Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/EtrIWcGUT8YKJ4IUTmbWIuqwVHY.roa
File:                     EtrIWcGUT8YKJ4IUTmbWIuqwVHY.roa (raw, json)
Hash identifier:          uA5z9tVm8kWOwK0ar+5avFfUFjp/gPXe36y2rFtSFVY=
Subject key identifier:   12:DA:C8:59:C1:94:4F:C6:0A:27:82:14:4E:66:D6:22:EA:B0:54:76
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018F99E2BE28CC203E61E7CAB6945D7F65AC
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/EtrIWcGUT8YKJ4IUTmbWIuqwVHY.roa
Signing time:             Tue 21 May 2024 06:42:04 +0000
ROA not before:           Tue 21 May 2024 06:42:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214871
IP address blocks:        2a0e:aa06:520::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:99:e2:be:28:cc:20:3e:61:e7:ca:b6:94:5d:7f:65:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: May 21 06:42:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12dac859c1944fc60a2782144e66d622eab05476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9b:2c:d0:b9:56:8f:74:c2:5a:1c:7e:4c:0c:
                    70:d0:64:10:d8:41:4a:6f:9f:c7:5f:31:e1:e2:c8:
                    a5:87:a4:19:f8:4d:e7:af:84:c6:fa:68:33:fc:92:
                    a5:13:8d:75:b9:53:f9:03:dd:1a:d6:58:68:7c:64:
                    65:9b:8a:0c:7f:17:d7:bb:c7:f9:fe:46:5b:64:d9:
                    5c:f1:08:76:6d:b9:ee:b8:00:4a:96:43:31:6f:97:
                    08:20:3f:39:b8:4c:33:dc:8e:e3:79:9b:67:10:04:
                    84:6f:9e:40:da:e1:a5:65:b2:76:01:3e:65:6b:9c:
                    47:c3:51:94:2f:a9:dd:55:b1:36:8c:06:63:45:3b:
                    10:61:6a:77:1a:de:6a:64:a3:16:ec:15:fc:ed:6e:
                    6f:6e:82:b6:30:a2:fc:4a:2b:f3:61:c3:9e:2a:94:
                    ad:bd:d2:bc:e8:e3:99:f2:ec:a7:39:13:1c:d0:cc:
                    de:b0:89:9f:9b:7f:77:82:4a:79:74:5a:6a:42:14:
                    59:af:e0:24:5f:57:ab:cf:4e:11:63:ba:25:68:3f:
                    e0:7c:b0:49:d7:e6:8a:30:fd:df:07:83:3f:e0:97:
                    ea:a9:30:eb:e7:87:b1:1c:78:a4:05:f9:5f:55:de:
                    c6:16:99:c8:4e:5a:1d:56:4c:27:9d:4a:13:92:1c:
                    44:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DA:C8:59:C1:94:4F:C6:0A:27:82:14:4E:66:D6:22:EA:B0:54:76
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/EtrIWcGUT8YKJ4IUTmbWIuqwVHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:520::/44

    Signature Algorithm: sha256WithRSAEncryption
         02:4b:c3:ca:f7:45:a1:91:54:a5:76:e4:06:9d:c1:9a:08:91:
         e4:ec:5c:d4:15:30:6e:d4:58:2d:5e:9c:8b:e8:4e:8d:8c:9c:
         86:93:08:c8:4b:67:1d:90:2a:82:ac:2b:74:99:2d:3b:c4:53:
         01:b5:a2:d5:28:56:0b:2f:fa:ec:a7:56:0f:58:94:4a:e6:a9:
         3c:48:b8:e1:2a:64:88:9e:5f:94:0d:21:63:16:9f:ab:ce:b6:
         f6:e6:70:bf:2c:c3:b5:53:b0:ff:06:42:f1:38:f0:9f:8e:48:
         28:2d:c6:c2:ba:c9:e7:97:0a:95:00:ee:10:b0:bc:71:9c:97:
         c5:f2:b5:81:36:00:a7:3b:4f:30:17:fd:78:fd:fb:93:b7:0b:
         6d:8b:4e:62:de:0b:8d:01:13:e6:d0:57:d4:80:52:37:ab:56:
         b0:d9:6c:30:ab:ce:e1:66:e8:90:7a:74:5a:b9:1a:24:5d:d1:
         79:e4:c8:50:b4:d9:bd:b9:82:0c:81:e3:91:25:bb:5f:90:9c:
         c5:06:33:45:0e:02:7e:f6:81:6b:13:46:44:e2:22:ad:11:b3:
         13:67:c8:61:b5:b7:a0:30:d0:25:29:ee:b0:d6:dc:05:10:01:
         4d:7c:91:e4:43:4c:9c:a0:a0:68:8e:44:8f:43:b7:ee:08:89:
         27:68:06:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+Z4r4ozCA+YefKtpRdf2WsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNTIxMDY0MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRhYzg1OWMxOTQ0ZmM2MGEyNzgyMTQ0ZTY2ZDYyMmVhYjA1NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5ss0LlWj3TCWhx+TAxw0GQQ2EFK
b5/HXzHh4silh6QZ+E3nr4TG+mgz/JKlE411uVP5A90a1lhofGRlm4oMfxfXu8f5
/kZbZNlc8Qh2bbnuuABKlkMxb5cIID85uEwz3I7jeZtnEASEb55A2uGlZbJ2AT5l
a5xHw1GUL6ndVbE2jAZjRTsQYWp3Gt5qZKMW7BX87W5vboK2MKL8SivzYcOeKpSt
vdK86OOZ8uynORMc0MzesImfm393gkp5dFpqQhRZr+AkX1erz04RY7olaD/gfLBJ
1+aKMP3fB4M/4JfqqTDr54exHHikBflfVd7GFpnITlodVkwnnUoTkhxEdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBLayFnBlE/GCieCFE5m1iLqsFR2MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvRXRySVdjR1VUOFlLSjRJVVRtYldJdXF3VkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgUg
MA0GCSqGSIb3DQEBCwUAA4IBAQACS8PK90WhkVSlduQGncGaCJHk7FzUFTBu1Fgt
XpyL6E6NjJyGkwjIS2cdkCqCrCt0mS07xFMBtaLVKFYLL/rsp1YPWJRK5qk8SLjh
KmSInl+UDSFjFp+rzrb25nC/LMO1U7D/BkLxOPCfjkgoLcbCusnnlwqVAO4QsLxx
nJfF8rWBNgCnO08wF/14/fuTtwtti05i3guNARPm0FfUgFI3q1aw2Wwwq87hZuiQ
enRauRokXdF55MhQtNm9uYIMgeORJbtfkJzFBjNFDgJ+9oFrE0ZE4iKtEbMTZ8hh
tbegMNAlKe6w1twFEAFNfJHkQ0ycoKBojkSPQ7fuCIknaAa0
-----END CERTIFICATE-----