Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MrWRsKNe29DTpaoswMCzGbeIlzE.roa
File:                     MrWRsKNe29DTpaoswMCzGbeIlzE.roa (raw, json)
Hash identifier:          F61RKQURrZixF1WDcpFwAxd4Vd8hLFf59kNiyg0JF9M=
Subject key identifier:   32:B5:91:B0:A3:5E:DB:D0:D3:A5:AA:2C:C0:C0:B3:19:B7:88:97:31
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018FE3DCC67CE0DAC248821545DC3B417FD4
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MrWRsKNe29DTpaoswMCzGbeIlzE.roa
Signing time:             Tue 04 Jun 2024 15:27:27 +0000
ROA not before:           Tue 04 Jun 2024 15:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214772
IP address blocks:        2a0e:aa07:e1d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:dc:c6:7c:e0:da:c2:48:82:15:45:dc:3b:41:7f:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jun  4 15:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32b591b0a35edbd0d3a5aa2cc0c0b319b7889731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:71:c3:93:53:0b:9e:58:2f:78:09:eb:0d:36:
                    e5:5e:2c:0f:7e:1e:0c:8d:3d:2c:41:01:1b:09:eb:
                    fb:da:b4:29:21:62:32:3b:21:c4:f5:81:41:8d:fd:
                    49:b7:2e:d5:76:9c:2f:df:1c:fe:17:4d:8c:b9:21:
                    4d:6f:8a:49:74:84:94:a1:21:88:8f:60:39:02:0a:
                    09:0f:40:fb:33:b1:97:df:7b:db:84:79:68:b8:88:
                    2e:51:63:c2:c7:80:d9:fc:25:5b:82:c3:d2:8c:9c:
                    cc:f1:02:1a:8c:4d:4d:87:09:38:26:b6:38:ab:72:
                    49:2a:c1:5f:d1:27:26:23:b3:a3:30:2b:f0:40:72:
                    9b:c8:87:de:ec:36:69:71:eb:e9:d3:17:02:c5:2f:
                    52:48:ad:7c:40:55:6d:38:e7:e0:32:b0:50:00:63:
                    82:b5:1d:7b:a7:44:4f:67:cb:4c:ff:62:ac:25:3a:
                    f5:a7:93:d7:88:86:3f:c7:0c:93:89:62:51:52:8e:
                    1d:7d:98:8c:77:19:6c:9c:18:07:01:aa:36:46:a1:
                    b5:57:5d:ea:d0:44:5d:9a:84:8e:60:6d:75:7d:fc:
                    33:10:5b:fa:90:34:c9:57:2a:13:20:92:89:c0:60:
                    ef:e2:03:46:68:8f:e1:e2:7f:94:8a:00:36:0e:cc:
                    a2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:B5:91:B0:A3:5E:DB:D0:D3:A5:AA:2C:C0:C0:B3:19:B7:88:97:31
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MrWRsKNe29DTpaoswMCzGbeIlzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8f:ba:ee:b3:a6:ff:f4:66:4e:99:34:c2:25:11:05:3a:0a:27:
         17:c9:24:8b:c1:85:c8:54:d7:65:69:be:d9:a4:cb:67:d0:13:
         3c:18:a5:88:f2:ef:21:c6:8c:91:91:2f:a7:a5:7e:b9:86:b1:
         3c:70:c8:8e:03:a3:b3:3b:70:74:18:13:b4:66:28:7f:9e:df:
         c1:1f:08:ef:05:ab:6f:78:69:3a:3c:25:38:5a:4a:14:8a:15:
         ff:89:d6:3f:45:59:75:0a:ab:8f:4c:06:fe:d8:9c:e2:bf:7e:
         7b:d9:11:59:ff:d7:eb:11:b7:6d:04:79:95:81:de:06:ce:e3:
         7f:93:1c:16:fe:f1:31:93:19:ad:49:92:d6:14:0f:f9:c9:28:
         44:c2:04:d3:1a:79:5a:cc:cc:e4:11:be:a8:d8:7f:92:e2:89:
         7e:b3:82:13:3d:33:1d:90:79:6f:90:9e:0e:ce:26:b3:40:2a:
         42:26:28:b1:92:31:b3:97:b6:73:38:ee:48:f5:f5:aa:33:ba:
         64:f4:22:56:03:fe:a8:04:d9:23:a8:e8:d0:c8:f5:4a:00:46:
         c4:07:5a:f0:98:84:f3:4c:bc:e6:c6:9f:a3:ac:2d:6d:1d:6f:
         81:69:c9:5c:8c:73:30:b8:47:5b:3a:33:54:39:d1:af:6e:06:
         b5:aa:93:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/j3MZ84NrCSIIVRdw7QX/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNjA0MTUyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmI1OTFiMGEzNWVkYmQwZDNhNWFhMmNjMGMwYjMxOWI3ODg5NzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnHDk1MLnlgveAnrDTblXiwPfh4M
jT0sQQEbCev72rQpIWIyOyHE9YFBjf1Jty7Vdpwv3xz+F02MuSFNb4pJdISUoSGI
j2A5AgoJD0D7M7GX33vbhHlouIguUWPCx4DZ/CVbgsPSjJzM8QIajE1Nhwk4JrY4
q3JJKsFf0ScmI7OjMCvwQHKbyIfe7DZpcevp0xcCxS9SSK18QFVtOOfgMrBQAGOC
tR17p0RPZ8tM/2KsJTr1p5PXiIY/xwyTiWJRUo4dfZiMdxlsnBgHAao2RqG1V13q
0ERdmoSOYG11ffwzEFv6kDTJVyoTIJKJwGDv4gNGaI/h4n+UigA2Dsyi9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDK1kbCjXtvQ06WqLMDAsxm3iJcxMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvTXJXUnNLTmUyOURUcGFvc3dNQ3pHYmVJbHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+HQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCPuu6zpv/0Zk6ZNMIlEQU6CicXySSLwYXIVNdl
ab7ZpMtn0BM8GKWI8u8hxoyRkS+npX65hrE8cMiOA6OzO3B0GBO0Zih/nt/BHwjv
BatveGk6PCU4WkoUihX/idY/RVl1CquPTAb+2Jziv3572RFZ/9frEbdtBHmVgd4G
zuN/kxwW/vExkxmtSZLWFA/5yShEwgTTGnlazMzkEb6o2H+S4ol+s4ITPTMdkHlv
kJ4OziazQCpCJiixkjGzl7ZzOO5I9fWqM7pk9CJWA/6oBNkjqOjQyPVKAEbEB1rw
mITzTLzmxp+jrC1tHW+BaclcjHMwuEdbOjNUOdGvbga1qpM5
-----END CERTIFICATE-----