Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZgVECq2hDAcWd1jw5FE91LQH_aI.roa
File:                     ZgVECq2hDAcWd1jw5FE91LQH_aI.roa (raw, json)
Hash identifier:          XT/92e7qr1HhCkMO9yxXGwwDmnU/di7/YtpNlUBudzk=
Subject key identifier:   66:05:44:0A:AD:A1:0C:07:16:77:58:F0:E4:51:3D:D4:B4:07:FD:A2
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D47054DD2ABACE1E1B232D5613A2A
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZgVECq2hDAcWd1jw5FE91LQH_aI.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216299
IP address blocks:        2a0e:aa07:e140::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:05:4d:d2:ab:ac:e1:e1:b2:32:d5:61:3a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6605440aada10c07167758f0e4513dd4b407fda2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1a:26:1a:77:bb:a1:ec:ff:c5:5f:8e:b7:af:
                    2e:f5:44:e9:c8:85:a6:43:4f:e3:2b:cd:0a:05:d3:
                    69:14:03:c5:e3:13:12:1b:0f:7e:20:86:b3:eb:f6:
                    bc:d4:09:a2:c7:5b:8b:5e:ea:0c:92:b2:a4:c4:0f:
                    6e:ec:8e:d0:a6:80:55:58:fd:99:8a:2d:ab:d6:17:
                    b9:34:78:93:e4:9a:17:ee:8f:8d:d7:9f:8b:45:1a:
                    3f:61:4a:34:4a:d9:69:19:8c:57:70:97:2f:68:6a:
                    77:21:a8:06:75:9e:98:36:90:ff:e6:b8:31:47:76:
                    70:4a:f6:e8:44:53:59:78:cd:86:b5:75:20:33:73:
                    ed:a9:ab:93:ca:de:89:9b:b3:dd:d3:15:03:91:4b:
                    6f:54:6e:cb:0d:4d:ec:08:e7:49:02:bb:c9:b5:1c:
                    5e:8e:d4:07:de:38:81:60:b2:ba:4a:38:45:b1:07:
                    92:30:90:1c:b8:a9:f5:2d:3e:93:db:88:3e:e3:8f:
                    78:54:76:ac:14:55:a2:46:8b:17:fe:71:58:b4:c0:
                    25:ef:d8:3a:f8:be:d2:3d:a1:d0:e8:71:a7:87:f6:
                    f2:99:42:d5:94:44:3e:5c:45:d6:c0:2b:38:fe:0b:
                    43:6e:82:3d:1f:8a:f1:c9:fd:10:a6:5a:a5:16:af:
                    ce:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:05:44:0A:AD:A1:0C:07:16:77:58:F0:E4:51:3D:D4:B4:07:FD:A2
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ZgVECq2hDAcWd1jw5FE91LQH_aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e140::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:df:12:bd:15:cb:b4:00:79:c5:96:7b:13:3a:60:db:a0:1a:
         58:9d:2b:a2:2b:d8:dd:a8:f0:fb:ea:55:a0:42:f3:df:99:ed:
         ca:cb:9c:d8:e3:70:ef:45:fd:e2:df:6b:a0:38:1d:03:e5:d8:
         96:3c:2f:8f:e2:6a:d3:4c:70:57:3a:ec:22:56:10:a0:3f:f5:
         d7:65:90:c9:39:47:c5:11:c9:cb:c9:01:7a:99:a0:97:75:45:
         ac:c4:76:5f:a9:e8:54:70:35:a5:fe:e3:6d:56:e8:08:ef:c1:
         3e:95:51:80:50:cf:ac:6a:dc:9a:af:44:18:24:c2:f9:55:4b:
         d8:fb:0c:ce:27:cd:1d:d9:77:76:c9:d3:69:d5:5a:80:32:77:
         f6:e6:71:c3:49:ad:c2:c5:f4:4b:cc:0c:41:ad:5e:02:4f:84:
         47:c3:f6:d0:44:42:cc:c6:35:bc:b7:41:88:bf:2d:bd:b8:65:
         c8:01:1b:f2:f2:7a:37:22:e5:aa:73:2e:9f:34:28:52:84:28:
         5a:d6:3e:44:48:ea:e6:52:21:36:d1:57:78:2c:0e:8b:15:f9:
         f7:1e:fd:5c:4e:56:e9:35:30:9a:ae:79:6f:dc:12:49:96:ab:
         e4:60:9f:01:59:9d:25:00:b6:b9:3b:90:b6:d0:79:09:91:0a:
         29:3a:fb:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUcFTdKrrOHhsjLVYToqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjA1NDQwYWFkYTEwYzA3MTY3NzU4ZjBlNDUxM2RkNGI0MDdmZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRomGne7oez/xV+Ot68u9UTpyIWm
Q0/jK80KBdNpFAPF4xMSGw9+IIaz6/a81Amix1uLXuoMkrKkxA9u7I7QpoBVWP2Z
ii2r1he5NHiT5JoX7o+N15+LRRo/YUo0StlpGYxXcJcvaGp3IagGdZ6YNpD/5rgx
R3ZwSvboRFNZeM2GtXUgM3PtqauTyt6Jm7Pd0xUDkUtvVG7LDU3sCOdJArvJtRxe
jtQH3jiBYLK6SjhFsQeSMJAcuKn1LT6T24g+4494VHasFFWiRosX/nFYtMAl79g6
+L7SPaHQ6HGnh/bymULVlEQ+XEXWwCs4/gtDboI9H4rxyf0QplqlFq/OTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGYFRAqtoQwHFndY8ORRPdS0B/2iMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvWmdWRUNxMmhEQWNXZDFqdzVGRTkxTFFIX2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+FA
MA0GCSqGSIb3DQEBCwUAA4IBAQAE3xK9Fcu0AHnFlnsTOmDboBpYnSuiK9jdqPD7
6lWgQvPfme3Ky5zY43DvRf3i32ugOB0D5diWPC+P4mrTTHBXOuwiVhCgP/XXZZDJ
OUfFEcnLyQF6maCXdUWsxHZfqehUcDWl/uNtVugI78E+lVGAUM+satyar0QYJML5
VUvY+wzOJ80d2Xd2ydNp1VqAMnf25nHDSa3CxfRLzAxBrV4CT4RHw/bQRELMxjW8
t0GIvy29uGXIARvy8no3IuWqcy6fNChShCha1j5ESOrmUiE20Vd4LA6LFfn3Hv1c
TlbpNTCarnlv3BJJlqvkYJ8BWZ0lALa5O5C20HkJkQopOvtI
-----END CERTIFICATE-----