Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/TRcct14t-mji-29FFqUjs43V0mI.roa
File:                     TRcct14t-mji-29FFqUjs43V0mI.roa (raw, json)
Hash identifier:          EFaRGEkNxKOju0+2C7TlEiEkkZKwt2AhJ5gth59hW54=
Subject key identifier:   4D:17:1C:B7:5E:2D:FA:68:E2:FB:6F:45:16:A5:23:B3:8D:D5:D2:62
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2DABAAE95FDB1A1F27B8907305C6
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/TRcct14t-mji-29FFqUjs43V0mI.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203023
IP address blocks:        2a0e:aa07:e150::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2d:ab:aa:e9:5f:db:1a:1f:27:b8:90:73:05:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d171cb75e2dfa68e2fb6f4516a523b38dd5d262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:82:66:d1:c6:ce:3c:19:d4:17:18:72:1c:df:
                    03:37:a8:ff:26:32:5e:f5:b9:23:48:d7:4c:75:48:
                    31:75:bc:da:46:8f:ca:c1:cd:5d:59:a4:80:dc:e7:
                    19:3a:bc:6f:29:f1:c9:02:f7:26:bd:cf:35:e7:c1:
                    4d:41:20:c5:56:a7:99:49:e7:11:3c:77:15:82:76:
                    dd:ba:13:d7:db:1c:f9:5b:09:2b:a1:e6:f7:a4:6a:
                    5f:e5:2d:43:0b:4d:b6:48:b8:b2:3a:96:97:46:6b:
                    51:c8:2b:98:9b:ed:96:e5:56:a7:a5:a7:4b:fa:c6:
                    d3:d4:bf:18:19:36:8e:ca:0b:c2:21:6c:ae:87:4c:
                    2b:df:fb:3d:2d:17:fc:3c:16:16:0a:56:cc:0f:8c:
                    f7:d5:ad:cb:2e:4b:0b:25:50:fe:38:a3:94:b6:69:
                    5c:93:f7:87:22:d7:97:00:ab:ea:60:b2:9d:73:62:
                    70:3d:4e:c9:d2:52:57:9f:65:c8:af:8c:0e:b6:9e:
                    3f:f4:fd:63:a9:41:0c:4f:a1:23:38:52:89:77:e1:
                    01:54:cf:c7:fe:1e:eb:7a:c9:5f:54:e2:dc:9d:bd:
                    01:1c:73:b8:91:ed:b7:0f:08:4e:58:dd:a2:89:80:
                    15:25:7c:e2:68:69:7d:fb:e0:13:e0:fb:37:b8:22:
                    06:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:17:1C:B7:5E:2D:FA:68:E2:FB:6F:45:16:A5:23:B3:8D:D5:D2:62
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/TRcct14t-mji-29FFqUjs43V0mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e150::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:1c:e5:ab:ef:ed:53:62:2e:9f:8e:74:e4:82:8e:65:87:3e:
         b4:ed:0d:1d:4f:4e:54:06:77:58:94:22:a1:5b:dc:18:4a:d9:
         ba:94:36:5b:ed:d5:34:14:84:98:e7:61:f2:a9:52:21:53:29:
         ec:f2:b3:f7:06:1c:b8:c1:6d:40:96:53:25:f9:15:55:58:fd:
         22:1a:3d:96:d2:ce:d9:1b:85:f7:4a:a0:8b:3f:d6:4d:01:f5:
         c2:3d:e4:5d:b6:20:ac:30:59:98:3c:9a:a9:57:aa:1e:d3:e7:
         f0:05:5a:74:83:f4:d5:03:fd:64:4e:bd:30:30:17:cf:0d:9d:
         af:a4:9d:40:c5:4b:50:e3:64:ff:82:8c:9f:42:92:cb:47:6e:
         a6:dc:ea:27:b7:bc:4a:08:6d:87:91:1f:17:89:59:d4:75:90:
         fb:01:a2:ae:86:ac:67:74:8e:a6:1a:96:af:fc:da:b2:35:95:
         8c:dc:2f:21:53:b4:0b:cf:31:4a:e2:d3:87:ad:56:e1:0c:a8:
         3e:4e:66:28:2c:3a:ad:5b:16:7a:ba:6d:50:66:94:1d:03:a1:
         48:19:2f:ee:d2:82:64:5c:07:29:a3:88:34:90:ca:98:86:4f:
         a8:34:ff:41:fe:54:97:bd:53:e5:85:0b:98:fc:cd:31:3a:2f:
         bb:e7:74:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbS2rqulf2xofJ7iQcwXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDE3MWNiNzVlMmRmYTY4ZTJmYjZmNDUxNmE1MjNiMzhkZDVkMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoJm0cbOPBnUFxhyHN8DN6j/JjJe
9bkjSNdMdUgxdbzaRo/Kwc1dWaSA3OcZOrxvKfHJAvcmvc8158FNQSDFVqeZSecR
PHcVgnbduhPX2xz5Wwkroeb3pGpf5S1DC022SLiyOpaXRmtRyCuYm+2W5VanpadL
+sbT1L8YGTaOygvCIWyuh0wr3/s9LRf8PBYWClbMD4z31a3LLksLJVD+OKOUtmlc
k/eHIteXAKvqYLKdc2JwPU7J0lJXn2XIr4wOtp4/9P1jqUEMT6EjOFKJd+EBVM/H
/h7reslfVOLcnb0BHHO4ke23DwhOWN2iiYAVJXziaGl9++AT4Ps3uCIGTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE0XHLdeLfpo4vtvRRalI7ON1dJiMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvVFJjY3QxNHQtbWppLTI5RkZxVWpzNDNWMG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+FQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCSHOWr7+1TYi6fjnTkgo5lhz607Q0dT05UBndY
lCKhW9wYStm6lDZb7dU0FISY52HyqVIhUyns8rP3Bhy4wW1AllMl+RVVWP0iGj2W
0s7ZG4X3SqCLP9ZNAfXCPeRdtiCsMFmYPJqpV6oe0+fwBVp0g/TVA/1kTr0wMBfP
DZ2vpJ1AxUtQ42T/goyfQpLLR26m3Oont7xKCG2HkR8XiVnUdZD7AaKuhqxndI6m
Gpav/NqyNZWM3C8hU7QLzzFK4tOHrVbhDKg+TmYoLDqtWxZ6um1QZpQdA6FIGS/u
0oJkXAcpo4g0kMqYhk+oNP9B/lSXvVPlhQuY/M0xOi+753Qi
-----END CERTIFICATE-----