Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GlOkYgNkfY7owcEglr6xwwHaujE.roa
File:                     GlOkYgNkfY7owcEglr6xwwHaujE.roa (raw, json)
Hash identifier:          tjaFr3Po7GlfhbkvaL6N0FA0rLb1V2Niq6OvSL1AGmw=
Subject key identifier:   1A:53:A4:62:03:64:7D:8E:E8:C1:C1:20:96:BE:B1:C3:01:DA:BA:31
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2AB08E0F5B060568B3392454641F
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GlOkYgNkfY7owcEglr6xwwHaujE.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198516
IP address blocks:        2a0e:aa06:4e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2a:b0:8e:0f:5b:06:05:68:b3:39:24:54:64:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a53a46203647d8ee8c1c12096beb1c301daba31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:46:6c:52:8c:1f:82:96:8f:5e:44:20:16:11:
                    d1:de:ce:4c:77:54:f3:d6:31:b1:68:45:95:60:4c:
                    d0:0e:38:38:04:13:c5:9a:e1:02:b5:5b:b6:e5:47:
                    33:f6:d5:87:2f:e0:c9:22:f1:70:5f:3d:65:54:d9:
                    0e:d6:0b:0c:b8:0d:6f:08:e6:dd:16:a6:ed:10:36:
                    97:e2:bf:0c:ea:10:50:a2:05:1d:0f:48:cc:9b:21:
                    65:80:6d:43:31:57:69:4c:0d:e0:47:11:bb:e5:82:
                    90:e9:d3:e4:a3:25:22:6c:24:35:65:58:2a:80:df:
                    e4:af:24:d9:e3:23:dc:66:b1:16:95:f1:ce:4d:ca:
                    8b:0d:4c:c5:23:b7:18:91:9a:a7:33:3d:57:92:0f:
                    a2:89:dd:da:02:89:5e:30:c6:05:51:93:5b:89:23:
                    1f:ed:62:29:1f:cb:ba:29:29:0b:27:28:53:99:46:
                    75:3b:65:df:4d:79:d6:12:7c:61:55:13:f6:fc:e7:
                    a9:e0:3e:c4:f5:e6:48:69:82:46:53:5d:0e:81:cf:
                    d6:ce:6d:32:cb:21:a5:7c:ec:5b:3d:45:48:de:5d:
                    ef:19:c3:58:92:ad:0e:9d:b5:4a:05:4a:85:9f:82:
                    7e:ac:64:9b:0f:ea:1b:fa:8d:6a:eb:f6:3f:e8:15:
                    bc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:53:A4:62:03:64:7D:8E:E8:C1:C1:20:96:BE:B1:C3:01:DA:BA:31
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GlOkYgNkfY7owcEglr6xwwHaujE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:4e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9c:19:bf:36:48:fb:eb:d8:33:bf:3c:54:d9:a5:a6:52:2e:8c:
         7e:4d:18:ff:5b:43:7e:e7:07:2f:49:04:11:6f:20:dd:2c:a1:
         29:8a:a6:2c:b6:b4:93:47:4f:d6:3d:ce:f0:de:2e:b0:2c:e4:
         b8:1e:5d:4f:ae:73:4a:29:41:6b:70:1d:28:b5:21:8f:4e:95:
         e0:89:a3:70:b7:43:13:a4:19:a9:d3:7a:94:7f:8f:a1:d8:9a:
         94:e6:d1:68:e3:e2:e5:5d:5b:26:5a:33:42:48:00:01:b0:94:
         4f:72:97:4e:49:26:80:b4:00:5a:76:6d:17:de:5e:11:28:4e:
         53:40:6a:70:ce:f3:98:da:32:b8:46:c6:30:2e:08:e4:b1:27:
         63:85:74:0a:0c:08:7c:25:09:5e:73:2d:0b:28:2e:5e:26:77:
         57:01:c2:d3:9f:49:a5:03:3e:c3:73:2a:4f:63:d9:1f:0a:85:
         22:78:f2:b7:65:61:c0:28:0c:1a:ca:b4:d3:f7:2b:76:17:7c:
         61:82:76:10:8e:a2:fd:d1:73:5f:a1:a6:dd:2c:8c:34:bc:d2:
         50:76:af:36:91:c2:92:c6:e7:91:8e:16:2d:fd:ff:78:fc:ff:
         9f:3b:26:c2:2b:8c:fb:4f:d8:20:83:52:ca:4a:4b:48:de:15:
         88:94:26:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSqwjg9bBgVoszkkVGQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTUzYTQ2MjAzNjQ3ZDhlZThjMWMxMjA5NmJlYjFjMzAxZGFiYTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukZsUowfgpaPXkQgFhHR3s5Md1Tz
1jGxaEWVYEzQDjg4BBPFmuECtVu25Ucz9tWHL+DJIvFwXz1lVNkO1gsMuA1vCObd
FqbtEDaX4r8M6hBQogUdD0jMmyFlgG1DMVdpTA3gRxG75YKQ6dPkoyUibCQ1ZVgq
gN/kryTZ4yPcZrEWlfHOTcqLDUzFI7cYkZqnMz1Xkg+iid3aAoleMMYFUZNbiSMf
7WIpH8u6KSkLJyhTmUZ1O2XfTXnWEnxhVRP2/Oep4D7E9eZIaYJGU10Ogc/Wzm0y
yyGlfOxbPUVI3l3vGcNYkq0OnbVKBUqFn4J+rGSbD+ob+o1q6/Y/6BW8UQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBpTpGIDZH2O6MHBIJa+scMB2roxMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvR2xPa1lnTmtmWTdvd2NFZ2xyNnh3d0hhdWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgTg
MA0GCSqGSIb3DQEBCwUAA4IBAQCcGb82SPvr2DO/PFTZpaZSLox+TRj/W0N+5wcv
SQQRbyDdLKEpiqYstrSTR0/WPc7w3i6wLOS4Hl1PrnNKKUFrcB0otSGPTpXgiaNw
t0MTpBmp03qUf4+h2JqU5tFo4+LlXVsmWjNCSAABsJRPcpdOSSaAtABadm0X3l4R
KE5TQGpwzvOY2jK4RsYwLgjksSdjhXQKDAh8JQlecy0LKC5eJndXAcLTn0mlAz7D
cypPY9kfCoUiePK3ZWHAKAwayrTT9yt2F3xhgnYQjqL90XNfoabdLIw0vNJQdq82
kcKSxueRjhYt/f94/P+fOybCK4z7T9ggg1LKSktI3hWIlCYZ
-----END CERTIFICATE-----