Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ClX0Fq4LJDV6UVcnuJWF3ZXtHuM.roa
File:                     ClX0Fq4LJDV6UVcnuJWF3ZXtHuM.roa (raw, json)
Hash identifier:          +4hSreYXZv3lkHt6eV+gwlSBPBXgcrCZyar1l5WovOk=
Subject key identifier:   0A:55:F4:16:AE:0B:24:35:7A:51:57:27:B8:95:85:DD:95:ED:1E:E3
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019015AD43948E62EE5A93588E05D9DA87A3
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ClX0Fq4LJDV6UVcnuJWF3ZXtHuM.roa
Signing time:             Fri 14 Jun 2024 07:36:34 +0000
ROA not before:           Fri 14 Jun 2024 07:36:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214699
IP address blocks:        2a0e:aa07:e1c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:ad:43:94:8e:62:ee:5a:93:58:8e:05:d9:da:87:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jun 14 07:36:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a55f416ae0b24357a515727b89585dd95ed1ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f8:f0:48:30:be:b2:14:ad:64:51:ef:24:9c:
                    e4:67:bb:d7:1d:c3:fd:dd:bf:6b:9e:70:29:2d:00:
                    1f:c3:e1:99:c8:94:e0:fc:8b:97:51:0c:8e:5a:1d:
                    4b:0b:7f:91:24:61:39:60:be:89:c1:fd:e3:47:08:
                    b4:25:4a:e3:a8:3c:84:5e:7a:ea:b6:c9:e7:af:eb:
                    37:f7:74:4f:7a:90:4b:cc:09:f7:32:27:df:66:03:
                    97:75:21:27:53:0f:de:76:d2:29:4a:b9:3c:6c:d6:
                    83:1c:a5:3a:94:58:f3:d6:64:2f:90:93:3c:7c:f5:
                    b1:df:1a:8f:0b:b6:7d:fa:35:62:7a:6c:57:64:3a:
                    df:ef:da:69:88:eb:7a:51:37:38:43:91:d5:b6:dc:
                    39:2d:e5:46:82:2e:49:8f:4a:60:e2:b3:ee:69:de:
                    cc:d3:7b:14:73:60:fb:3b:56:23:6c:b6:47:e7:47:
                    93:5c:c8:cd:cb:bc:cb:c6:2c:e2:b4:46:35:42:c1:
                    d7:51:1e:15:02:fa:06:95:0e:54:24:3b:91:16:07:
                    5c:9a:87:bc:d9:4c:4d:06:45:7f:e8:c1:66:f7:68:
                    e8:d7:d3:33:65:22:07:33:ed:ca:75:65:cd:64:ad:
                    43:13:42:58:26:03:6e:c4:04:e0:2b:c1:2a:dc:45:
                    83:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:55:F4:16:AE:0B:24:35:7A:51:57:27:B8:95:85:DD:95:ED:1E:E3
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ClX0Fq4LJDV6UVcnuJWF3ZXtHuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:8d:1e:71:ee:54:80:d8:5a:ca:1e:15:e8:f2:a1:0b:82:84:
         e9:c4:af:ee:a6:a1:47:fa:e0:31:01:af:ee:54:e7:40:62:a7:
         cf:8a:44:a1:41:bc:52:3f:a7:b9:fb:40:4e:f3:d7:00:f6:27:
         f4:9b:f4:26:84:ae:cc:81:73:66:47:18:8d:c1:41:aa:85:5a:
         4f:f9:aa:a7:6d:93:bc:f8:40:84:2c:22:87:2b:d5:40:4a:68:
         4d:0b:aa:61:01:7f:4a:be:36:f2:2b:b9:b5:8d:12:2c:c5:e6:
         6d:84:7f:06:7e:ef:a6:39:01:23:95:af:3a:94:f9:e9:7d:9e:
         4b:2d:8d:c0:3e:e7:6d:d1:5a:9f:de:fb:9d:bc:3c:18:d3:49:
         86:e6:c4:86:ca:37:e9:6c:1d:f7:6c:d8:97:d1:4d:a8:4b:47:
         4a:df:b8:c0:21:1c:c0:b5:fa:e3:08:8a:86:25:40:2b:cb:a5:
         9d:41:ab:84:f8:5f:4e:77:23:cc:eb:cc:45:21:87:38:9f:f8:
         66:fe:ac:cc:d6:9e:a4:ca:91:d2:28:2d:70:42:f9:74:6c:0c:
         e3:ba:df:db:1b:22:8d:49:e6:56:a2:b1:a6:3f:2a:19:e0:dd:
         4a:8c:3b:8b:e9:44:47:62:f9:d3:eb:0a:a0:3a:31:4b:54:13:
         d9:9a:ba:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAVrUOUjmLuWpNYjgXZ2oejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNjE0MDczNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTU1ZjQxNmFlMGIyNDM1N2E1MTU3MjdiODk1ODVkZDk1ZWQxZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPjwSDC+shStZFHvJJzkZ7vXHcP9
3b9rnnApLQAfw+GZyJTg/IuXUQyOWh1LC3+RJGE5YL6Jwf3jRwi0JUrjqDyEXnrq
tsnnr+s393RPepBLzAn3MiffZgOXdSEnUw/edtIpSrk8bNaDHKU6lFjz1mQvkJM8
fPWx3xqPC7Z9+jViemxXZDrf79ppiOt6UTc4Q5HVttw5LeVGgi5Jj0pg4rPuad7M
03sUc2D7O1YjbLZH50eTXMjNy7zLxizitEY1QsHXUR4VAvoGlQ5UJDuRFgdcmoe8
2UxNBkV/6MFm92jo19MzZSIHM+3KdWXNZK1DE0JYJgNuxATgK8Eq3EWDCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFApV9BauCyQ1elFXJ7iVhd2V7R7jMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvQ2xYMEZxNExKRFY2VVZjbnVKV0YzWlh0SHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+HA
MA0GCSqGSIb3DQEBCwUAA4IBAQBYjR5x7lSA2FrKHhXo8qELgoTpxK/upqFH+uAx
Aa/uVOdAYqfPikShQbxSP6e5+0BO89cA9if0m/QmhK7MgXNmRxiNwUGqhVpP+aqn
bZO8+ECELCKHK9VASmhNC6phAX9KvjbyK7m1jRIsxeZthH8Gfu+mOQEjla86lPnp
fZ5LLY3APudt0Vqf3vudvDwY00mG5sSGyjfpbB33bNiX0U2oS0dK37jAIRzAtfrj
CIqGJUAry6WdQauE+F9OdyPM68xFIYc4n/hm/qzM1p6kypHSKC1wQvl0bAzjut/b
GyKNSeZWorGmPyoZ4N1KjDuL6URHYvnT6wqgOjFLVBPZmrrj
-----END CERTIFICATE-----