Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/d7brt-3v2FYlXVcY8sUGjgF83vc.roa
File:                     d7brt-3v2FYlXVcY8sUGjgF83vc.roa (raw, json)
Hash identifier:          +TllEEFcenHF+IiPkT3f4di/zNiV6DzpJ1tz4v7JI7I=
Subject key identifier:   77:B6:EB:B7:ED:EF:D8:56:25:5D:57:18:F2:C5:06:8E:01:7C:DE:F7
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D403D3F867D15C46E5B2DA8DA8A50
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/d7brt-3v2FYlXVcY8sUGjgF83vc.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211162
IP address blocks:        2a0e:aa07:e01f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:40:3d:3f:86:7d:15:c4:6e:5b:2d:a8:da:8a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77b6ebb7edefd856255d5718f2c5068e017cdef7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fe:fd:27:cc:0c:a4:b9:07:ae:0d:90:bb:26:
                    a6:33:f8:83:ed:69:22:b8:db:3b:93:fd:bc:7a:74:
                    39:0c:ad:7a:d4:a9:be:08:89:54:ef:9c:fa:88:b7:
                    b5:03:00:27:37:82:8c:9b:37:47:0e:32:72:53:35:
                    f7:3d:45:97:0d:b9:a9:20:8c:27:2c:a2:a2:e9:4f:
                    51:c8:1a:29:fa:e0:17:cf:64:30:cb:a7:eb:a6:56:
                    4e:82:42:d9:2f:0e:00:ac:ae:79:0d:e4:0b:07:07:
                    b2:a5:88:b4:b4:7e:44:8e:9e:35:5b:54:5b:dd:2b:
                    71:49:50:c4:8f:11:4a:88:34:c1:fc:a1:c7:0a:68:
                    fb:ef:3f:ee:a2:07:7e:1d:94:de:98:a2:0b:88:8b:
                    f0:6d:97:3a:25:17:47:47:c1:26:5e:0b:8d:71:18:
                    48:91:fd:db:15:a8:cf:8b:b6:0d:f5:52:fd:09:01:
                    08:16:ad:55:cf:5b:da:fe:91:95:31:79:bd:2b:14:
                    e8:2c:23:0a:6a:30:c9:af:b4:4f:e3:be:b9:43:1c:
                    cd:6c:3e:56:08:b9:84:21:8e:c3:6c:04:9a:7e:80:
                    54:14:73:1a:f3:9a:ad:fe:2e:c7:e3:65:e2:94:e3:
                    c2:6b:a0:d3:01:b7:50:be:95:7d:0e:2b:69:b2:3e:
                    28:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B6:EB:B7:ED:EF:D8:56:25:5D:57:18:F2:C5:06:8E:01:7C:DE:F7
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/d7brt-3v2FYlXVcY8sUGjgF83vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e01f::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:8e:31:d4:6e:ad:c8:c5:4d:9d:45:ab:16:94:81:80:1f:d6:
         f0:b8:1d:b2:28:69:2e:82:e2:83:94:0a:7f:a5:5e:46:cf:7a:
         df:85:f0:11:36:85:1e:df:49:ed:4e:9f:5d:e9:b5:58:44:f7:
         a3:ca:56:88:ed:a3:5f:12:71:41:3b:3b:e6:3b:ac:10:05:14:
         3c:e0:f7:44:e7:ad:80:be:59:88:5b:2f:48:26:73:e8:d2:54:
         2c:be:94:a3:9b:44:3c:82:b4:67:f4:c5:36:bb:0a:cc:c0:b9:
         5c:c1:db:57:b3:93:04:ae:50:5b:83:66:c3:af:f4:f7:6b:98:
         d0:05:61:3f:6c:5e:8c:58:f1:d0:fc:18:f7:c7:6c:bc:9f:54:
         23:39:98:66:6f:66:3d:ee:97:ee:72:44:ab:3f:66:b0:c6:32:
         f9:90:ca:9a:26:5d:db:4f:85:77:97:f2:81:fa:14:30:8a:2c:
         db:80:45:0b:e5:00:53:10:2d:23:a4:2d:58:7e:2c:09:b9:b6:
         6d:49:ae:30:69:89:88:21:70:f4:69:bc:62:f4:5e:c6:52:b7:
         f5:74:b2:de:9e:a5:57:38:dd:e4:69:9b:41:e7:58:f1:e1:63:
         d5:3e:33:7a:e9:b6:c9:01:86:19:ab:86:c5:64:ef:fa:d0:e8:
         bb:63:24:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUA9P4Z9FcRuWy2o2opQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2I2ZWJiN2VkZWZkODU2MjU1ZDU3MThmMmM1MDY4ZTAxN2NkZWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgv79J8wMpLkHrg2QuyamM/iD7Wki
uNs7k/28enQ5DK161Km+CIlU75z6iLe1AwAnN4KMmzdHDjJyUzX3PUWXDbmpIIwn
LKKi6U9RyBop+uAXz2Qwy6frplZOgkLZLw4ArK55DeQLBweypYi0tH5Ejp41W1Rb
3StxSVDEjxFKiDTB/KHHCmj77z/uogd+HZTemKILiIvwbZc6JRdHR8EmXguNcRhI
kf3bFajPi7YN9VL9CQEIFq1Vz1va/pGVMXm9KxToLCMKajDJr7RP4765QxzNbD5W
CLmEIY7DbASafoBUFHMa85qt/i7H42XilOPCa6DTAbdQvpV9Ditpsj4oLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHe267ft79hWJV1XGPLFBo4BfN73MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvZDdicnQtM3YyRllsWFZjWThzVUdqZ0Y4M3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Af
MA0GCSqGSIb3DQEBCwUAA4IBAQBKjjHUbq3IxU2dRasWlIGAH9bwuB2yKGkuguKD
lAp/pV5Gz3rfhfARNoUe30ntTp9d6bVYRPejylaI7aNfEnFBOzvmO6wQBRQ84PdE
562AvlmIWy9IJnPo0lQsvpSjm0Q8grRn9MU2uwrMwLlcwdtXs5MErlBbg2bDr/T3
a5jQBWE/bF6MWPHQ/Bj3x2y8n1QjOZhmb2Y97pfuckSrP2awxjL5kMqaJl3bT4V3
l/KB+hQwiizbgEUL5QBTEC0jpC1YfiwJubZtSa4waYmIIXD0abxi9F7GUrf1dLLe
nqVXON3kaZtB51jx4WPVPjN66bbJAYYZq4bFZO/60Oi7YySy
-----END CERTIFICATE-----