Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/T9PXN9RRmDxI6IQEvSMiS1irxMw.roa
File:                     T9PXN9RRmDxI6IQEvSMiS1irxMw.roa (raw, json)
Hash identifier:          q2timwjc4O+Knr9ubm1ka6ESpFjimgZJ1yHrVa8jQ6U=
Subject key identifier:   4F:D3:D7:37:D4:51:98:3C:48:E8:84:04:BD:23:22:4B:58:AB:C4:CC
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D3EF7BC060D76B88EB3A18588CD27
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/T9PXN9RRmDxI6IQEvSMiS1irxMw.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210872
IP address blocks:        2a0e:aa07:e026::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3e:f7:bc:06:0d:76:b8:8e:b3:a1:85:88:cd:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fd3d737d451983c48e88404bd23224b58abc4cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:44:34:83:4d:cd:6d:4e:da:e6:0c:f3:ee:7a:
                    87:fe:e9:6b:0e:13:08:49:c6:54:0d:50:f0:d0:d6:
                    4d:91:fe:fb:30:82:5e:b4:1c:5b:69:a0:d4:8e:7f:
                    01:b3:f3:c0:8a:fd:f3:19:2b:30:df:54:61:b4:48:
                    2c:8e:7a:12:be:e8:33:6c:39:e8:f1:a0:b1:89:df:
                    79:f3:98:b5:be:a0:81:46:21:d6:1c:33:e3:3c:13:
                    2c:f4:db:e6:02:4c:fb:17:35:83:ab:06:ef:4a:0a:
                    46:1a:6d:84:af:45:77:44:e7:cc:c6:2b:b3:b8:51:
                    1a:82:9a:36:eb:a5:6a:7a:74:5a:95:b9:88:ef:63:
                    a9:f1:32:53:a7:5d:49:9b:d5:1b:24:df:cf:b5:e4:
                    0c:a7:f1:4f:54:a8:54:57:8e:94:a0:4d:f6:67:37:
                    c2:15:40:b6:9e:59:19:90:a5:9b:8a:2d:dc:4c:f6:
                    d2:55:b3:e2:64:11:1c:79:00:21:b2:ba:88:ad:07:
                    bd:c4:fd:5e:b7:e6:b8:6f:e6:a0:de:f4:82:67:e0:
                    63:56:d7:82:fb:17:40:a5:ce:97:2e:1c:1e:a5:e2:
                    07:08:53:67:77:9a:02:f9:ca:b3:fb:ca:06:40:ff:
                    eb:a0:16:90:0a:9e:2f:a8:1c:80:00:4e:b9:b9:17:
                    4b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D3:D7:37:D4:51:98:3C:48:E8:84:04:BD:23:22:4B:58:AB:C4:CC
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/T9PXN9RRmDxI6IQEvSMiS1irxMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e026::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:f5:53:70:af:a4:1a:8e:f3:83:2a:ff:c8:3c:d1:30:25:a2:
         b6:07:25:9e:0e:6a:e1:90:94:6e:50:66:c9:7b:0c:3d:82:d9:
         84:73:76:6f:2d:b0:8a:81:c1:d8:b5:f8:5c:97:f5:64:b2:f2:
         29:15:1b:36:99:21:d4:49:ce:f1:97:ee:f0:a0:dc:11:0f:28:
         37:c3:a0:5e:27:d7:55:37:52:f6:57:59:6e:43:b9:a4:af:84:
         23:c1:c9:08:ff:4d:66:6f:e3:b9:1c:a3:ff:a7:43:54:74:c3:
         cd:9b:e2:e3:77:1b:85:73:4a:d8:6a:e0:c5:14:28:d1:14:9c:
         2b:06:b3:97:fe:03:c0:2c:de:45:b2:14:55:61:0e:db:83:41:
         7c:46:56:7a:5f:e4:92:f9:a7:63:c0:c3:c1:66:0d:56:59:07:
         cd:3e:4d:94:c3:5e:bd:69:0b:78:5a:62:20:7a:82:5b:24:ad:
         72:02:ed:9a:b6:c2:50:0d:3b:4a:94:b2:90:0b:8d:91:9e:c9:
         ac:ef:81:c2:87:f6:1e:3f:98:97:60:c0:44:47:d7:04:07:39:
         be:e2:85:c7:4c:15:86:af:36:0d:13:0c:c9:de:71:a5:b2:e0:
         51:cc:01:49:aa:54:25:2a:b3:af:c6:66:5f:2e:1b:ef:bf:1f:
         cb:8f:2d:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbT73vAYNdriOs6GFiM0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQzZDczN2Q0NTE5ODNjNDhlODg0MDRiZDIzMjI0YjU4YWJjNGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEQ0g03NbU7a5gzz7nqH/ulrDhMI
ScZUDVDw0NZNkf77MIJetBxbaaDUjn8Bs/PAiv3zGSsw31RhtEgsjnoSvugzbDno
8aCxid9585i1vqCBRiHWHDPjPBMs9NvmAkz7FzWDqwbvSgpGGm2Er0V3ROfMxiuz
uFEagpo266VqenRalbmI72Op8TJTp11Jm9UbJN/PteQMp/FPVKhUV46UoE32ZzfC
FUC2nlkZkKWbii3cTPbSVbPiZBEceQAhsrqIrQe9xP1et+a4b+ag3vSCZ+BjVteC
+xdApc6XLhwepeIHCFNnd5oC+cqz+8oGQP/roBaQCp4vqByAAE65uRdLqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE/T1zfUUZg8SOiEBL0jIktYq8TMMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvVDlQWE45UlJtRHhJNklRRXZTTWlTMWlyeE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Am
MA0GCSqGSIb3DQEBCwUAA4IBAQBR9VNwr6QajvODKv/IPNEwJaK2ByWeDmrhkJRu
UGbJeww9gtmEc3ZvLbCKgcHYtfhcl/VksvIpFRs2mSHUSc7xl+7woNwRDyg3w6Be
J9dVN1L2V1luQ7mkr4QjwckI/01mb+O5HKP/p0NUdMPNm+LjdxuFc0rYauDFFCjR
FJwrBrOX/gPALN5FshRVYQ7bg0F8RlZ6X+SS+adjwMPBZg1WWQfNPk2Uw169aQt4
WmIgeoJbJK1yAu2atsJQDTtKlLKQC42Rnsms74HCh/YeP5iXYMBER9cEBzm+4oXH
TBWGrzYNEwzJ3nGlsuBRzAFJqlQlKrOvxmZfLhvvvx/Ljy1Q
-----END CERTIFICATE-----