Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/RwhWM7mDUB3vVw6ai7irn62Gdu4.roa
File:                     RwhWM7mDUB3vVw6ai7irn62Gdu4.roa (raw, json)
Hash identifier:          2jW0kolw3h5IydHORzzNyoVAUulAiXW2KQV9R+pVZa4=
Subject key identifier:   47:08:56:33:B9:83:50:1D:EF:57:0E:9A:8B:B8:AB:9F:AD:86:76:EE
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D38760CED8350266F069AC653937E
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/RwhWM7mDUB3vVw6ai7irn62Gdu4.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209391
IP address blocks:        2a0e:aa07:e031::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:38:76:0c:ed:83:50:26:6f:06:9a:c6:53:93:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47085633b983501def570e9a8bb8ab9fad8676ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:45:b5:c3:63:c5:43:43:05:be:95:f0:4a:d1:
                    e3:1e:63:26:ab:85:40:9c:7e:da:34:e2:e0:ea:e8:
                    56:37:d7:55:90:7d:e2:51:d3:2e:40:df:60:ee:6e:
                    ba:e5:49:e0:f1:a0:0e:c1:ff:d3:ad:e7:48:d4:10:
                    85:9e:2b:48:da:ce:22:b6:b6:45:50:3e:b6:de:83:
                    f5:76:20:c8:2d:45:5e:8d:98:e5:6d:2b:59:97:90:
                    8c:09:c5:d4:95:df:b9:56:f9:ec:e9:5e:95:37:b8:
                    08:f1:0f:cf:a9:1f:a4:95:4b:1e:10:0f:89:ae:16:
                    fb:a2:6b:12:02:9b:d7:4e:4a:f5:49:f3:08:53:3f:
                    d2:e9:62:47:3e:c4:a3:87:03:6c:9c:94:a5:0a:50:
                    30:62:c0:7c:67:95:a7:64:d7:73:bb:40:66:7c:f1:
                    0b:a4:f8:ee:90:de:ed:d9:37:41:6f:5b:4d:2e:38:
                    76:04:03:b1:b7:8a:6a:fa:66:6a:b8:bb:0d:fc:e5:
                    71:a6:4f:fb:d7:02:75:db:b1:5c:d6:91:af:71:9f:
                    7c:0c:cd:b7:86:76:a0:fd:a7:4b:ce:dd:d0:24:33:
                    c5:14:4a:84:60:d1:2f:8d:50:40:e0:c9:a4:75:0b:
                    14:2d:72:8f:07:62:63:fa:26:34:e1:ed:08:91:cb:
                    df:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:08:56:33:B9:83:50:1D:EF:57:0E:9A:8B:B8:AB:9F:AD:86:76:EE
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/RwhWM7mDUB3vVw6ai7irn62Gdu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e031::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:8d:52:fc:be:2d:de:ae:47:ae:05:75:7d:7a:25:80:ed:0f:
         5c:23:7d:a4:27:97:df:a7:42:14:76:8b:3d:44:fd:26:c3:d7:
         99:d0:83:ce:d9:6f:e7:49:ab:8a:cf:28:3f:11:e3:72:43:34:
         ba:ea:f9:54:f1:7a:2b:ee:c0:29:e9:82:ce:b3:87:69:ce:1a:
         d5:ba:8e:eb:f2:51:db:63:a3:3b:ce:0a:9b:4f:17:31:71:fd:
         a6:8a:7c:c8:32:4c:f0:56:e2:3a:ea:85:a3:d9:14:37:d8:8f:
         13:41:65:bc:0d:24:e5:10:01:20:60:22:4f:1d:47:4b:83:44:
         cf:82:bc:6e:36:9f:63:21:bf:d6:56:f4:ff:2d:5c:ce:02:9b:
         f7:ac:04:71:48:00:32:67:74:24:22:3f:65:c4:d1:7e:e6:f0:
         74:c4:b2:f2:6b:c7:77:54:3d:e6:70:50:74:dc:3f:48:eb:c2:
         c2:40:76:74:49:3c:7b:bb:54:95:a2:68:fe:87:c8:a9:ee:ac:
         b7:ae:7d:99:9e:fc:81:f6:a7:aa:44:74:81:63:be:01:cd:65:
         18:4d:31:4d:19:30:45:04:ed:33:c6:75:13:8f:b2:80:0a:03:
         30:25:9f:6e:a8:8f:14:31:46:6d:83:7b:d1:00:ee:8d:71:b1:
         a1:9e:a4:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTh2DO2DUCZvBprGU5N+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzA4NTYzM2I5ODM1MDFkZWY1NzBlOWE4YmI4YWI5ZmFkODY3NmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUW1w2PFQ0MFvpXwStHjHmMmq4VA
nH7aNOLg6uhWN9dVkH3iUdMuQN9g7m665Ung8aAOwf/TredI1BCFnitI2s4itrZF
UD623oP1diDILUVejZjlbStZl5CMCcXUld+5Vvns6V6VN7gI8Q/PqR+klUseEA+J
rhb7omsSApvXTkr1SfMIUz/S6WJHPsSjhwNsnJSlClAwYsB8Z5WnZNdzu0BmfPEL
pPjukN7t2TdBb1tNLjh2BAOxt4pq+mZquLsN/OVxpk/71wJ127Fc1pGvcZ98DM23
hnag/adLzt3QJDPFFEqEYNEvjVBA4MmkdQsULXKPB2Jj+iY04e0IkcvfuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEcIVjO5g1Ad71cOmou4q5+thnbuMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvUndoV003bURVQjN2Vnc2YWk3aXJuNjJHZHU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Ax
MA0GCSqGSIb3DQEBCwUAA4IBAQC/jVL8vi3erkeuBXV9eiWA7Q9cI32kJ5ffp0IU
dos9RP0mw9eZ0IPO2W/nSauKzyg/EeNyQzS66vlU8Xor7sAp6YLOs4dpzhrVuo7r
8lHbY6M7zgqbTxcxcf2minzIMkzwVuI66oWj2RQ32I8TQWW8DSTlEAEgYCJPHUdL
g0TPgrxuNp9jIb/WVvT/LVzOApv3rARxSAAyZ3QkIj9lxNF+5vB0xLLya8d3VD3m
cFB03D9I68LCQHZ0STx7u1SVomj+h8ip7qy3rn2ZnvyB9qeqRHSBY74BzWUYTTFN
GTBFBO0zxnUTj7KACgMwJZ9uqI8UMUZtg3vRAO6NcbGhnqT4
-----END CERTIFICATE-----