Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9L-PeJgy_8EDTsMhESuKITu6Jvg.roa
File:                     9L-PeJgy_8EDTsMhESuKITu6Jvg.roa (raw, json)
Hash identifier:          TCeCAiIJAXGXGDbdUHcT+aV4zzPO5JJ//30f7i7HWrk=
Subject key identifier:   F4:BF:8F:78:98:32:FF:C1:03:4E:C3:21:11:2B:8A:21:3B:BA:26:F8
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D3E13E91446A8BB16DA3E89283D86
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9L-PeJgy_8EDTsMhESuKITu6Jvg.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210815
IP address blocks:        2a0e:aa07:e027::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3e:13:e9:14:46:a8:bb:16:da:3e:89:28:3d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4bf8f789832ffc1034ec321112b8a213bba26f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7a:bc:f3:c8:79:73:d1:90:f6:c1:bd:b1:94:
                    2b:5c:c5:e0:95:7e:ce:4e:6d:b7:10:15:34:85:54:
                    d9:1c:79:22:ed:03:95:48:25:43:ae:af:7e:2b:2c:
                    54:74:43:09:8d:cf:6b:11:11:31:c4:e2:08:d8:ef:
                    2a:13:9e:6a:c3:fc:d7:cf:dc:c1:f0:66:b3:b2:5a:
                    29:66:2b:18:24:0c:2b:63:6d:29:26:ea:7d:a8:8d:
                    e0:ad:41:c8:bf:29:9f:f3:32:e8:2d:91:ee:96:f5:
                    a1:c3:3a:d0:63:c5:e0:db:00:9d:c7:3c:6d:f0:48:
                    f7:49:82:d4:4b:69:07:5f:d3:25:94:a0:ca:74:35:
                    e6:33:b6:73:fd:41:f4:7d:1b:89:a9:16:31:93:3f:
                    12:04:29:0c:0b:dd:12:40:4c:26:27:ed:db:ee:ad:
                    91:ec:ef:7d:16:6e:e1:bf:7b:06:c6:d9:34:70:35:
                    75:f4:07:ae:b7:be:45:54:b5:df:31:af:95:d6:e1:
                    b5:20:cf:28:83:a2:79:66:21:19:e7:a7:de:34:57:
                    73:70:b5:aa:19:35:d6:24:a7:99:96:15:cd:8a:4e:
                    a4:77:71:3e:24:f8:75:99:7a:9a:16:06:97:5d:0d:
                    69:8c:7f:46:f1:99:f1:6a:ce:ad:32:ec:a2:2b:6a:
                    6b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BF:8F:78:98:32:FF:C1:03:4E:C3:21:11:2B:8A:21:3B:BA:26:F8
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9L-PeJgy_8EDTsMhESuKITu6Jvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e027::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:7a:d1:f3:bf:91:df:4d:a8:17:b1:0e:18:93:be:db:33:a0:
         65:55:6a:9b:2d:33:d2:40:d4:3b:49:91:90:f6:93:46:ca:20:
         4a:53:47:13:6b:b0:e3:0d:f7:fd:2c:b8:91:08:32:a5:0b:e6:
         30:dd:bf:a4:99:13:2c:71:99:3d:bc:38:53:97:16:ac:7d:77:
         52:fd:bf:62:78:08:88:ca:63:b1:44:86:d8:87:3a:62:ee:74:
         62:fe:25:90:4b:46:55:37:45:43:45:fb:73:39:11:58:4e:91:
         9c:81:ae:ae:82:b2:fb:7d:d2:80:09:83:7e:99:2c:0e:01:c5:
         99:fa:e0:58:7b:7b:d8:bc:fd:49:0c:2d:cf:a3:1b:fb:c0:07:
         26:ff:a9:18:96:ff:b5:c0:8f:6c:6c:47:d7:91:33:4d:6e:ea:
         c6:c6:9d:a6:9b:ff:bb:3b:ce:a4:91:7b:b1:00:16:b3:ea:68:
         23:38:d6:02:f6:ec:d1:84:05:2d:d7:90:56:bf:f3:b4:31:62:
         d4:12:35:3d:52:1f:9f:9c:87:57:0b:f8:17:21:fb:e2:46:d8:
         cf:71:66:93:f9:fa:84:0a:d9:d7:e7:9f:de:58:86:2c:c2:ab:
         05:70:cb:ce:70:0b:37:df:c2:f3:e0:8d:f4:3d:49:26:06:c8:
         8e:7e:f7:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbT4T6RRGqLsW2j6JKD2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJmOGY3ODk4MzJmZmMxMDM0ZWMzMjExMTJiOGEyMTNiYmEyNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3q888h5c9GQ9sG9sZQrXMXglX7O
Tm23EBU0hVTZHHki7QOVSCVDrq9+KyxUdEMJjc9rERExxOII2O8qE55qw/zXz9zB
8GazslopZisYJAwrY20pJup9qI3grUHIvymf8zLoLZHulvWhwzrQY8Xg2wCdxzxt
8Ej3SYLUS2kHX9MllKDKdDXmM7Zz/UH0fRuJqRYxkz8SBCkMC90SQEwmJ+3b7q2R
7O99Fm7hv3sGxtk0cDV19Aeut75FVLXfMa+V1uG1IM8og6J5ZiEZ56feNFdzcLWq
GTXWJKeZlhXNik6kd3E+JPh1mXqaFgaXXQ1pjH9G8Znxas6tMuyiK2prjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPS/j3iYMv/BA07DIREriiE7uib4MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvOUwtUGVKZ3lfOEVEVHNNaEVTdUtJVHU2SnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+An
MA0GCSqGSIb3DQEBCwUAA4IBAQB0etHzv5HfTagXsQ4Yk77bM6BlVWqbLTPSQNQ7
SZGQ9pNGyiBKU0cTa7DjDff9LLiRCDKlC+Yw3b+kmRMscZk9vDhTlxasfXdS/b9i
eAiIymOxRIbYhzpi7nRi/iWQS0ZVN0VDRftzORFYTpGcga6ugrL7fdKACYN+mSwO
AcWZ+uBYe3vYvP1JDC3Poxv7wAcm/6kYlv+1wI9sbEfXkTNNburGxp2mm/+7O86k
kXuxABaz6mgjONYC9uzRhAUt15BWv/O0MWLUEjU9Uh+fnIdXC/gXIfviRtjPcWaT
+fqECtnX55/eWIYswqsFcMvOcAs338Lz4I30PUkmBsiOfvew
-----END CERTIFICATE-----