Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Yjiz9EEkV6Q6iR0Ahd_7OWOOK9w.roa
File:                     Yjiz9EEkV6Q6iR0Ahd_7OWOOK9w.roa (raw, json)
Hash identifier:          mU52M40PAjfoxlaPy7YEDY/cdY8TQ/6R7lb+Jn7wr/s=
Subject key identifier:   62:38:B3:F4:41:24:57:A4:3A:89:1D:00:85:DF:FB:39:63:8E:2B:DC
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D20B9C5A382C50B56106FF691DC9E
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Yjiz9EEkV6Q6iR0Ahd_7OWOOK9w.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0e:aa02::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:20:b9:c5:a3:82:c5:0b:56:10:6f:f6:91:dc:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6238b3f4412457a43a891d0085dffb39638e2bdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:57:6f:e7:df:ad:73:5a:72:62:48:f7:67:7d:
                    e7:18:e0:96:31:3f:20:4d:91:ce:5b:97:3a:54:6a:
                    73:f5:c6:24:77:d2:90:85:37:ce:8a:23:5b:56:93:
                    bb:99:21:1a:a6:a6:64:1b:18:4d:b9:1f:e6:fe:f2:
                    58:70:34:7e:3f:f5:3b:ad:85:91:c1:d0:6e:ce:6b:
                    b2:df:97:ad:cd:1a:48:61:dc:ba:21:e6:8c:c4:a2:
                    2d:3f:f7:26:e5:bf:7a:08:3b:d6:f8:32:7a:ab:d4:
                    09:e8:9b:c2:b3:f1:e5:61:18:16:d1:37:9f:7e:e0:
                    bb:71:2e:7d:3e:2e:d9:0d:de:fb:a1:3b:0c:59:39:
                    55:ea:8f:f9:0d:26:ce:30:55:6f:bd:26:f4:53:7f:
                    81:72:c1:d9:01:1b:ad:a9:b0:a4:12:65:28:d1:26:
                    89:61:1a:4b:b9:3e:4d:4f:f0:08:9f:97:e5:04:92:
                    ad:33:f4:be:f7:c7:fd:95:ab:f7:84:55:0c:f8:4a:
                    8f:bc:2e:0d:ea:fc:2b:b6:e0:da:6a:6e:81:2d:46:
                    10:ee:93:db:a2:99:86:bb:2f:bf:81:52:78:e7:2d:
                    13:11:6b:44:1c:5c:3c:66:77:73:f8:04:50:07:1d:
                    ac:63:bd:7e:5d:45:4d:ea:2a:4b:6a:d8:f2:20:58:
                    ba:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:38:B3:F4:41:24:57:A4:3A:89:1D:00:85:DF:FB:39:63:8E:2B:DC
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/Yjiz9EEkV6Q6iR0Ahd_7OWOOK9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa02::/40

    Signature Algorithm: sha256WithRSAEncryption
         ac:7f:43:d4:36:7d:94:1c:f7:8b:83:5b:b0:ef:c2:38:17:9f:
         2f:6e:d5:b9:08:a8:e1:0d:33:de:49:56:8b:1c:08:c8:d5:89:
         99:bf:f9:1c:55:59:e8:a0:da:18:46:b2:de:90:dd:50:f5:c4:
         95:1d:e8:b1:c4:cb:59:12:32:dd:f2:de:84:d8:b9:17:d7:e3:
         f1:56:d7:e7:36:57:72:46:14:2e:f1:23:81:1a:5f:31:40:4c:
         cb:78:04:cb:8c:4d:27:4f:b3:1b:22:e8:84:30:04:30:de:5b:
         03:27:e5:71:d1:32:73:e6:52:d5:4b:e4:02:63:65:a4:0b:ed:
         d3:5e:3c:59:4c:29:4e:66:05:82:bb:be:d9:f1:b8:04:8b:be:
         7d:9c:8b:d6:5a:7c:d1:8f:b1:e7:26:dc:a7:a0:0b:0d:24:5f:
         6f:f5:56:f4:63:10:22:c9:bb:ad:02:59:b2:db:d9:a4:cb:ab:
         3e:0c:45:15:9f:3f:f3:7e:d5:32:ff:ca:25:f1:d6:9d:70:a1:
         49:bc:ff:06:7a:52:59:9d:0d:a0:6b:4d:52:b2:27:47:8f:1e:
         0a:ee:a8:7d:9e:98:ab:9e:9d:c0:c1:d2:46:07:5b:b9:b8:2f:
         8e:d0:c9:99:b4:02:fe:c8:75:81:90:a1:a8:fd:30:5b:3c:7b:
         1c:cf:37:59
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzCbSC5xaOCxQtWEG/2kdyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjM4YjNmNDQxMjQ1N2E0M2E4OTFkMDA4NWRmZmIzOTYzOGUyYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFdv59+tc1pyYkj3Z33nGOCWMT8g
TZHOW5c6VGpz9cYkd9KQhTfOiiNbVpO7mSEapqZkGxhNuR/m/vJYcDR+P/U7rYWR
wdBuzmuy35etzRpIYdy6IeaMxKItP/cm5b96CDvW+DJ6q9QJ6JvCs/HlYRgW0Tef
fuC7cS59Pi7ZDd77oTsMWTlV6o/5DSbOMFVvvSb0U3+BcsHZARutqbCkEmUo0SaJ
YRpLuT5NT/AIn5flBJKtM/S+98f9lav3hFUM+EqPvC4N6vwrtuDaam6BLUYQ7pPb
opmGuy+/gVJ45y0TEWtEHFw8Zndz+ARQBx2sY71+XUVN6ipLatjyIFi63wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGI4s/RBJFekOokdAIXf+zljjivcMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvWWppejlFRWtWNlE2aVIwQWhkXzdPV09PSzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg6qAgAw
DQYJKoZIhvcNAQELBQADggEBAKx/Q9Q2fZQc94uDW7DvwjgXny9u1bkIqOENM95J
VoscCMjViZm/+RxVWeig2hhGst6Q3VD1xJUd6LHEy1kSMt3y3oTYuRfX4/FW1+c2
V3JGFC7xI4EaXzFATMt4BMuMTSdPsxsi6IQwBDDeWwMn5XHRMnPmUtVL5AJjZaQL
7dNePFlMKU5mBYK7vtnxuASLvn2ci9ZafNGPsecm3KegCw0kX2/1VvRjECLJu60C
WbLb2aTLqz4MRRWfP/N+1TL/yiXx1p1woUm8/wZ6UlmdDaBrTVKyJ0ePHgruqH2e
mKuencDB0kYHW7m4L47QyZm0Av7IdYGQoaj9MFs8exzPN1k=
-----END CERTIFICATE-----