Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/_CEO-gnv0O0hjtIBKAN0u8W36G0.roa
File:                     _CEO-gnv0O0hjtIBKAN0u8W36G0.roa (raw, json)
Hash identifier:          KPyog60Osxt1CQA8nU8AhYF4qQ1Oj5zm92GRrl3GlQw=
Subject key identifier:   FC:21:0E:FA:09:EF:D0:ED:21:8E:D2:01:28:03:74:BB:C5:B7:E8:6D
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D31B6E58FCC0FB948246DB9C51C2E
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/_CEO-gnv0O0hjtIBKAN0u8W36G0.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206499
IP address blocks:        2a0e:aa01::/32 maxlen: 32
                          2a0e:aa01:bad0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:31:b6:e5:8f:cc:0f:b9:48:24:6d:b9:c5:1c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc210efa09efd0ed218ed201280374bbc5b7e86d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3c:5b:ce:c6:99:c5:3a:70:51:f1:80:48:5c:
                    96:7c:46:f2:f1:e7:78:cc:3e:0a:de:52:7b:05:06:
                    63:1b:0e:40:99:0c:93:28:c7:27:22:64:4c:e4:6f:
                    92:a9:b3:95:41:02:98:04:79:ef:ad:b8:9a:54:a3:
                    65:a5:8f:a4:04:6e:dc:1f:62:a6:1f:11:12:7b:4e:
                    b7:24:04:d1:3f:66:80:6b:06:b2:99:4f:58:71:9d:
                    65:ac:16:8e:7b:fd:82:84:8f:40:a6:9c:1c:7e:5b:
                    ee:3c:df:49:73:4d:0b:bc:6a:85:b6:f4:1c:39:14:
                    a1:ab:00:ca:18:6d:04:bb:22:66:9f:c6:94:bd:44:
                    56:f2:66:a3:d2:42:0e:c6:3d:f2:9a:83:06:5a:0d:
                    06:67:da:0f:f7:ce:c0:8b:41:ca:5c:7e:50:d9:34:
                    a2:4f:4a:fa:07:71:7b:e2:55:c6:85:9d:45:66:11:
                    a1:c9:9a:3c:f9:fd:04:22:85:4b:06:ca:21:eb:a4:
                    2e:b1:8c:92:d9:e8:d3:27:b1:c7:21:2b:bd:8d:96:
                    05:e7:50:0a:ef:92:0e:ec:47:26:a5:9f:37:65:7b:
                    62:16:37:76:25:26:35:f0:6b:90:ec:c8:e0:e3:30:
                    27:9b:d6:b8:82:0b:0e:c0:85:14:c3:7c:25:8e:b6:
                    e1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:21:0E:FA:09:EF:D0:ED:21:8E:D2:01:28:03:74:BB:C5:B7:E8:6D
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/_CEO-gnv0O0hjtIBKAN0u8W36G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:be:2a:e4:a4:a1:40:2f:3f:11:44:83:7c:23:65:d7:eb:ae:
         4a:2d:f4:8c:7a:f9:5c:7d:71:44:84:ff:11:fd:40:70:61:2e:
         fe:fa:57:79:46:24:93:e2:5f:3d:3d:63:44:c2:7e:d0:82:af:
         42:7a:d0:7f:ed:53:7e:64:59:a7:2d:ce:b7:fe:66:f7:ba:fd:
         7b:d8:eb:58:7f:ed:be:fa:fc:1d:88:3c:c3:56:3e:b6:32:9c:
         d3:6c:cb:90:ae:5a:e8:09:26:2e:56:2f:f9:f6:42:f1:71:43:
         28:be:12:b7:d6:ec:c4:5b:cf:b6:b6:67:4d:a1:71:10:6c:9b:
         cd:75:3b:95:ce:40:15:0e:76:37:43:1b:f8:8d:68:35:8a:2c:
         40:6e:71:23:26:00:81:59:42:ec:35:7f:c4:bf:fe:19:b8:27:
         98:19:50:bf:ab:ba:6e:3e:a5:87:dc:ea:91:8c:f1:a2:9c:74:
         3a:80:a7:b6:ee:e2:88:d4:f1:7a:35:df:57:61:8e:9e:f2:ec:
         c4:b4:d6:6f:2e:d6:be:5a:2a:d5:1e:13:d1:dc:da:dd:56:f5:
         82:b8:d3:d3:0e:68:20:9f:ba:e9:87:22:ee:d5:0a:64:f2:d0:
         29:32:25:35:f7:3a:51:9c:10:a9:2e:d2:d6:61:de:36:90:7b:
         65:c9:1e:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbTG25Y/MD7lIJG25xRwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzIxMGVmYTA5ZWZkMGVkMjE4ZWQyMDEyODAzNzRiYmM1YjdlODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzxbzsaZxTpwUfGASFyWfEby8ed4
zD4K3lJ7BQZjGw5AmQyTKMcnImRM5G+SqbOVQQKYBHnvrbiaVKNlpY+kBG7cH2Km
HxESe063JATRP2aAawaymU9YcZ1lrBaOe/2ChI9AppwcflvuPN9Jc00LvGqFtvQc
ORShqwDKGG0EuyJmn8aUvURW8maj0kIOxj3ymoMGWg0GZ9oP987Ai0HKXH5Q2TSi
T0r6B3F74lXGhZ1FZhGhyZo8+f0EIoVLBsoh66QusYyS2ejTJ7HHISu9jZYF51AK
75IO7EcmpZ83ZXtiFjd2JSY18GuQ7Mjg4zAnm9a4ggsOwIUUw3wljrbhfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPwhDvoJ79DtIY7SASgDdLvFt+htMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvX0NFTy1nbnYwTzBoanRJQktBTjB1OFczNkcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6qATAN
BgkqhkiG9w0BAQsFAAOCAQEAK74q5KShQC8/EUSDfCNl1+uuSi30jHr5XH1xRIT/
Ef1AcGEu/vpXeUYkk+JfPT1jRMJ+0IKvQnrQf+1TfmRZpy3Ot/5m97r9e9jrWH/t
vvr8HYg8w1Y+tjKc02zLkK5a6AkmLlYv+fZC8XFDKL4St9bsxFvPtrZnTaFxEGyb
zXU7lc5AFQ52N0Mb+I1oNYosQG5xIyYAgVlC7DV/xL/+GbgnmBlQv6u6bj6lh9zq
kYzxopx0OoCntu7iiNTxejXfV2GOnvLsxLTWby7Wvloq1R4T0dza3Vb1grjT0w5o
IJ+66Yci7tUKZPLQKTIlNfc6UZwQqS7S1mHeNpB7Zcke7w==
-----END CERTIFICATE-----