Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ISO1tn4BpwlIr4ylmwxQlmPlxcs.roa
File:                     ISO1tn4BpwlIr4ylmwxQlmPlxcs.roa (raw, json)
Hash identifier:          8mQMTeIwCGEJG8zriNugMU02Qnr1fRViysmichvzrO0=
Subject key identifier:   21:23:B5:B6:7E:01:A7:09:48:AF:8C:A5:9B:0C:50:96:63:E5:C5:CB
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D47AB24CF7CF5D599CA8E29523DC5
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ISO1tn4BpwlIr4ylmwxQlmPlxcs.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216426
IP address blocks:        2a0e:aa07:e100::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:ab:24:cf:7c:f5:d5:99:ca:8e:29:52:3d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2123b5b67e01a70948af8ca59b0c509663e5c5cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:cd:b7:77:74:c0:44:d3:a5:51:36:37:38:47:
                    7c:a2:24:48:b6:1d:02:84:40:82:66:c0:8d:3b:6e:
                    c8:c2:7b:5c:36:11:be:68:f6:62:46:a4:4f:d8:b8:
                    d9:80:4b:d8:0d:8a:84:a0:03:5a:63:e0:17:90:0a:
                    84:0e:9c:d8:1a:cf:64:83:f7:44:11:9f:2b:78:12:
                    85:97:63:15:9e:cf:a1:db:2f:fc:f9:e9:00:71:c5:
                    cd:99:82:1d:99:a1:96:b1:73:88:39:eb:dc:fd:a2:
                    fc:3e:da:c8:5c:1e:c9:cc:ae:8b:1a:c0:30:34:eb:
                    fa:2f:2d:6a:46:3a:80:69:7f:4e:58:00:da:e6:36:
                    ea:01:6b:f4:0f:8c:e5:14:08:ae:d5:6a:30:a2:d5:
                    3c:21:22:14:a8:c0:a3:23:a0:76:45:54:d2:b5:47:
                    40:07:9f:59:ef:da:42:84:f2:35:3c:6e:60:e1:3a:
                    e5:9a:c8:9f:02:52:ee:b5:66:5c:b8:27:c7:45:e1:
                    2b:b1:31:1a:05:8f:29:54:ce:28:4a:85:20:4e:7d:
                    ea:8f:a8:01:38:56:4c:31:df:be:c8:fb:61:fb:93:
                    f9:a6:47:b2:59:6c:53:5a:be:b2:a5:7d:ba:64:1a:
                    c9:d7:9b:5f:e7:24:e0:52:e7:30:f5:fa:62:ec:97:
                    87:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:23:B5:B6:7E:01:A7:09:48:AF:8C:A5:9B:0C:50:96:63:E5:C5:CB
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ISO1tn4BpwlIr4ylmwxQlmPlxcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e100::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:af:41:18:f2:53:ea:a3:c4:02:ba:c9:f5:1b:50:9d:b0:03:
         7b:d9:8c:d8:0e:8d:ff:52:c8:c1:14:3b:49:d0:d8:bd:ca:97:
         96:85:e4:c6:66:8b:ea:90:79:e1:69:2d:c8:17:ae:19:2d:c1:
         f7:be:5f:72:a3:ef:15:02:10:5a:7b:33:6c:b2:74:81:ac:1d:
         15:e6:56:7c:cd:00:0b:8f:46:8d:d1:90:90:12:59:99:33:c6:
         4e:f8:0e:ef:95:6b:83:fb:25:59:78:55:a4:27:70:0e:da:b1:
         99:18:af:b8:9c:0c:7c:41:99:5a:03:fe:49:4c:44:29:d8:be:
         1c:02:b4:dd:9e:cd:3d:c8:16:24:57:dd:5e:5e:5c:8c:4c:f5:
         b3:73:6a:84:54:2b:1d:95:0c:2e:11:e4:05:1e:6a:e6:d7:d6:
         e4:3c:1b:35:13:dd:e3:75:2d:e8:a4:6c:d2:55:d7:f5:87:82:
         78:cf:17:e7:f2:bc:58:b3:dd:b2:fb:10:03:d0:62:aa:30:65:
         8b:58:83:8a:f7:04:12:d6:eb:76:2b:4d:bd:7b:11:49:ab:52:
         19:ff:4a:97:6c:b3:8f:b9:01:4b:be:71:1e:ae:18:76:25:8c:
         b2:f4:3d:a5:ef:51:1c:9c:4f:5d:ee:b0:91:f2:81:11:da:b8:
         96:f4:e1:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUerJM989dWZyo4pUj3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTIzYjViNjdlMDFhNzA5NDhhZjhjYTU5YjBjNTA5NjYzZTVjNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkc23d3TARNOlUTY3OEd8oiRIth0C
hECCZsCNO27IwntcNhG+aPZiRqRP2LjZgEvYDYqEoANaY+AXkAqEDpzYGs9kg/dE
EZ8reBKFl2MVns+h2y/8+ekAccXNmYIdmaGWsXOIOevc/aL8PtrIXB7JzK6LGsAw
NOv6Ly1qRjqAaX9OWADa5jbqAWv0D4zlFAiu1WowotU8ISIUqMCjI6B2RVTStUdA
B59Z79pChPI1PG5g4TrlmsifAlLutWZcuCfHReErsTEaBY8pVM4oSoUgTn3qj6gB
OFZMMd++yPth+5P5pkeyWWxTWr6ypX26ZBrJ15tf5yTgUucw9fpi7JeHDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCEjtbZ+AacJSK+MpZsMUJZj5cXLMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvSVNPMXRuNEJwd2xJcjR5bG13eFFsbVBseGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+EA
MA0GCSqGSIb3DQEBCwUAA4IBAQA8r0EY8lPqo8QCusn1G1CdsAN72YzYDo3/UsjB
FDtJ0Ni9ypeWheTGZovqkHnhaS3IF64ZLcH3vl9yo+8VAhBaezNssnSBrB0V5lZ8
zQALj0aN0ZCQElmZM8ZO+A7vlWuD+yVZeFWkJ3AO2rGZGK+4nAx8QZlaA/5JTEQp
2L4cArTdns09yBYkV91eXlyMTPWzc2qEVCsdlQwuEeQFHmrm19bkPBs1E93jdS3o
pGzSVdf1h4J4zxfn8rxYs92y+xAD0GKqMGWLWIOK9wQS1ut2K029exFJq1IZ/0qX
bLOPuQFLvnEerhh2JYyy9D2l71EcnE9d7rCR8oER2riW9OEe
-----END CERTIFICATE-----