Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/CtjgYA2pCqwpbSlSUWUxPw_Sduo.roa
File:                     CtjgYA2pCqwpbSlSUWUxPw_Sduo.roa (raw, json)
Hash identifier:          z2djs5rL4srGFdxM+Gg5TSpmZwHdFnlB1FWx3NQ08jo=
Subject key identifier:   0A:D8:E0:60:0D:A9:0A:AC:29:6D:29:52:51:65:31:3F:0F:D2:76:EA
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D3053474EF0084F037CFE0C95D544
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/CtjgYA2pCqwpbSlSUWUxPw_Sduo.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205298
IP address blocks:        2a0e:aa01:ab04::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:30:53:47:4e:f0:08:4f:03:7c:fe:0c:95:d5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ad8e0600da90aac296d29525165313f0fd276ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:44:1e:86:ef:7e:9d:cf:73:78:7f:da:55:47:
                    f4:12:11:da:b3:02:ab:8b:3b:6e:af:d1:45:83:b7:
                    a3:f6:9b:f9:b2:b3:54:a5:8c:96:32:de:4e:8a:f9:
                    74:c5:d7:67:0c:2c:b6:e5:fb:e5:94:1e:aa:0a:88:
                    c1:1e:00:0a:d8:20:12:c6:50:de:33:bf:b9:a2:c9:
                    5b:98:0b:e3:93:ad:5b:c4:c9:02:27:6e:69:c7:b8:
                    f0:09:48:32:ba:4d:96:48:ad:b5:07:b8:8e:ba:67:
                    bb:b8:d4:0f:ff:d3:bd:b0:e8:30:cf:1f:58:a7:55:
                    0b:86:7c:dc:3a:89:7d:67:9d:05:ac:20:ae:ef:23:
                    4a:47:4d:f3:10:dc:a7:96:79:0d:32:70:b5:e5:a9:
                    de:2b:89:36:fd:cb:dd:56:fd:2f:a4:d3:b3:78:c5:
                    f0:80:49:0d:a5:78:64:b5:28:31:55:74:dc:03:b7:
                    40:f1:d1:a0:8b:58:95:b8:87:a2:b5:d7:c3:74:ba:
                    09:dd:67:80:9a:17:2c:cd:ff:f8:c5:fc:d1:c5:3d:
                    1f:1c:71:94:51:60:b1:e4:f5:c2:28:a3:c7:fa:5d:
                    38:43:a4:a3:fa:34:37:12:bf:ae:c9:1c:42:62:88:
                    68:c9:7e:a5:d3:ee:82:9c:93:e4:ff:cf:cc:91:71:
                    75:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D8:E0:60:0D:A9:0A:AC:29:6D:29:52:51:65:31:3F:0F:D2:76:EA
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/CtjgYA2pCqwpbSlSUWUxPw_Sduo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:ab04::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:e1:47:f7:7c:84:b2:4b:a0:8f:44:c6:22:02:ac:62:61:c7:
         ab:49:0e:fa:81:49:a1:57:82:a5:c4:3e:1e:c8:92:73:a8:2c:
         63:30:55:3c:32:0c:70:20:1d:dd:f7:a9:c7:18:b2:c8:2f:50:
         95:83:81:11:3e:e9:43:fd:6b:51:eb:8a:7e:2f:d7:39:d3:87:
         22:fd:28:78:f4:45:7a:d6:70:8e:98:19:42:a3:9e:34:dd:14:
         cb:29:dd:7e:a6:89:d7:b0:bb:d9:fe:c2:17:d9:a2:c1:31:59:
         c0:9d:d6:26:a5:48:33:45:89:98:d0:92:5d:bf:60:30:c9:1b:
         9d:3c:05:ec:02:a5:0b:d2:d4:4d:30:22:79:8f:97:25:b1:cb:
         14:f9:6b:e7:d1:af:0c:c1:50:d2:22:a1:69:ec:3e:7c:a3:c6:
         8c:1d:44:2c:05:50:24:41:fa:5f:14:78:3c:29:c3:01:44:ca:
         43:4e:59:57:f0:aa:6d:60:ba:7e:97:36:0b:98:ae:72:97:80:
         50:b2:db:8e:78:20:4c:0c:66:96:fe:11:84:ce:e7:74:7a:8a:
         46:dc:1c:53:9b:fa:2d:30:2f:fd:21:28:d4:ba:e3:0b:28:5f:
         52:c0:ee:42:d4:27:4b:09:69:95:ed:d3:78:29:14:42:96:fe:
         51:9e:e3:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTBTR07wCE8DfP4MldVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ4ZTA2MDBkYTkwYWFjMjk2ZDI5NTI1MTY1MzEzZjBmZDI3NmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUQehu9+nc9zeH/aVUf0EhHaswKr
iztur9FFg7ej9pv5srNUpYyWMt5Oivl0xddnDCy25fvllB6qCojBHgAK2CASxlDe
M7+5oslbmAvjk61bxMkCJ25px7jwCUgyuk2WSK21B7iOume7uNQP/9O9sOgwzx9Y
p1ULhnzcOol9Z50FrCCu7yNKR03zENynlnkNMnC15aneK4k2/cvdVv0vpNOzeMXw
gEkNpXhktSgxVXTcA7dA8dGgi1iVuIeitdfDdLoJ3WeAmhcszf/4xfzRxT0fHHGU
UWCx5PXCKKPH+l04Q6Sj+jQ3Er+uyRxCYohoyX6l0+6CnJPk/8/MkXF1/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFArY4GANqQqsKW0pUlFlMT8P0nbqMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvQ3RqZ1lBMnBDcXdwYlNsU1VXVXhQd19TZHVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qAasE
MA0GCSqGSIb3DQEBCwUAA4IBAQAM4Uf3fISyS6CPRMYiAqxiYcerSQ76gUmhV4Kl
xD4eyJJzqCxjMFU8MgxwIB3d96nHGLLIL1CVg4ERPulD/WtR64p+L9c504ci/Sh4
9EV61nCOmBlCo5403RTLKd1+ponXsLvZ/sIX2aLBMVnAndYmpUgzRYmY0JJdv2Aw
yRudPAXsAqUL0tRNMCJ5j5clscsU+Wvn0a8MwVDSIqFp7D58o8aMHUQsBVAkQfpf
FHg8KcMBRMpDTllX8KptYLp+lzYLmK5yl4BQstuOeCBMDGaW/hGEzud0eopG3BxT
m/otMC/9ISjUuuMLKF9SwO5C1CdLCWmV7dN4KRRClv5RnuPD
-----END CERTIFICATE-----