Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/eV5EIRardteFgKoaaLk6jaF-x3k.roa
File:                     eV5EIRardteFgKoaaLk6jaF-x3k.roa (raw, json)
Hash identifier:          h7fMWK0iDzaWC0AWz/5nA6SHiBKOfX4ch54oD5ziOrM=
Subject key identifier:   79:5E:44:21:16:AB:76:D7:85:80:AA:1A:68:B9:3A:8D:A1:7E:C7:79
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D3B9DB60CC934E2C65D061EBD42EF
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/eV5EIRardteFgKoaaLk6jaF-x3k.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210311
IP address blocks:        2a0e:aa01:aa00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3b:9d:b6:0c:c9:34:e2:c6:5d:06:1e:bd:42:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=795e442116ab76d78580aa1a68b93a8da17ec779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cb:22:3c:3c:0a:01:f0:63:d7:f9:6f:29:a6:
                    3b:1c:bc:59:df:54:66:f3:1c:72:39:70:a0:17:fe:
                    8b:16:7e:70:d8:72:5b:5a:97:04:aa:57:e9:0a:9b:
                    74:d6:98:f3:99:8f:45:3f:19:48:29:07:f5:01:48:
                    72:34:99:5b:e2:a6:b7:85:14:9e:31:db:05:7f:14:
                    30:f2:99:f1:1b:6a:0e:9f:49:84:1c:7a:04:92:2b:
                    9b:27:f5:85:cc:ae:8d:22:fd:ce:18:31:d5:13:16:
                    5a:39:dc:95:4d:81:fb:77:37:12:06:cd:02:49:7a:
                    38:10:10:e4:d8:12:fe:d0:25:a4:34:a3:fa:54:ba:
                    d8:a9:c0:b1:1b:b7:54:0d:6a:08:22:79:aa:b7:a7:
                    9f:e8:89:e8:13:aa:19:4d:b1:18:89:b7:86:13:a0:
                    c3:dd:28:88:7c:23:e8:a0:30:b7:38:6c:c0:18:09:
                    6d:71:2c:4f:87:54:8b:07:cf:ef:9b:07:5c:94:a0:
                    2d:31:70:d5:04:58:32:23:3c:9d:d4:c9:c8:ad:40:
                    57:ee:44:5b:03:65:71:a8:4c:8f:4c:ee:bc:cb:04:
                    69:0b:38:00:17:18:ae:07:b8:f6:fe:8a:3f:f5:79:
                    03:f6:82:d6:3e:f6:a6:86:e6:e2:9a:c2:aa:c6:60:
                    2d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:5E:44:21:16:AB:76:D7:85:80:AA:1A:68:B9:3A:8D:A1:7E:C7:79
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/eV5EIRardteFgKoaaLk6jaF-x3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:aa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:79:06:43:6c:e9:20:be:6b:38:70:3b:28:6f:61:c8:5a:d4:
         5a:fc:e6:38:f9:75:7c:82:67:8e:54:22:4c:0b:d3:d5:43:d3:
         fa:65:01:55:87:63:14:8c:85:80:92:70:bf:72:ed:3f:c7:55:
         69:45:65:39:32:5b:34:57:e8:9f:79:ba:e6:9b:53:ed:91:5f:
         d1:c4:f3:5a:3c:0c:d6:be:84:8a:77:54:e2:7f:e0:b2:2b:b8:
         bd:b8:5a:e4:6a:18:dd:57:32:00:26:a4:51:95:e3:d3:b5:cc:
         10:26:6f:ff:17:8b:c8:24:cc:31:90:2c:1b:b1:4d:5c:fa:2e:
         4d:bd:bd:db:ca:3d:a5:90:3b:17:4d:47:81:92:34:83:a1:23:
         7f:c3:dc:44:3f:12:cb:59:f1:af:b3:d8:8e:3e:2e:94:e4:4e:
         55:18:48:4d:3f:ae:41:7e:7c:7e:c0:1d:27:24:22:45:80:2b:
         9b:7d:23:dd:08:55:2f:53:64:1c:b9:1a:2f:41:dc:d6:3d:f7:
         5e:1d:ff:86:6a:ce:8d:b3:66:7b:72:67:8d:3a:ba:ef:6d:7a:
         9f:cc:eb:ba:4d:5c:59:aa:b7:d7:54:8c:e8:55:05:bc:e8:3e:
         b4:fd:e6:a0:98:72:2e:c4:8c:73:94:eb:9d:94:6e:9d:de:2f:
         7b:29:ec:dc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzCbTudtgzJNOLGXQYevULvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTVlNDQyMTE2YWI3NmQ3ODU4MGFhMWE2OGI5M2E4ZGExN2VjNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8siPDwKAfBj1/lvKaY7HLxZ31Rm
8xxyOXCgF/6LFn5w2HJbWpcEqlfpCpt01pjzmY9FPxlIKQf1AUhyNJlb4qa3hRSe
MdsFfxQw8pnxG2oOn0mEHHoEkiubJ/WFzK6NIv3OGDHVExZaOdyVTYH7dzcSBs0C
SXo4EBDk2BL+0CWkNKP6VLrYqcCxG7dUDWoIInmqt6ef6InoE6oZTbEYibeGE6DD
3SiIfCPooDC3OGzAGAltcSxPh1SLB8/vmwdclKAtMXDVBFgyIzyd1MnIrUBX7kRb
A2VxqEyPTO68ywRpCzgAFxiuB7j2/oo/9XkD9oLWPvamhubimsKqxmAthwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHleRCEWq3bXhYCqGmi5Oo2hfsd5MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvZVY1RUlSYXJkdGVGZ0tvYWFMazZqYUYteDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg6qAaow
DQYJKoZIhvcNAQELBQADggEBAHV5BkNs6SC+azhwOyhvYcha1Fr85jj5dXyCZ45U
IkwL09VD0/plAVWHYxSMhYCScL9y7T/HVWlFZTkyWzRX6J95uuabU+2RX9HE81o8
DNa+hIp3VOJ/4LIruL24WuRqGN1XMgAmpFGV49O1zBAmb/8Xi8gkzDGQLBuxTVz6
Lk29vdvKPaWQOxdNR4GSNIOhI3/D3EQ/EstZ8a+z2I4+LpTkTlUYSE0/rkF+fH7A
HSckIkWAK5t9I90IVS9TZBy5Gi9B3NY9914d/4Zqzo2zZntyZ406uu9tep/M67pN
XFmqt9dUjOhVBbzoPrT95qCYci7EjHOU652Ubp3eL3sp7Nw=
-----END CERTIFICATE-----