Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GfyzAEgqDUlwEYFo1gR0_Mxjs2s.roa
File:                     GfyzAEgqDUlwEYFo1gR0_Mxjs2s.roa (raw, json)
Hash identifier:          7DiPmNfZx2Gegq/yjDVAil7ZfeRU0RiHwXsfi+EPrIc=
Subject key identifier:   19:FC:B3:00:48:2A:0D:49:70:11:81:68:D6:04:74:FC:CC:63:B3:6B
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D28B6EEC509D46C4C30FC3B0FE873
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GfyzAEgqDUlwEYFo1gR0_Mxjs2s.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139742
IP address blocks:        2a0e:aa07:f000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:28:b6:ee:c5:09:d4:6c:4c:30:fc:3b:0f:e8:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19fcb300482a0d4970118168d60474fccc63b36b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d7:0f:73:ee:6a:cf:a9:94:7c:f6:a0:34:9e:
                    bf:d2:73:77:fa:a1:38:d0:c0:d0:d2:e2:4b:d9:7b:
                    55:75:6e:8b:0e:d7:19:fb:33:c0:c3:e0:d3:18:44:
                    62:29:39:32:ad:05:eb:84:81:cc:c9:8e:f0:e7:a3:
                    fc:16:fe:91:54:c1:c6:54:a3:2a:48:6c:89:5a:bc:
                    25:01:e1:84:ff:fd:6a:cf:65:79:82:93:8b:79:17:
                    95:48:f2:5e:57:eb:f6:d9:66:90:84:02:bb:bd:d5:
                    dd:69:b7:dc:9d:5c:a4:dd:a1:6a:ed:81:51:1e:c1:
                    1a:c1:8f:d5:4a:7e:74:03:8e:1b:13:30:e1:b6:1b:
                    87:9d:e2:26:db:51:9c:1a:ef:c0:18:e6:12:49:56:
                    cc:ae:bc:fd:bc:0b:bd:8a:a6:65:70:55:33:dc:30:
                    41:b1:d9:60:7f:ef:88:c5:3d:cb:b9:00:a6:32:f9:
                    a6:ca:61:33:13:8b:13:58:37:3b:ea:69:90:44:08:
                    96:b7:ae:c0:a9:56:06:d1:d9:7e:fd:f8:91:29:f2:
                    62:21:93:08:20:0b:7f:83:94:18:2e:97:8a:9a:f7:
                    f6:05:bc:9f:8c:40:13:c4:1d:52:13:c6:4d:52:4b:
                    92:e4:8d:97:f0:aa:00:8a:ba:20:17:af:d6:f3:ab:
                    d5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:FC:B3:00:48:2A:0D:49:70:11:81:68:D6:04:74:FC:CC:63:B3:6B
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GfyzAEgqDUlwEYFo1gR0_Mxjs2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:84:ab:37:18:90:d3:3e:07:9f:57:7b:78:1e:b6:40:fe:a6:
         9d:8c:c3:f6:01:5b:99:f3:1f:dc:11:f2:66:c8:f3:87:5c:55:
         80:a1:97:77:80:d8:1d:d4:32:40:1f:b5:2a:61:19:92:54:45:
         b9:6c:d8:81:cf:84:d4:8b:7b:47:d9:a0:77:fb:73:d8:cc:b6:
         6f:36:6b:cd:ec:8b:14:ff:2d:ce:ef:26:2a:8e:8e:ca:ad:32:
         1b:b0:d3:0f:06:40:3d:d3:1d:28:09:68:5f:a1:73:ce:bf:a8:
         c0:a1:5d:91:29:6c:52:8c:4c:46:10:31:13:d2:3b:29:3d:71:
         b4:1b:ae:5c:4a:9a:b6:ec:02:04:51:be:6e:aa:7d:09:dd:25:
         44:aa:c7:b4:4f:13:ce:d3:e6:f1:52:38:d0:4e:25:b8:22:48:
         5d:17:75:24:57:d3:ac:51:ec:ad:c1:73:c3:38:f2:f4:fb:f2:
         50:78:32:ca:61:9e:44:f2:e9:07:59:5a:fa:d4:32:81:2b:29:
         c2:0c:7d:f4:b2:c6:75:b8:59:80:7a:7b:c9:70:ad:4e:09:c0:
         8c:9d:d2:40:fe:9a:ec:5e:c5:5f:56:c5:0e:bb:c9:18:f9:ad:
         f2:ce:49:8e:ba:bf:3f:da:40:4e:71:f5:98:bb:f1:47:ea:02:
         49:5c:dc:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSi27sUJ1GxMMPw7D+hzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWZjYjMwMDQ4MmEwZDQ5NzAxMTgxNjhkNjA0NzRmY2NjNjNiMzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNcPc+5qz6mUfPagNJ6/0nN3+qE4
0MDQ0uJL2XtVdW6LDtcZ+zPAw+DTGERiKTkyrQXrhIHMyY7w56P8Fv6RVMHGVKMq
SGyJWrwlAeGE//1qz2V5gpOLeReVSPJeV+v22WaQhAK7vdXdabfcnVyk3aFq7YFR
HsEawY/VSn50A44bEzDhthuHneIm21GcGu/AGOYSSVbMrrz9vAu9iqZlcFUz3DBB
sdlgf++IxT3LuQCmMvmmymEzE4sTWDc76mmQRAiWt67AqVYG0dl+/fiRKfJiIZMI
IAt/g5QYLpeKmvf2BbyfjEATxB1SE8ZNUkuS5I2X8KoAirogF6/W86vVKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBn8swBIKg1JcBGBaNYEdPzMY7NrMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvR2Z5ekFFZ3FEVWx3RVlGbzFnUjBfTXhqczJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB/AA
MA0GCSqGSIb3DQEBCwUAA4IBAQBKhKs3GJDTPgefV3t4HrZA/qadjMP2AVuZ8x/c
EfJmyPOHXFWAoZd3gNgd1DJAH7UqYRmSVEW5bNiBz4TUi3tH2aB3+3PYzLZvNmvN
7IsU/y3O7yYqjo7KrTIbsNMPBkA90x0oCWhfoXPOv6jAoV2RKWxSjExGEDET0jsp
PXG0G65cSpq27AIEUb5uqn0J3SVEqse0TxPO0+bxUjjQTiW4IkhdF3UkV9OsUeyt
wXPDOPL0+/JQeDLKYZ5E8ukHWVr61DKBKynCDH30ssZ1uFmAenvJcK1OCcCMndJA
/prsXsVfVsUOu8kY+a3yzkmOur8/2kBOcfWYu/FH6gJJXNxV
-----END CERTIFICATE-----