Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9XpFQJd0zLDK84uKR5qh5u1UFWI.roa
File:                     9XpFQJd0zLDK84uKR5qh5u1UFWI.roa (raw, json)
Hash identifier:          U5bnBBEpX433JqMhyUwvM22Xf2SnYRrTVR7p7mKy9Ck=
Subject key identifier:   F5:7A:45:40:97:74:CC:B0:CA:F3:8B:8A:47:9A:A1:E6:ED:54:15:62
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D44E1C81A6090A268B081806C94A5
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9XpFQJd0zLDK84uKR5qh5u1UFWI.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212705
IP address blocks:        2a0e:aa07:e019::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:44:e1:c8:1a:60:90:a2:68:b0:81:80:6c:94:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f57a45409774ccb0caf38b8a479aa1e6ed541562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b9:d5:94:54:61:ad:8e:1e:89:a0:87:a0:f3:
                    90:b2:3d:8d:36:c8:08:28:cc:22:bd:51:da:1d:9a:
                    5c:45:b0:ae:d6:80:3f:84:fc:a9:24:53:a8:55:dc:
                    20:01:63:1c:91:ab:e4:cd:49:d6:6b:69:92:8a:9c:
                    b8:fb:60:cd:8a:48:c8:7c:23:22:6c:97:3f:51:3a:
                    71:8e:af:6b:a8:0d:c5:dd:52:d8:29:69:b4:af:f9:
                    9e:cf:06:ab:10:75:0b:94:54:55:bb:52:91:b7:2d:
                    5f:27:7a:f6:bd:ce:b4:65:4d:00:33:be:a5:60:34:
                    39:a1:e4:d8:8e:f1:4b:d6:e5:10:dc:b0:ec:c8:1a:
                    1d:8b:85:c1:43:7e:71:03:82:e5:42:dc:2c:23:15:
                    7a:f0:90:7a:fe:4c:e9:74:b6:7f:d0:14:39:82:01:
                    a8:d7:da:a4:52:76:ca:d8:41:9b:59:2b:cb:7c:b5:
                    bf:24:9e:40:a8:72:a3:41:42:2f:d3:d8:62:f1:c4:
                    97:4f:cb:97:3c:33:36:80:dd:07:ca:ce:5b:1c:87:
                    85:5e:ed:ca:cb:45:ab:9f:69:32:79:04:f2:0e:f5:
                    3e:d9:ca:4a:d3:b5:ff:e0:c7:dc:cf:0f:3d:eb:a9:
                    25:3b:7a:dc:12:91:42:06:13:8c:ed:96:c8:52:be:
                    7f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:7A:45:40:97:74:CC:B0:CA:F3:8B:8A:47:9A:A1:E6:ED:54:15:62
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9XpFQJd0zLDK84uKR5qh5u1UFWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e019::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:72:07:d7:52:64:b0:47:25:c9:98:ce:44:bb:69:c2:b9:a4:
         3e:b6:b4:cc:d8:64:b2:e2:59:8f:64:60:5a:a4:42:01:db:36:
         fb:47:93:76:f1:22:b5:60:16:f6:98:96:ea:ec:1a:f1:14:60:
         ba:3c:d8:f6:0a:8e:88:e2:28:9b:b4:dd:4d:1d:28:84:bf:c2:
         d0:64:20:dc:75:02:da:bd:82:af:33:a3:74:ae:6a:a9:1c:a6:
         c4:a6:ac:15:24:b8:68:d6:8f:6f:48:7c:8b:0b:a4:68:57:fb:
         7e:ef:87:56:bf:c9:f5:64:28:47:62:b4:b5:79:35:1a:c0:57:
         17:0f:88:9c:67:5c:2d:73:a0:14:5f:94:10:82:90:af:4b:ae:
         ad:5e:7a:03:c4:0f:86:ae:d6:c0:57:f1:d8:d2:72:ce:68:f7:
         0c:45:e1:ff:32:94:45:e6:cd:6a:4e:d7:58:62:e7:a9:6f:8d:
         ba:a9:74:5c:42:50:db:f2:a9:50:98:0a:60:98:fb:5d:d4:8d:
         83:50:db:16:5b:bd:51:19:19:00:dd:23:5a:65:dc:22:ff:23:
         90:9e:84:cb:f9:73:f9:ed:ba:16:4b:f5:58:61:86:2a:74:dd:
         5c:16:e0:f0:c9:46:a4:f7:a7:e8:9a:7c:73:e2:74:76:f6:7f:
         7a:0b:7c:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUThyBpgkKJosIGAbJSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTdhNDU0MDk3NzRjY2IwY2FmMzhiOGE0NzlhYTFlNmVkNTQxNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibnVlFRhrY4eiaCHoPOQsj2NNsgI
KMwivVHaHZpcRbCu1oA/hPypJFOoVdwgAWMckavkzUnWa2mSipy4+2DNikjIfCMi
bJc/UTpxjq9rqA3F3VLYKWm0r/mezwarEHULlFRVu1KRty1fJ3r2vc60ZU0AM76l
YDQ5oeTYjvFL1uUQ3LDsyBodi4XBQ35xA4LlQtwsIxV68JB6/kzpdLZ/0BQ5ggGo
19qkUnbK2EGbWSvLfLW/JJ5AqHKjQUIv09hi8cSXT8uXPDM2gN0Hys5bHIeFXu3K
y0Wrn2kyeQTyDvU+2cpK07X/4Mfczw8966klO3rcEpFCBhOM7ZbIUr5/eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPV6RUCXdMywyvOLikeaoebtVBViMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvOVhwRlFKZDB6TERLODR1S1I1cWg1dTFVRldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+AZ
MA0GCSqGSIb3DQEBCwUAA4IBAQC6cgfXUmSwRyXJmM5Eu2nCuaQ+trTM2GSy4lmP
ZGBapEIB2zb7R5N28SK1YBb2mJbq7BrxFGC6PNj2Co6I4iibtN1NHSiEv8LQZCDc
dQLavYKvM6N0rmqpHKbEpqwVJLho1o9vSHyLC6RoV/t+74dWv8n1ZChHYrS1eTUa
wFcXD4icZ1wtc6AUX5QQgpCvS66tXnoDxA+GrtbAV/HY0nLOaPcMReH/MpRF5s1q
TtdYYuepb426qXRcQlDb8qlQmApgmPtd1I2DUNsWW71RGRkA3SNaZdwi/yOQnoTL
+XP57boWS/VYYYYqdN1cFuDwyUak96fomnxz4nR29n96C3yz
-----END CERTIFICATE-----