Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9io5HnhlrtY51ayPsIwNLqZFaSw.roa
File:                     9io5HnhlrtY51ayPsIwNLqZFaSw.roa (raw, json)
Hash identifier:          a6ijas97X/NCXUix1nlOYz/rnfbRpDOPieEUMTvzXHI=
Subject key identifier:   F6:2A:39:1E:78:65:AE:D6:39:D5:AC:8F:B0:8C:0D:2E:A6:45:69:2C
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       01927D33FD52F729D9122B0FA0DC008B456C
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9io5HnhlrtY51ayPsIwNLqZFaSw.roa
Signing time:             Fri 11 Oct 2024 20:10:12 +0000
ROA not before:           Fri 11 Oct 2024 20:10:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214053
IP address blocks:        2a0e:aa07:ec10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7d:33:fd:52:f7:29:d9:12:2b:0f:a0:dc:00:8b:45:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Oct 11 20:10:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f62a391e7865aed639d5ac8fb08c0d2ea645692c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f0:37:92:6c:9c:30:7c:b7:29:0a:77:65:d1:
                    9b:55:ad:f7:fb:24:a7:29:c4:9d:3d:28:d2:f1:c9:
                    a8:c7:8e:24:fe:cc:f5:84:32:f6:d6:b7:cd:6e:a9:
                    62:f1:31:a5:fa:09:a2:cd:0e:8b:6c:01:27:a9:94:
                    64:c1:19:27:80:a0:d2:bb:ac:3b:28:1b:18:79:c5:
                    42:92:fa:70:2c:6a:ea:e7:15:1d:0b:84:1c:50:be:
                    4a:00:b9:b3:1f:29:21:0f:b5:31:03:f5:51:94:9c:
                    86:e8:0f:fc:14:46:12:50:0c:12:76:19:30:f0:e3:
                    6d:3e:cc:2c:16:0a:67:e1:d1:90:a5:e8:12:28:3d:
                    2c:01:57:49:29:86:0e:96:93:34:fc:1b:e2:97:4b:
                    6c:b3:45:1f:ee:24:c0:fb:0a:28:55:f2:9e:74:6d:
                    1f:0e:4f:d0:7c:a3:1e:5f:25:ad:fc:57:53:2c:b2:
                    8b:8e:cf:fc:18:e8:80:79:0e:e8:a9:0e:fc:48:1d:
                    c5:46:5d:7a:10:6c:e4:f3:59:53:96:28:5c:c9:01:
                    b8:52:e6:19:be:8f:80:cd:85:76:76:b9:b3:31:e6:
                    e3:5e:f6:47:5d:4b:ee:d6:57:97:2a:48:6f:b8:aa:
                    93:45:c0:10:7a:f6:b6:3b:3b:c1:51:96:12:ca:e1:
                    4c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:2A:39:1E:78:65:AE:D6:39:D5:AC:8F:B0:8C:0D:2E:A6:45:69:2C
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9io5HnhlrtY51ayPsIwNLqZFaSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:ec10::/44

    Signature Algorithm: sha256WithRSAEncryption
         bd:b6:6e:26:10:c9:d8:da:98:01:31:a7:72:04:ea:e8:7b:74:
         0f:65:a1:35:b2:62:39:79:22:24:cf:55:d0:35:51:81:ba:d7:
         fd:f5:7d:fc:91:b4:ea:cb:9e:05:b8:8f:9a:5a:64:79:64:d3:
         a4:62:6d:9c:c7:55:08:fc:58:4c:8c:f9:24:ad:3b:a4:e4:f1:
         90:1e:66:1f:78:25:2b:6c:a9:96:f1:52:ec:ac:4e:00:91:3f:
         74:18:51:a5:28:da:d6:46:37:57:dc:76:73:04:4a:1b:3f:08:
         61:c3:7f:99:42:2a:83:c6:d0:fc:a9:3c:19:2f:a9:72:e2:41:
         67:13:9d:3c:d4:b5:35:4b:22:f7:21:f8:f0:d2:40:15:c7:45:
         c7:b9:1b:78:42:56:72:ce:ee:7f:a1:4c:62:15:6e:36:af:e6:
         f0:a6:30:12:82:d6:1b:c9:1c:d4:58:c0:97:3b:09:67:c8:1d:
         55:62:6f:23:02:3e:1f:5a:6e:c4:4e:f4:79:7b:0d:3f:81:89:
         8e:79:61:75:c8:62:fc:b4:3b:d4:96:3b:70:00:17:4e:27:21:
         cf:7c:92:9f:5f:fb:dc:02:09:af:f3:bc:53:4b:2c:68:b1:6d:
         d6:c6:81:d3:41:c7:1c:3b:33:c9:13:72:91:7c:c2:5f:3a:a8:
         3b:da:10:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJ9M/1S9ynZEisPoNwAi0VsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQxMDExMjAxMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjJhMzkxZTc4NjVhZWQ2MzlkNWFjOGZiMDhjMGQyZWE2NDU2OTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPA3kmycMHy3KQp3ZdGbVa33+ySn
KcSdPSjS8cmox44k/sz1hDL21rfNbqli8TGl+gmizQ6LbAEnqZRkwRkngKDSu6w7
KBsYecVCkvpwLGrq5xUdC4QcUL5KALmzHykhD7UxA/VRlJyG6A/8FEYSUAwSdhkw
8ONtPswsFgpn4dGQpegSKD0sAVdJKYYOlpM0/Bvil0tss0Uf7iTA+wooVfKedG0f
Dk/QfKMeXyWt/FdTLLKLjs/8GOiAeQ7oqQ78SB3FRl16EGzk81lTlihcyQG4UuYZ
vo+AzYV2drmzMebjXvZHXUvu1leXKkhvuKqTRcAQeva2OzvBUZYSyuFMlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPYqOR54Za7WOdWsj7CMDS6mRWksMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvOWlvNUhuaGxydFk1MWF5UHNJd05McVpGYVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+wQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC9tm4mEMnY2pgBMadyBOroe3QPZaE1smI5eSIk
z1XQNVGButf99X38kbTqy54FuI+aWmR5ZNOkYm2cx1UI/FhMjPkkrTuk5PGQHmYf
eCUrbKmW8VLsrE4AkT90GFGlKNrWRjdX3HZzBEobPwhhw3+ZQiqDxtD8qTwZL6ly
4kFnE5081LU1SyL3Ifjw0kAVx0XHuRt4QlZyzu5/oUxiFW42r+bwpjASgtYbyRzU
WMCXOwlnyB1VYm8jAj4fWm7ETvR5ew0/gYmOeWF1yGL8tDvUljtwABdOJyHPfJKf
X/vcAgmv87xTSyxosW3WxoHTQcccOzPJE3KRfMJfOqg72hCY
-----END CERTIFICATE-----