqWw7L6ljs
Zx5Ti5lwOPMVD+l7+wKI/4DRbyJH7EK6tiDxwIa/2KVcy2zLI51Sy9KNjal4D3bD
k90585pbPQs01VfrdYHrAyt+73ji0xgCgDCx2DySeBGGE8lMn9kBmkCXs5Ik637P
vk1748h9iLlenbk7yHmZ2Tk9JUwI73yzVYqdpLkgOMVi1rAUY294XitmWO8Da8u2
BVRo35tYeEVDOKMu+TaQ3jdK7H9Ron0N7RCIKIZn2sUPUazKP9k/SjhXLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOL9PXvj8zRuzLDD9JHi3Iava2sFMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNHYwOWUtUHpORzdNc01QMGtlTGNocTlyYXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BD
MA0GCSqGSIb3DQEBCwUAA4IBAQCI8Mx3VnYEw5obSPpam0o2eJN7E6wtNelxvfuv
85RYIkf7aoOJ61yVj+rMIaQuYC/NxFQ6d4zLKe2iySd3/ihaX/hx1Mqxl0dvAA31
7XEaDNPf4Cy1orEA8AJgbkSawxPwOKvai1wBNlxCU7K/eW92Ge+5LPtpWN6kJbkn
E7rTcfgt7Bg7D2c1H2LCNikUdTTXzMFIW2KSwP/kInuhY5cZwbzw7tcp1TrkrruN
tckPjnCDbPLhzQ2PFXPzAaOPV3TkJUkrEgossPduaCgzJoHuj+Yu68WJq3kqQdWg
Lw9yURAR5p8EFtMUwbShmUQexI74Wk0KlBKZIjtm+X/7Z1wk
-----END CERTIFICATE-----