Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/5vKR0WfvXoprFhIwpHFyM5N9XiE.roa
File:                     5vKR0WfvXoprFhIwpHFyM5N9XiE.roa (raw, json)
Hash identifier:          hiIAl7yM65K8CcWaTOOcMNHEgRGo4LvWvWUUygGwScw=
Subject key identifier:   E6:F2:91:D1:67:EF:5E:8A:6B:16:12:30:A4:71:72:33:93:7D:5E:21
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ED03F597BEDEFBC79D0BF12437F26
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/5vKR0WfvXoprFhIwpHFyM5N9XiE.roa
Signing time:             Thu 02 Jan 2025 05:48:23 +0000
ROA not before:           Thu 02 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200021
IP address blocks:        2a0e:aa07:e060::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d0:3f:59:7b:ed:ef:bc:79:d0:bf:12:43:7f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6f291d167ef5e8a6b161230a4717233937d5e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:81:48:74:0a:c3:38:d8:09:39:11:26:b2:e6:
                    e4:a2:c4:0a:ac:51:80:79:ff:75:78:62:ef:ec:5d:
                    69:13:7e:d9:af:55:8f:50:60:f3:30:d5:25:54:0c:
                    7b:87:d3:da:00:96:73:d9:8c:3a:13:ef:aa:1d:ee:
                    76:6f:63:2c:6f:9d:a8:a1:8f:c8:80:68:0b:73:6e:
                    75:8e:66:3e:04:d4:47:a2:b7:de:46:4b:a4:53:9a:
                    d4:af:3b:8d:68:fc:72:8a:b6:29:1e:d6:c7:dc:36:
                    b5:2e:74:ca:1c:f9:c8:9d:6b:3b:48:4c:d7:6c:cc:
                    b9:45:38:67:ca:02:f2:bb:6c:7b:34:02:4f:d3:0b:
                    53:ec:4f:74:90:cc:04:ff:90:26:e4:06:2d:4d:a0:
                    2a:7b:93:cf:98:a6:99:62:ef:a6:84:6e:ed:49:16:
                    a4:89:05:57:d6:f7:4a:e7:f8:04:72:bc:8b:56:d5:
                    c2:2c:d8:3b:17:80:ce:50:e4:30:a4:48:60:e6:fe:
                    ad:0a:17:29:ad:04:d5:d0:84:94:ce:d3:6f:ac:bc:
                    50:6e:f0:e6:95:04:8b:b3:57:45:db:c1:81:3c:e9:
                    e4:86:3b:54:3f:33:fa:20:5b:7d:9c:a7:f1:79:84:
                    f9:50:5d:be:28:da:9b:12:a3:0b:0a:ea:c6:f7:19:
                    8a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F2:91:D1:67:EF:5E:8A:6B:16:12:30:A4:71:72:33:93:7D:5E:21
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/5vKR0WfvXoprFhIwpHFyM5N9XiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e060::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:97:ca:2e:09:85:ee:8b:e1:b6:f4:84:00:ca:c5:0c:fd:78:
         8f:7b:ec:6a:a6:70:57:d1:d4:15:18:44:ff:9d:cd:3c:13:0b:
         21:fd:85:d9:ef:36:9a:20:fc:93:48:0b:1a:6a:4c:bd:15:f0:
         07:ec:29:c7:1b:75:e3:10:3d:93:e7:3c:4c:80:38:38:e7:49:
         33:3c:aa:18:13:4e:a2:3a:3d:e0:80:e6:aa:9a:bb:8b:0e:56:
         7c:5d:ed:33:ff:2c:ab:ab:4d:69:26:47:6a:8a:5b:41:30:0c:
         a6:ea:56:fd:51:7e:5d:40:70:d4:a2:0c:2e:f5:b5:bd:90:83:
         75:b9:44:81:7e:4d:9a:85:83:30:28:4f:31:24:dd:2f:70:9f:
         e7:02:7c:ac:f5:32:fc:80:0e:b0:ed:a6:dd:ef:3f:fc:c0:e7:
         74:94:a3:fb:8d:17:de:e6:d3:8d:06:4c:49:73:12:e7:2b:0d:
         76:6a:bb:10:9a:22:01:49:2a:0e:ab:a1:f8:3c:50:00:58:5d:
         5c:5c:a8:e6:72:f6:5c:c3:98:23:86:10:12:2a:d3:97:7c:f4:
         de:92:06:24:0f:99:e2:9b:b9:b8:69:fd:be:e0:e9:a9:70:e8:
         3c:88:57:10:b5:73:bd:e2:15:1c:d7:9c:27:6b:db:8e:c9:4e:
         64:5a:8f:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljtA/WXvt77x50L8SQ38mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmYyOTFkMTY3ZWY1ZThhNmIxNjEyMzBhNDcxNzIzMzkzN2Q1ZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9YFIdArDONgJOREmsubkosQKrFGA
ef91eGLv7F1pE37Zr1WPUGDzMNUlVAx7h9PaAJZz2Yw6E++qHe52b2Msb52ooY/I
gGgLc251jmY+BNRHorfeRkukU5rUrzuNaPxyirYpHtbH3Da1LnTKHPnInWs7SEzX
bMy5RThnygLyu2x7NAJP0wtT7E90kMwE/5Am5AYtTaAqe5PPmKaZYu+mhG7tSRak
iQVX1vdK5/gEcryLVtXCLNg7F4DOUOQwpEhg5v6tChcprQTV0ISUztNvrLxQbvDm
lQSLs1dF28GBPOnkhjtUPzP6IFt9nKfxeYT5UF2+KNqbEqMLCurG9xmKBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFObykdFn716KaxYSMKRxcjOTfV4hMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNXZLUjBXZnZYb3ByRmhJd3BIRnlNNU45WGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Bg
MA0GCSqGSIb3DQEBCwUAA4IBAQA8l8ouCYXui+G29IQAysUM/XiPe+xqpnBX0dQV
GET/nc08Ewsh/YXZ7zaaIPyTSAsaaky9FfAH7CnHG3XjED2T5zxMgDg450kzPKoY
E06iOj3ggOaqmruLDlZ8Xe0z/yyrq01pJkdqiltBMAym6lb9UX5dQHDUogwu9bW9
kIN1uUSBfk2ahYMwKE8xJN0vcJ/nAnys9TL8gA6w7abd7z/8wOd0lKP7jRfe5tON
BkxJcxLnKw12arsQmiIBSSoOq6H4PFAAWF1cXKjmcvZcw5gjhhASKtOXfPTekgYk
D5nim7m4af2+4OmpcOg8iFcQtXO94hUc15wna9uOyU5kWo8a
-----END CERTIFICATE-----