Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OXmCgOy2RSs2Q9-dpXtrL59cy0c.roa
File:                     OXmCgOy2RSs2Q9-dpXtrL59cy0c.roa (raw, json)
Hash identifier:          FH7kbSErSmJsV+zBcDnS+/kXfc8cK+RzWStyYt5plF0=
Subject key identifier:   39:79:82:80:EC:B6:45:2B:36:43:DF:9D:A5:7B:6B:2F:9F:5C:CB:47
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019072623B73F468748BDA23D46D0729683E
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OXmCgOy2RSs2Q9-dpXtrL59cy0c.roa
Signing time:             Tue 02 Jul 2024 07:39:18 +0000
ROA not before:           Tue 02 Jul 2024 07:39:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214613
IP address blocks:        2a0e:aa06:540::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:72:62:3b:73:f4:68:74:8b:da:23:d4:6d:07:29:68:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jul  2 07:39:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39798280ecb6452b3643df9da57b6b2f9f5ccb47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6a:e3:e9:6b:a5:80:67:52:b8:6e:c8:75:76:
                    19:f4:f4:b8:ad:5d:00:b0:8a:b3:0b:a3:f9:eb:9c:
                    37:58:28:c4:89:e6:09:cc:0f:ed:3c:21:e0:f3:30:
                    6d:b4:f3:a4:fb:d3:f6:e4:d4:d7:9a:ff:b9:9a:e1:
                    1c:02:0a:7e:30:0e:8e:da:08:0e:fd:eb:d9:01:93:
                    0b:2e:65:2b:0d:27:c1:59:d0:67:7f:52:6d:1d:a7:
                    6e:51:30:db:be:a0:3f:73:0d:c6:f1:d1:20:19:7d:
                    8c:0a:e2:05:2b:ce:22:6e:c9:c2:e7:33:56:5b:92:
                    15:7b:e7:55:f8:1d:ae:0e:49:6b:d7:57:30:65:7b:
                    15:27:7d:fc:c8:7b:de:47:72:9b:05:b5:2b:2f:ea:
                    5c:25:ee:95:af:a5:e1:c7:ac:2f:dd:a3:01:64:ce:
                    fd:f6:a6:0e:87:32:73:8e:c2:a6:15:c0:7f:62:88:
                    a3:6b:ff:5c:a0:cf:4d:35:82:46:03:e1:eb:71:d5:
                    aa:cd:c9:06:5e:d8:ee:31:43:b7:73:da:38:bc:3c:
                    25:69:0e:3f:3e:b9:64:c9:99:ea:f2:5a:8a:d7:78:
                    46:d6:c7:83:5f:e0:80:72:5a:41:d2:22:9e:66:6a:
                    30:e8:22:c5:d3:c4:43:ce:21:97:7a:ed:de:93:54:
                    3f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:79:82:80:EC:B6:45:2B:36:43:DF:9D:A5:7B:6B:2F:9F:5C:CB:47
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OXmCgOy2RSs2Q9-dpXtrL59cy0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:540::/44

    Signature Algorithm: sha256WithRSAEncryption
         12:4d:6d:2e:7f:d6:4f:70:b3:98:c9:b1:82:47:6c:92:33:9e:
         ba:9e:33:04:53:14:66:91:1d:36:dc:8f:a8:aa:f1:6e:b4:a0:
         29:9b:09:b2:7f:88:53:a5:0d:9f:dd:6d:a7:86:9d:43:9c:96:
         92:20:37:ed:1d:ba:e0:54:04:18:91:dd:e4:10:6f:64:89:52:
         11:4a:a6:e1:34:cf:08:f2:77:c9:3b:6e:58:79:a2:28:a8:c4:
         eb:1f:35:7e:94:4a:3d:5a:d9:91:84:76:11:76:fa:95:fe:04:
         5a:dc:97:77:3e:55:a5:62:d8:91:17:a2:3a:30:9b:c9:ab:86:
         6f:99:78:35:0f:83:19:bf:3c:b4:70:ee:1a:40:cc:24:87:1e:
         95:71:3d:29:40:6b:80:df:38:a8:42:ab:05:5a:31:00:5e:0a:
         b7:73:a4:78:df:75:bd:ce:ad:34:32:af:0c:50:f7:02:2a:72:
         f0:2b:cf:8c:5b:80:fc:ec:56:a9:b3:22:ac:09:5e:a0:ef:d4:
         a6:6d:d1:e5:cc:30:f7:03:59:da:a7:c4:0c:90:a8:fd:87:d6:
         be:c7:86:1f:e0:4c:d1:ec:f9:d9:0a:13:56:db:b4:6d:78:57:
         33:49:eb:34:e1:d1:e2:f7:ca:7d:04:68:7b:24:8c:ad:8c:76:
         b2:ae:0a:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZByYjtz9Gh0i9oj1G0HKWg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNzAyMDczOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTc5ODI4MGVjYjY0NTJiMzY0M2RmOWRhNTdiNmIyZjlmNWNjYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Grj6WulgGdSuG7IdXYZ9PS4rV0A
sIqzC6P565w3WCjEieYJzA/tPCHg8zBttPOk+9P25NTXmv+5muEcAgp+MA6O2ggO
/evZAZMLLmUrDSfBWdBnf1JtHaduUTDbvqA/cw3G8dEgGX2MCuIFK84ibsnC5zNW
W5IVe+dV+B2uDklr11cwZXsVJ338yHveR3KbBbUrL+pcJe6Vr6Xhx6wv3aMBZM79
9qYOhzJzjsKmFcB/Yoija/9coM9NNYJGA+HrcdWqzckGXtjuMUO3c9o4vDwlaQ4/
PrlkyZnq8lqK13hG1seDX+CAclpB0iKeZmow6CLF08RDziGXeu3ek1Q/5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDl5goDstkUrNkPfnaV7ay+fXMtHMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvT1htQ2dPeTJSU3MyUTktZHBYdHJMNTljeTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgVA
MA0GCSqGSIb3DQEBCwUAA4IBAQASTW0uf9ZPcLOYybGCR2ySM566njMEUxRmkR02
3I+oqvFutKApmwmyf4hTpQ2f3W2nhp1DnJaSIDftHbrgVAQYkd3kEG9kiVIRSqbh
NM8I8nfJO25YeaIoqMTrHzV+lEo9WtmRhHYRdvqV/gRa3Jd3PlWlYtiRF6I6MJvJ
q4ZvmXg1D4MZvzy0cO4aQMwkhx6VcT0pQGuA3zioQqsFWjEAXgq3c6R433W9zq00
Mq8MUPcCKnLwK8+MW4D87FapsyKsCV6g79SmbdHlzDD3A1nap8QMkKj9h9a+x4Yf
4EzR7PnZChNW27RteFczSes04dHi98p9BGh7JIytjHayrgrt
-----END CERTIFICATE-----