Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Yg0Th5iIwsajRQt54ytYpixNGL8.roa
File:                     Yg0Th5iIwsajRQt54ytYpixNGL8.roa (raw, json)
Hash identifier:          dUDb0Ifq1cOOV0fykr772tpo+nGLJMN/lTSygUytoew=
Subject key identifier:   62:0D:13:87:98:88:C2:C6:A3:45:0B:79:E3:2B:58:A6:2C:4D:18:BF
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2ED24BD8B3D089E2E3EAE0410787
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Yg0Th5iIwsajRQt54ytYpixNGL8.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203874
IP address blocks:        2a0e:aa07:e046::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2e:d2:4b:d8:b3:d0:89:e2:e3:ea:e0:41:07:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=620d13879888c2c6a3450b79e32b58a62c4d18bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:82:e0:2b:c4:d8:bf:39:af:0e:25:25:fb:0e:
                    ef:f9:94:65:6d:06:69:a3:0a:33:76:2f:49:f4:33:
                    6f:d4:05:c7:37:c3:25:94:ba:4f:86:d8:c4:27:89:
                    46:7e:e8:3e:df:14:d4:d5:b8:c0:f2:ec:b4:50:98:
                    32:55:68:fd:e3:77:f5:a8:51:0a:2a:c5:62:f7:1a:
                    9e:f6:7b:5b:8b:99:e7:ec:fa:88:73:10:e4:6a:21:
                    79:eb:92:83:d9:50:5a:2a:bf:c5:12:33:6a:d4:c1:
                    7e:a3:22:90:99:e6:5a:a8:84:f6:b4:2e:ae:21:0e:
                    ee:2d:dc:88:71:cf:88:06:7d:b8:dc:2a:a9:8f:72:
                    1d:f3:59:9e:8a:98:89:e7:f6:b8:47:f0:a2:06:5c:
                    bf:c2:fa:30:8a:7f:a1:0c:35:38:f6:79:82:de:61:
                    e7:f4:2a:fd:95:ac:28:95:03:45:bb:1a:ca:66:4d:
                    97:c6:42:10:7d:6d:a5:35:68:42:8e:91:2e:cc:17:
                    a9:4d:c4:90:50:4f:40:05:02:55:a7:4e:7b:5e:f0:
                    d9:fd:fd:69:7d:6a:3d:0c:92:e3:61:0e:6f:a8:72:
                    31:da:5b:50:38:7e:b0:41:c4:17:46:a1:ef:fd:e6:
                    b6:73:40:3c:a3:db:e6:62:74:b4:89:90:7d:01:4a:
                    2b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0D:13:87:98:88:C2:C6:A3:45:0B:79:E3:2B:58:A6:2C:4D:18:BF
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Yg0Th5iIwsajRQt54ytYpixNGL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e046::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:fd:a8:5f:16:0c:2f:e2:35:05:10:82:81:b9:d7:5e:d6:52:
         13:64:75:cc:91:e9:dc:b4:a4:33:16:be:19:4c:f2:21:ef:24:
         73:a7:ec:5a:d7:b3:15:18:bd:31:23:8c:71:cd:37:2f:5b:03:
         7d:c5:92:05:88:a4:ab:de:cb:51:a9:e2:b2:20:fe:55:4a:00:
         f3:8e:ed:6d:b7:9a:23:72:09:2e:23:d6:0b:4f:c4:a5:0b:98:
         2f:fe:70:5f:5a:72:66:7b:b7:35:57:53:ca:ee:c8:e3:3a:67:
         d3:0d:9f:4d:c4:7d:eb:1f:25:cb:d9:af:a0:0f:c1:45:be:20:
         5e:e0:cf:38:11:2b:c5:c8:24:55:59:0c:66:4c:d7:0a:f4:49:
         18:af:f1:71:e1:0e:28:1d:38:07:a4:3d:d3:ed:bd:de:e0:06:
         41:a2:0f:6f:4b:65:7f:bf:ed:18:e2:d9:1e:dc:a7:90:6e:96:
         3a:aa:30:04:00:5a:cd:41:0e:0a:d5:31:1a:d9:47:21:7f:8d:
         f8:7e:26:ac:7b:23:54:ed:f8:c2:21:9b:87:18:db:55:45:c8:
         c8:ea:e2:3a:4a:e0:4c:86:b7:54:fe:39:9c:a4:01:0d:3e:cd:
         00:d3:2b:a5:4b:e4:f4:6f:14:16:60:a6:de:bd:d5:84:98:3e:
         ff:69:1b:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbS7SS9iz0Ini4+rgQQeHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBkMTM4Nzk4ODhjMmM2YTM0NTBiNzllMzJiNThhNjJjNGQxOGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4LgK8TYvzmvDiUl+w7v+ZRlbQZp
owozdi9J9DNv1AXHN8MllLpPhtjEJ4lGfug+3xTU1bjA8uy0UJgyVWj943f1qFEK
KsVi9xqe9ntbi5nn7PqIcxDkaiF565KD2VBaKr/FEjNq1MF+oyKQmeZaqIT2tC6u
IQ7uLdyIcc+IBn243Cqpj3Id81meipiJ5/a4R/CiBly/wvowin+hDDU49nmC3mHn
9Cr9lawolQNFuxrKZk2XxkIQfW2lNWhCjpEuzBepTcSQUE9ABQJVp057XvDZ/f1p
fWo9DJLjYQ5vqHIx2ltQOH6wQcQXRqHv/ea2c0A8o9vmYnS0iZB9AUor6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGINE4eYiMLGo0ULeeMrWKYsTRi/MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvWWcwVGg1aUl3c2FqUlF0NTR5dFlwaXhOR0w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BG
MA0GCSqGSIb3DQEBCwUAA4IBAQBK/ahfFgwv4jUFEIKBudde1lITZHXMkenctKQz
Fr4ZTPIh7yRzp+xa17MVGL0xI4xxzTcvWwN9xZIFiKSr3stRqeKyIP5VSgDzju1t
t5ojcgkuI9YLT8SlC5gv/nBfWnJme7c1V1PK7sjjOmfTDZ9NxH3rHyXL2a+gD8FF
viBe4M84ESvFyCRVWQxmTNcK9EkYr/Fx4Q4oHTgHpD3T7b3e4AZBog9vS2V/v+0Y
4tke3KeQbpY6qjAEAFrNQQ4K1TEa2Uchf434fiaseyNU7fjCIZuHGNtVRcjI6uI6
SuBMhrdU/jmcpAENPs0A0yulS+T0bxQWYKbevdWEmD7/aRsK
-----END CERTIFICATE-----