Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/TsI2YoOxpLr0oyWast-tgJKhnu0.roa
File:                     TsI2YoOxpLr0oyWast-tgJKhnu0.roa (raw, json)
Hash identifier:          qWyLFVn8y6J9QlqJKxbZuNYTTFGEMM80uN0vqd1c1pc=
Subject key identifier:   4E:C2:36:62:83:B1:A4:BA:F4:A3:25:9A:B2:DF:AD:80:92:A1:9E:ED
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018E0E1772384FBB611A3165B538D3DE4B84
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/TsI2YoOxpLr0oyWast-tgJKhnu0.roa
Signing time:             Tue 05 Mar 2024 10:10:01 +0000
ROA not before:           Tue 05 Mar 2024 10:10:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215373
IP address blocks:        2a0e:aa07:e170::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:17:72:38:4f:bb:61:1a:31:65:b5:38:d3:de:4b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Mar  5 10:10:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ec2366283b1a4baf4a3259ab2dfad8092a19eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fc:9b:17:7c:4e:37:32:70:26:86:d5:34:4c:
                    c6:ef:ae:bf:2a:cb:bd:45:9e:c7:14:2b:de:e8:f0:
                    e8:99:a3:55:50:9b:39:72:22:4c:4a:eb:92:6d:f3:
                    60:2a:3f:95:2a:95:10:80:54:93:c5:89:ba:c1:3a:
                    b2:78:97:2a:19:40:a2:34:04:50:d4:eb:57:7c:43:
                    54:87:11:1b:0c:b4:b0:62:d6:24:b0:69:c8:35:24:
                    5f:fd:8e:74:f4:17:30:33:da:66:09:be:09:02:44:
                    25:37:22:8e:86:5f:cf:8c:6c:90:98:ae:cf:8b:39:
                    09:9f:e0:bf:22:59:fe:ba:ac:04:75:33:93:a1:4c:
                    70:6a:86:44:ed:7f:a3:08:a3:b4:5a:97:e2:39:2d:
                    4c:ff:93:bb:76:34:11:fe:2f:c0:28:c3:20:d2:a6:
                    c7:8c:e8:e7:40:2d:e8:93:f9:fc:ed:6a:61:cf:7c:
                    10:99:d9:62:b5:fa:fd:3e:2e:9f:a7:44:0a:1a:f4:
                    ca:f2:3f:53:03:98:17:90:d9:32:3c:60:1c:60:04:
                    86:29:71:76:bc:19:58:83:1e:60:f0:d5:6f:3b:69:
                    32:ef:f3:79:71:ca:94:5f:b9:03:e6:55:e0:0f:76:
                    99:c2:f1:54:77:66:75:66:8e:3a:99:bb:8e:ad:87:
                    5d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C2:36:62:83:B1:A4:BA:F4:A3:25:9A:B2:DF:AD:80:92:A1:9E:ED
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/TsI2YoOxpLr0oyWast-tgJKhnu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e170::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:86:a4:43:94:ad:d2:a0:86:9c:84:f4:17:21:4a:6e:34:49:
         38:d6:c0:bf:b7:e5:00:4f:5d:35:59:2e:81:30:1e:26:cf:46:
         13:d2:8d:b5:cb:d9:49:2b:bf:f8:58:6c:36:ec:b5:07:2f:d0:
         1d:65:b4:8b:d8:2e:7c:cf:da:b3:1d:38:83:82:12:18:49:46:
         50:ff:5c:f2:e7:1b:ba:3d:90:c0:1c:65:6f:a7:8a:92:d4:f4:
         25:f4:ab:43:b3:c2:b4:a3:25:9d:ad:5b:2b:c1:f0:cd:3e:a7:
         58:b3:66:39:da:9c:e0:9f:23:ef:ae:4e:69:93:d8:d9:67:96:
         5d:af:2e:c3:0d:64:b1:cb:13:13:e0:b8:f4:f4:45:96:4b:88:
         7f:ec:c4:91:d2:14:f5:4d:dc:87:45:41:df:c8:7e:69:e5:33:
         a5:4e:da:77:fc:36:2c:30:a4:f6:08:42:a7:48:97:26:a9:30:
         0b:d0:ae:a1:31:95:3e:c9:38:2d:05:f3:04:20:5f:5a:da:41:
         a7:26:31:9f:6b:28:81:02:bc:14:aa:30:f7:91:87:a4:32:81:
         7b:4f:e1:f1:14:e9:0a:84:aa:de:66:ff:a3:4a:93:66:95:9a:
         3e:9d:71:f6:3f:f3:3c:1c:83:7b:58:d0:61:ad:98:bc:ee:fa:
         0d:b8:18:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4OF3I4T7thGjFltTjT3kuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMzA1MTAxMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWMyMzY2MjgzYjFhNGJhZjRhMzI1OWFiMmRmYWQ4MDkyYTE5ZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPybF3xONzJwJobVNEzG766/Ksu9
RZ7HFCve6PDomaNVUJs5ciJMSuuSbfNgKj+VKpUQgFSTxYm6wTqyeJcqGUCiNARQ
1OtXfENUhxEbDLSwYtYksGnINSRf/Y509BcwM9pmCb4JAkQlNyKOhl/PjGyQmK7P
izkJn+C/Iln+uqwEdTOToUxwaoZE7X+jCKO0WpfiOS1M/5O7djQR/i/AKMMg0qbH
jOjnQC3ok/n87Wphz3wQmdlitfr9Pi6fp0QKGvTK8j9TA5gXkNkyPGAcYASGKXF2
vBlYgx5g8NVvO2ky7/N5ccqUX7kD5lXgD3aZwvFUd2Z1Zo46mbuOrYdd5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE7CNmKDsaS69KMlmrLfrYCSoZ7tMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvVHNJMllvT3hwTHIwb3lXYXN0LXRnSktobnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Fw
MA0GCSqGSIb3DQEBCwUAA4IBAQBhhqRDlK3SoIachPQXIUpuNEk41sC/t+UAT101
WS6BMB4mz0YT0o21y9lJK7/4WGw27LUHL9AdZbSL2C58z9qzHTiDghIYSUZQ/1zy
5xu6PZDAHGVvp4qS1PQl9KtDs8K0oyWdrVsrwfDNPqdYs2Y52pzgnyPvrk5pk9jZ
Z5Zdry7DDWSxyxMT4Lj09EWWS4h/7MSR0hT1TdyHRUHfyH5p5TOlTtp3/DYsMKT2
CEKnSJcmqTAL0K6hMZU+yTgtBfMEIF9a2kGnJjGfayiBArwUqjD3kYekMoF7T+Hx
FOkKhKreZv+jSpNmlZo+nXH2P/M8HIN7WNBhrZi87voNuBga
-----END CERTIFICATE-----