Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/LWFJVdabwGjlZRvTuKcZYWcI0Gs.roa
File:                     LWFJVdabwGjlZRvTuKcZYWcI0Gs.roa (raw, json)
Hash identifier:          qlfjLVOdvdUV2jI3/oOUTlY45D5tz8Zfl1AouFgkqUA=
Subject key identifier:   2D:61:49:55:D6:9B:C0:68:E5:65:1B:D3:B8:A7:19:61:67:08:D0:6B
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D3F3379CD7525DA5244AD295010AA
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/LWFJVdabwGjlZRvTuKcZYWcI0Gs.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210903
IP address blocks:        2a0e:aa07:e200::/44 maxlen: 48
                          2a0e:aa07:e025::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3f:33:79:cd:75:25:da:52:44:ad:29:50:10:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d614955d69bc068e5651bd3b8a719616708d06b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d9:21:4f:5d:18:c9:49:08:58:da:5b:9e:06:
                    6b:7c:12:34:8f:e6:6e:67:37:b7:ae:62:d9:cc:65:
                    91:60:8b:71:77:46:29:68:4d:5d:ff:23:a9:3e:42:
                    97:37:0a:37:fb:b0:02:95:57:74:26:d7:39:e1:03:
                    19:74:9e:59:ca:d3:df:e9:fb:74:2c:11:e2:3c:08:
                    e0:68:95:63:1f:b4:16:29:5a:ee:47:82:25:76:2c:
                    1c:03:4b:5e:43:da:c8:e0:51:d2:53:80:1b:d9:37:
                    eb:33:21:67:d9:13:03:d1:81:7b:f7:df:43:59:af:
                    7f:cc:89:36:6b:a9:3d:f6:24:4f:5d:23:8e:2e:c0:
                    74:8a:5f:f5:a5:fb:0d:9b:07:a3:4c:4a:f4:11:8f:
                    fa:5e:32:1c:76:93:8c:08:b4:34:e3:dc:ed:81:f0:
                    aa:4b:64:05:e1:00:30:4e:92:5c:a6:3d:ef:20:15:
                    8e:7d:dc:8f:54:6e:d5:61:2d:7d:b2:12:8d:55:ba:
                    db:fe:57:d7:81:26:fb:72:01:79:26:a8:84:3f:de:
                    2b:46:ef:44:ca:8d:b8:82:9a:ec:b0:da:93:9c:d5:
                    50:50:7d:46:ac:c6:99:19:fc:7c:bf:6e:92:c5:23:
                    90:65:ae:69:a5:6c:ee:28:84:57:23:f7:1e:54:2b:
                    4f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:61:49:55:D6:9B:C0:68:E5:65:1B:D3:B8:A7:19:61:67:08:D0:6B
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/LWFJVdabwGjlZRvTuKcZYWcI0Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e025::/48
                  2a0e:aa07:e200::/44

    Signature Algorithm: sha256WithRSAEncryption
         29:d0:82:82:0f:99:cb:f9:e7:9f:a8:8d:ab:09:7a:af:cd:2d:
         44:0c:e8:74:1d:de:e9:94:26:98:37:a2:45:97:39:15:c8:f3:
         1c:be:f3:b1:1c:19:b7:05:8c:34:89:b9:90:56:17:9a:72:e3:
         2e:63:d6:81:45:d6:63:af:b4:23:e0:b9:63:bb:87:61:89:25:
         30:43:19:9e:13:9f:c7:f7:5d:65:f2:09:78:21:89:51:b2:c6:
         87:de:14:70:e3:f9:95:14:32:5b:dd:3b:f8:b1:d1:8e:5b:81:
         53:23:a1:e0:80:f3:72:db:46:14:9d:d3:16:0d:58:81:6d:25:
         6c:98:ba:d0:2c:6a:83:0a:82:77:58:e5:b3:b6:8c:05:3c:a2:
         31:6b:0a:e7:e1:ac:6a:e4:1c:17:d7:dd:de:03:3f:8a:91:73:
         59:cd:77:3f:a4:4f:89:3d:c5:ee:60:1f:09:9e:dd:dd:e9:a6:
         b4:7c:e8:6b:8f:32:3f:ff:e5:57:b8:ce:ce:c5:f2:5f:82:79:
         ce:8a:c5:a6:4b:6e:4f:95:c9:0d:87:52:b1:4e:c1:7d:28:07:
         a8:dd:3d:4f:bf:79:31:54:e5:db:87:31:8d:3c:fd:13:5a:29:
         fd:23:fb:fc:7a:70:01:d6:a8:d3:4d:13:b6:8c:07:fd:1d:1a:
         72:3a:c6:6c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbT8zec11JdpSRK0pUBCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDYxNDk1NWQ2OWJjMDY4ZTU2NTFiZDNiOGE3MTk2MTY3MDhkMDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldkhT10YyUkIWNpbngZrfBI0j+Zu
Zze3rmLZzGWRYItxd0YpaE1d/yOpPkKXNwo3+7AClVd0Jtc54QMZdJ5ZytPf6ft0
LBHiPAjgaJVjH7QWKVruR4IldiwcA0teQ9rI4FHSU4Ab2TfrMyFn2RMD0YF7999D
Wa9/zIk2a6k99iRPXSOOLsB0il/1pfsNmwejTEr0EY/6XjIcdpOMCLQ049ztgfCq
S2QF4QAwTpJcpj3vIBWOfdyPVG7VYS19shKNVbrb/lfXgSb7cgF5JqiEP94rRu9E
yo24gprssNqTnNVQUH1GrMaZGfx8v26SxSOQZa5ppWzuKIRXI/ceVCtP2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC1hSVXWm8Bo5WUb07inGWFnCNBrMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvTFdGSlZkYWJ3R2psWlJ2VHVLY1pZV2NJMEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6qB+Al
AwcEKg6qB+IAMA0GCSqGSIb3DQEBCwUAA4IBAQAp0IKCD5nL+eefqI2rCXqvzS1E
DOh0Hd7plCaYN6JFlzkVyPMcvvOxHBm3BYw0ibmQVheacuMuY9aBRdZjr7Qj4Llj
u4dhiSUwQxmeE5/H911l8gl4IYlRssaH3hRw4/mVFDJb3Tv4sdGOW4FTI6HggPNy
20YUndMWDViBbSVsmLrQLGqDCoJ3WOWztowFPKIxawrn4axq5BwX193eAz+KkXNZ
zXc/pE+JPcXuYB8Jnt3d6aa0fOhrjzI//+VXuM7OxfJfgnnOisWmS25PlckNh1Kx
TsF9KAeo3T1Pv3kxVOXbhzGNPP0TWin9I/v8enAB1qjTTRO2jAf9HRpyOsZs
-----END CERTIFICATE-----