Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Dx8g6NP0hgZukrdyOOxGCGuD9nk.roa
File:                     Dx8g6NP0hgZukrdyOOxGCGuD9nk.roa (raw, json)
Hash identifier:          Xrx21mRcM5y/pdNXGtn03AfATkiFzzxL6VtgnKyvTD0=
Subject key identifier:   0F:1F:20:E8:D3:F4:86:06:6E:92:B7:72:38:EC:46:08:6B:83:F6:79
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2F28FFC7956EB15DAD4FB01684FA
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Dx8g6NP0hgZukrdyOOxGCGuD9nk.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203899
IP address blocks:        2a0e:aa07:e042::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2f:28:ff:c7:95:6e:b1:5d:ad:4f:b0:16:84:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f1f20e8d3f486066e92b77238ec46086b83f679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:99:0b:25:d3:96:44:81:19:ac:dd:18:07:51:
                    16:3b:56:05:54:bb:83:6b:b8:14:6c:47:1b:5c:79:
                    9b:90:8a:4e:7d:16:c5:61:19:4b:08:48:f0:b0:f8:
                    06:ea:f9:d0:e1:1c:e9:f0:a2:40:11:03:ec:5c:d0:
                    87:13:12:ec:4e:c2:26:cf:5c:30:20:a0:48:fb:ef:
                    5b:9a:db:be:1b:ab:1a:44:10:53:ce:60:fa:fe:3a:
                    f4:d4:10:b0:ec:0e:00:16:fe:27:07:c4:a5:47:d9:
                    ae:5a:c1:ea:58:b7:f8:2b:59:36:ee:3f:b3:43:59:
                    78:de:f0:2d:72:5a:1d:49:8e:06:9c:8f:fb:49:35:
                    93:e2:8d:7f:07:ba:99:08:64:e1:9e:89:2f:36:b3:
                    05:f3:d3:d4:4c:d5:80:56:8f:cb:79:a5:70:62:6a:
                    11:06:d2:d6:6c:55:9f:f5:60:86:da:70:90:ea:d7:
                    eb:07:38:10:5d:7c:6a:a8:3e:75:18:9e:37:13:04:
                    e4:9d:c0:8d:1b:68:ed:85:30:08:1e:f8:bc:62:32:
                    c8:6c:45:46:af:55:37:3d:09:eb:5a:56:07:9f:6a:
                    25:4e:eb:f2:1d:84:03:d4:ad:20:10:d3:35:ce:92:
                    ae:82:db:b9:8f:63:d5:33:c3:b2:9e:90:cb:a7:dc:
                    52:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1F:20:E8:D3:F4:86:06:6E:92:B7:72:38:EC:46:08:6B:83:F6:79
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Dx8g6NP0hgZukrdyOOxGCGuD9nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e042::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:2c:29:44:87:62:5d:b2:95:85:bb:dd:bf:f4:78:85:df:68:
         30:0d:87:e9:54:02:e7:23:ae:0c:6b:96:aa:a6:8b:dd:d8:01:
         e1:ed:49:78:d9:63:08:f7:59:98:ac:1d:a1:c9:75:db:8e:77:
         f0:f1:c6:b9:20:03:51:8d:4a:1c:26:56:47:e1:ef:ee:3b:e5:
         1f:d9:d6:ea:33:f2:4e:38:fc:fc:19:ec:01:0f:0b:bd:33:f3:
         5f:c4:56:02:e4:49:ab:10:b9:1d:35:e6:f5:1d:13:97:0c:3c:
         b7:5f:c4:42:35:3d:d2:ce:07:2d:23:92:d9:b1:5b:c2:93:3b:
         a0:aa:02:9b:6c:ee:41:ec:be:7d:73:31:e5:d1:a8:b3:cf:82:
         c5:81:a4:b8:a9:c5:fe:2c:0a:53:4d:24:65:47:02:bb:30:e5:
         b7:bf:98:11:4a:39:f0:63:08:c4:a1:03:bf:98:1b:4a:47:6a:
         1a:27:5a:c6:2a:3a:f9:99:bf:e8:0f:d1:27:41:cd:5f:6f:0d:
         c3:16:79:ec:51:3a:03:6b:fc:8f:6d:35:ec:c3:f7:1c:67:d0:
         03:9d:a9:d4:a9:54:c4:35:c8:f0:ff:4a:0f:e9:54:54:fe:6c:
         a1:eb:ec:04:5c:d5:20:02:9a:a8:08:57:f2:17:18:f4:ee:3d:
         d5:24:3f:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbS8o/8eVbrFdrU+wFoT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFmMjBlOGQzZjQ4NjA2NmU5MmI3NzIzOGVjNDYwODZiODNmNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5kLJdOWRIEZrN0YB1EWO1YFVLuD
a7gUbEcbXHmbkIpOfRbFYRlLCEjwsPgG6vnQ4Rzp8KJAEQPsXNCHExLsTsImz1ww
IKBI++9bmtu+G6saRBBTzmD6/jr01BCw7A4AFv4nB8SlR9muWsHqWLf4K1k27j+z
Q1l43vAtclodSY4GnI/7STWT4o1/B7qZCGThnokvNrMF89PUTNWAVo/LeaVwYmoR
BtLWbFWf9WCG2nCQ6tfrBzgQXXxqqD51GJ43EwTkncCNG2jthTAIHvi8YjLIbEVG
r1U3PQnrWlYHn2olTuvyHYQD1K0gENM1zpKugtu5j2PVM8OynpDLp9xShQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA8fIOjT9IYGbpK3cjjsRghrg/Z5MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvRHg4ZzZOUDBoZ1p1a3JkeU9PeEdDR3VEOW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BC
MA0GCSqGSIb3DQEBCwUAA4IBAQCMLClEh2JdspWFu92/9HiF32gwDYfpVALnI64M
a5aqpovd2AHh7Ul42WMI91mYrB2hyXXbjnfw8ca5IANRjUocJlZH4e/uO+Uf2dbq
M/JOOPz8GewBDwu9M/NfxFYC5EmrELkdNeb1HROXDDy3X8RCNT3SzgctI5LZsVvC
kzugqgKbbO5B7L59czHl0aizz4LFgaS4qcX+LApTTSRlRwK7MOW3v5gRSjnwYwjE
oQO/mBtKR2oaJ1rGKjr5mb/oD9EnQc1fbw3DFnnsUToDa/yPbTXsw/ccZ9ADnanU
qVTENcjw/0oP6VRU/myh6+wEXNUgApqoCFfyFxj07j3VJD9C
-----END CERTIFICATE-----