Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OwF8cvfHDgJNTYUaPidyQTgTcq4.roa
File:                     OwF8cvfHDgJNTYUaPidyQTgTcq4.roa (raw, json)
Hash identifier:          CQ4OvM7Vu/PmnaTVze5vvaQnN194Fcn9eOuu98R3gwI=
Subject key identifier:   3B:01:7C:72:F7:C7:0E:02:4D:4D:85:1A:3E:27:72:41:38:13:72:AE
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0196EF9438E45EA623EDC8749637B466159B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OwF8cvfHDgJNTYUaPidyQTgTcq4.roa
Signing time:             Tue 20 May 2025 21:23:10 +0000
ROA not before:           Tue 20 May 2025 21:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0e:aa02::/40 maxlen: 40
                          2a0e:aa06:52a::/48 maxlen: 48
                          2a0e:aa07:f0d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ef:94:38:e4:5e:a6:23:ed:c8:74:96:37:b4:66:15:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: May 20 21:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b017c72f7c70e024d4d851a3e277241381372ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1f:1b:2e:f6:02:13:1a:cf:e6:81:0d:5c:6e:
                    2b:e8:de:45:88:86:da:b5:83:db:04:b0:bd:89:3c:
                    25:03:17:69:43:4a:06:79:9c:12:0a:b4:c1:aa:c1:
                    78:df:80:15:f5:a7:6e:42:67:c1:b0:70:2f:97:23:
                    aa:0f:0d:bd:cb:95:46:4c:2a:a1:c3:8a:b5:91:e4:
                    be:83:bc:d6:8b:ab:28:44:84:2f:e6:f6:6f:c2:de:
                    27:26:60:0a:1f:00:d9:c5:37:bf:86:91:3a:bb:25:
                    c0:dc:bf:f3:85:73:29:77:c0:42:c6:29:b4:24:83:
                    0b:44:20:26:4a:6c:6f:85:90:6c:26:10:56:15:72:
                    b4:05:56:74:55:eb:b9:0e:e2:bc:75:e3:fb:4e:86:
                    0a:07:cf:81:dc:f6:e7:d8:5d:b4:7a:06:23:eb:71:
                    bb:66:8e:f0:6d:d2:50:92:01:fc:86:d1:ab:c2:9d:
                    ba:17:7f:74:ed:52:4a:3c:3c:07:1f:92:e8:05:33:
                    cf:05:d0:1e:e7:6e:01:10:b1:50:3e:aa:71:cb:b0:
                    cb:d5:94:cc:14:2e:be:fe:b0:9f:ed:ff:80:d3:d4:
                    50:7b:2a:d9:0a:78:e1:5e:e4:fb:d2:a6:60:6b:8e:
                    e2:f4:59:45:2e:9a:af:74:50:61:8f:e9:91:30:23:
                    26:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:01:7C:72:F7:C7:0E:02:4D:4D:85:1A:3E:27:72:41:38:13:72:AE
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OwF8cvfHDgJNTYUaPidyQTgTcq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa02::/40
                  2a0e:aa06:52a::/48
                  2a0e:aa07:f0d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         73:80:d5:b0:b3:05:04:cf:ce:71:90:8c:12:d2:ee:98:95:c3:
         b3:75:28:f6:10:99:9d:63:5b:c1:1c:59:35:61:47:85:bf:86:
         5d:68:62:15:c0:1e:7c:76:cf:67:df:a4:7b:45:39:fe:bb:db:
         0a:c4:4c:74:88:15:10:f8:a3:ae:45:73:59:53:78:56:43:f9:
         78:7b:8d:a8:bf:c5:54:a6:eb:33:14:d9:55:9e:e1:4a:98:ee:
         46:1f:98:80:81:b1:ff:40:9c:0e:d4:39:01:7f:b7:8a:e0:24:
         fe:3f:f2:cd:43:d3:13:ed:f6:04:6f:17:74:c0:ad:cf:de:c0:
         d9:66:f4:54:f2:77:d7:aa:45:8f:05:a6:78:df:f9:8c:81:47:
         bb:6e:4f:dc:f8:bc:7a:00:28:8b:76:8e:6b:16:14:33:44:f9:
         66:4a:56:c7:6c:82:79:1d:55:1b:bb:b3:6f:a0:d5:02:aa:3c:
         17:5e:3f:b8:a1:71:a9:98:44:ca:e4:43:96:c8:57:db:0f:76:
         e9:27:4c:5e:a0:d0:6c:6c:07:79:ea:a0:c6:17:57:5c:f6:80:
         7f:fd:77:d5:39:c6:48:35:c9:bc:22:4f:8b:c4:e9:b8:a9:ee:
         39:6f:cb:74:fe:45:69:19:ef:51:e5:0a:42:e2:a4:85:38:10:
         3e:ab:e9:c9
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZbvlDjkXqYj7ch0lje0ZhWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwNTIwMjEyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjAxN2M3MmY3YzcwZTAyNGQ0ZDg1MWEzZTI3NzI0MTM4MTM3MmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh8bLvYCExrP5oENXG4r6N5FiIba
tYPbBLC9iTwlAxdpQ0oGeZwSCrTBqsF434AV9aduQmfBsHAvlyOqDw29y5VGTCqh
w4q1keS+g7zWi6soRIQv5vZvwt4nJmAKHwDZxTe/hpE6uyXA3L/zhXMpd8BCxim0
JIMLRCAmSmxvhZBsJhBWFXK0BVZ0Veu5DuK8deP7ToYKB8+B3Pbn2F20egYj63G7
Zo7wbdJQkgH8htGrwp26F3907VJKPDwHH5LoBTPPBdAe524BELFQPqpxy7DL1ZTM
FC6+/rCf7f+A09RQeyrZCnjhXuT70qZga47i9FlFLpqvdFBhj+mRMCMmdQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDsBfHL3xw4CTU2FGj4nckE4E3KuMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvT3dGOGN2ZkhEZ0pOVFlVYVBpZHlRVGdUY3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKg6qAgAD
BwAqDqoGBSoDBwQqDqoH8NAwDQYJKoZIhvcNAQELBQADggEBAHOA1bCzBQTPznGQ
jBLS7piVw7N1KPYQmZ1jW8EcWTVhR4W/hl1oYhXAHnx2z2ffpHtFOf672wrETHSI
FRD4o65Fc1lTeFZD+Xh7jai/xVSm6zMU2VWe4UqY7kYfmICBsf9AnA7UOQF/t4rg
JP4/8s1D0xPt9gRvF3TArc/ewNlm9FTyd9eqRY8Fpnjf+YyBR7tuT9z4vHoAKIt2
jmsWFDNE+WZKVsdsgnkdVRu7s2+g1QKqPBdeP7ihcamYRMrkQ5bIV9sPduknTF6g
0GxsB3nqoMYXV1z2gH/9d9U5xkg1ybwiT4vE6bip7jlvy3T+RWkZ71HlCkLipIU4
ED6r6ck=
-----END CERTIFICATE-----