Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/U9vbY_AFeS7bULm4UquP6vc7nHc.roa
File:                     U9vbY_AFeS7bULm4UquP6vc7nHc.roa (raw, json)
Hash identifier:          XjYT7EB0gRPkJZmilG/vzw2xEAr67y06se9RwdaqjCg=
Subject key identifier:   53:DB:DB:63:F0:05:79:2E:DB:50:B9:B8:52:AB:8F:EA:F7:3B:9C:77
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2985ABB2E5F9AC4EA58BFAFF0967
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/U9vbY_AFeS7bULm4UquP6vc7nHc.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197626
IP address blocks:        2a0e:aa07:e0f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:29:85:ab:b2:e5:f9:ac:4e:a5:8b:fa:ff:09:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53dbdb63f005792edb50b9b852ab8feaf73b9c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:70:91:75:de:b0:98:3c:8d:51:cd:4e:ca:b9:
                    18:24:58:ad:1e:6e:85:bb:e0:62:91:d4:4d:49:6b:
                    e3:fa:13:67:73:56:65:ed:b6:ac:0f:0e:5b:01:03:
                    64:3c:ad:ea:d1:44:81:8c:43:1a:1e:fe:11:51:88:
                    c5:3f:56:6b:10:af:58:a9:8d:4a:e9:10:ae:f0:03:
                    60:ba:79:c1:85:f9:47:ff:68:43:82:11:53:b2:06:
                    08:51:66:e3:50:a3:0d:fa:5d:81:ea:68:28:6e:dd:
                    1a:e0:af:f7:a6:e7:65:d2:6b:8c:5f:8b:1d:f1:7b:
                    b8:83:30:3e:23:d4:2b:a9:7b:39:b3:33:01:fc:9e:
                    34:37:df:5f:40:eb:0c:ec:51:2a:28:e4:4f:68:3c:
                    5a:22:80:bc:5c:5b:be:ea:ea:9f:40:f4:8f:0f:cd:
                    83:b6:64:f8:56:83:32:6f:2a:19:aa:9e:c2:8c:22:
                    30:f5:2e:ab:dd:2a:92:5b:ae:d8:48:68:20:3f:a6:
                    38:8c:75:2e:91:96:df:c3:3e:77:82:c2:4a:84:97:
                    78:3b:2e:02:a2:a1:72:7e:e3:ba:c8:a8:94:9b:41:
                    9c:68:e2:73:95:78:dd:ff:6d:87:9b:1e:eb:37:75:
                    c3:57:cb:48:01:a1:d4:a3:76:94:77:91:8a:67:0b:
                    27:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:DB:DB:63:F0:05:79:2E:DB:50:B9:B8:52:AB:8F:EA:F7:3B:9C:77
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/U9vbY_AFeS7bULm4UquP6vc7nHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e0f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7c:c0:7b:0e:55:a2:f3:28:23:0b:da:a9:43:df:16:1d:c8:e2:
         da:21:dc:0e:c1:93:d6:06:d0:e5:cc:39:ff:2d:8c:0f:61:63:
         90:84:39:54:4e:51:ba:f5:41:61:c1:74:11:b1:f0:da:45:d0:
         c7:b9:d4:1e:8f:83:fd:97:c8:b3:03:d3:03:ae:00:63:bd:25:
         1c:2e:33:19:c7:0f:1f:15:cd:8f:5c:66:b8:01:2d:d2:40:19:
         2e:3e:af:1e:47:c1:3a:3b:63:ad:27:02:0c:9e:eb:db:3a:ae:
         64:1c:87:5c:9c:3f:44:2a:3c:6e:ae:00:6b:55:f6:18:e5:f3:
         00:40:d0:4a:88:76:06:50:06:0d:ab:9e:3c:d5:db:2e:50:48:
         02:eb:ff:76:36:33:14:a0:a7:24:b4:9a:f0:ae:1c:4a:54:55:
         92:24:62:11:de:35:e9:20:9d:82:42:8f:ad:0f:c0:34:99:b9:
         b6:dc:eb:a1:34:f8:71:f9:e7:f9:ae:9d:15:50:61:82:55:6a:
         70:69:cc:3e:7d:16:fc:f5:62:4a:91:6f:75:51:7e:a0:13:1d:
         97:de:d5:e1:79:40:58:88:86:b6:b8:d4:5d:7c:67:2c:4d:9f:
         b6:44:16:fc:0c:f2:9f:da:fa:6a:cb:15:21:5d:e5:87:6f:1d:
         86:c4:5d:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSmFq7Ll+axOpYv6/wlnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2RiZGI2M2YwMDU3OTJlZGI1MGI5Yjg1MmFiOGZlYWY3M2I5Yzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynCRdd6wmDyNUc1OyrkYJFitHm6F
u+BikdRNSWvj+hNnc1Zl7basDw5bAQNkPK3q0USBjEMaHv4RUYjFP1ZrEK9YqY1K
6RCu8ANgunnBhflH/2hDghFTsgYIUWbjUKMN+l2B6mgobt0a4K/3pudl0muMX4sd
8Xu4gzA+I9QrqXs5szMB/J40N99fQOsM7FEqKORPaDxaIoC8XFu+6uqfQPSPD82D
tmT4VoMybyoZqp7CjCIw9S6r3SqSW67YSGggP6Y4jHUukZbfwz53gsJKhJd4Oy4C
oqFyfuO6yKiUm0GcaOJzlXjd/22Hmx7rN3XDV8tIAaHUo3aUd5GKZwsn3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFPb22PwBXku21C5uFKrj+r3O5x3MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvVTl2YllfQUZlUzdiVUxtNFVxdVA2dmM3bkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Dw
MA0GCSqGSIb3DQEBCwUAA4IBAQB8wHsOVaLzKCML2qlD3xYdyOLaIdwOwZPWBtDl
zDn/LYwPYWOQhDlUTlG69UFhwXQRsfDaRdDHudQej4P9l8izA9MDrgBjvSUcLjMZ
xw8fFc2PXGa4AS3SQBkuPq8eR8E6O2OtJwIMnuvbOq5kHIdcnD9EKjxurgBrVfYY
5fMAQNBKiHYGUAYNq5481dsuUEgC6/92NjMUoKcktJrwrhxKVFWSJGIR3jXpIJ2C
Qo+tD8A0mbm23OuhNPhx+ef5rp0VUGGCVWpwacw+fRb89WJKkW91UX6gEx2X3tXh
eUBYiIa2uNRdfGcsTZ+2RBb8DPKf2vpqyxUhXeWHbx2GxF3h
-----END CERTIFICATE-----