Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/hFqANFlBKnAv5eJDOMVTkHzaleM.roa
File:                     hFqANFlBKnAv5eJDOMVTkHzaleM.roa (raw, json)
Hash identifier:          JgRjMVn5qzNmFMik62ArgfblKRUsQ+HK6cD877VsnYs=
Subject key identifier:   84:5A:80:34:59:41:2A:70:2F:E5:E2:43:38:C5:53:90:7C:DA:95:E3
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D3229D70341B1A6673D84147C134A
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/hFqANFlBKnAv5eJDOMVTkHzaleM.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207454
IP address blocks:        2a0e:aa07:e00a::/48 maxlen: 48
                          2a0e:aa06:480::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:32:29:d7:03:41:b1:a6:67:3d:84:14:7c:13:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=845a803459412a702fe5e24338c553907cda95e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b3:5a:6d:46:f4:4e:35:1d:9b:e7:c1:2f:52:
                    15:77:93:96:dd:0d:97:f9:a3:79:80:d2:44:f9:ce:
                    69:3d:7e:95:ef:08:8b:2b:64:e6:9b:7d:37:58:7f:
                    4b:69:4e:42:de:d2:c2:90:e4:0a:8f:07:e4:1c:84:
                    df:c8:fa:9f:58:ae:e9:e6:84:9b:6e:bf:ef:d7:a4:
                    d1:a1:62:95:1f:90:26:57:60:ef:bd:13:41:32:25:
                    33:ab:13:31:af:11:e1:8a:87:94:71:6e:aa:3f:bc:
                    90:53:b2:d9:94:19:1f:ca:2a:07:33:cc:2d:d7:7b:
                    53:b0:97:6a:31:91:72:b9:6a:70:bb:9c:69:12:ce:
                    b1:d9:8c:60:c9:f0:e3:8b:cd:4f:64:38:f2:22:5d:
                    bb:f3:f4:6e:b7:62:7b:fc:6c:e3:b0:c2:3b:a4:0e:
                    e5:5e:f1:44:04:72:c2:fc:6d:87:00:b4:90:29:8c:
                    14:dc:ad:f3:fb:aa:83:47:e9:ba:d1:56:8a:03:cc:
                    e1:c8:4c:d0:a0:84:65:20:7c:c5:a8:ff:80:48:7c:
                    52:6b:e2:08:d9:a8:4d:ac:19:2d:78:4b:da:fd:03:
                    bb:15:a1:d1:c8:92:20:2e:5f:ed:3e:71:ca:2e:08:
                    e3:8e:49:c6:6d:df:b7:65:b6:90:b6:11:64:fb:11:
                    af:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:5A:80:34:59:41:2A:70:2F:E5:E2:43:38:C5:53:90:7C:DA:95:E3
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/hFqANFlBKnAv5eJDOMVTkHzaleM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:480::/44
                  2a0e:aa07:e00a::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:44:bc:d2:df:7c:9b:8d:df:8b:28:f1:2b:4b:c6:14:56:01:
         4d:08:83:80:3a:fc:cd:08:78:36:e3:aa:fe:22:58:c7:d3:1a:
         28:6a:c7:bf:e1:b8:7c:87:08:5b:2b:04:06:b5:3b:8b:b7:5d:
         26:fd:2a:00:a7:2c:b7:e9:18:f1:94:92:ad:e4:af:dc:02:21:
         96:b1:ec:0a:0d:a1:6b:e7:20:3d:49:55:80:cb:0a:fb:40:38:
         6d:b3:de:bb:c3:e1:2e:8d:52:93:67:48:de:74:1e:72:ef:52:
         f0:cd:48:d6:78:ad:a2:1b:b6:c2:af:cd:6f:c5:0d:1d:8e:ab:
         3c:ad:b3:b2:d4:ca:a9:6d:9f:d6:26:69:5b:76:9d:d4:1c:da:
         74:b2:0c:42:cf:9f:ca:08:a4:c5:de:ce:18:6f:ce:7a:28:ce:
         b4:fb:2d:a8:8d:36:f6:46:51:16:a4:0b:d5:cf:c7:ae:45:5a:
         62:d1:e1:54:78:c2:dc:7e:6c:4a:b3:90:e8:e4:f1:96:ec:02:
         82:5c:37:71:42:55:f3:52:c6:7e:0f:40:86:65:c0:11:f2:db:
         35:de:e3:fe:e4:e9:99:c1:e4:a0:ef:f0:54:31:4e:f5:9a:a3:
         27:8b:c3:b0:a9:d5:ed:86:f5:9b:94:08:cf:0b:92:6b:06:a7:
         c9:38:ed:f2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbTIp1wNBsaZnPYQUfBNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDVhODAzNDU5NDEyYTcwMmZlNWUyNDMzOGM1NTM5MDdjZGE5NWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrNabUb0TjUdm+fBL1IVd5OW3Q2X
+aN5gNJE+c5pPX6V7wiLK2Tmm303WH9LaU5C3tLCkOQKjwfkHITfyPqfWK7p5oSb
br/v16TRoWKVH5AmV2DvvRNBMiUzqxMxrxHhioeUcW6qP7yQU7LZlBkfyioHM8wt
13tTsJdqMZFyuWpwu5xpEs6x2YxgyfDji81PZDjyIl278/Rut2J7/GzjsMI7pA7l
XvFEBHLC/G2HALSQKYwU3K3z+6qDR+m60VaKA8zhyEzQoIRlIHzFqP+ASHxSa+II
2ahNrBkteEva/QO7FaHRyJIgLl/tPnHKLgjjjknGbd+3ZbaQthFk+xGv2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIRagDRZQSpwL+XiQzjFU5B82pXjMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvaEZxQU5GbEJLbkF2NWVKRE9NVlRrSHphbGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6qBgSA
AwcAKg6qB+AKMA0GCSqGSIb3DQEBCwUAA4IBAQAiRLzS33ybjd+LKPErS8YUVgFN
CIOAOvzNCHg246r+IljH0xooase/4bh8hwhbKwQGtTuLt10m/SoApyy36RjxlJKt
5K/cAiGWsewKDaFr5yA9SVWAywr7QDhts967w+EujVKTZ0jedB5y71LwzUjWeK2i
G7bCr81vxQ0djqs8rbOy1MqpbZ/WJmlbdp3UHNp0sgxCz5/KCKTF3s4Yb856KM60
+y2ojTb2RlEWpAvVz8euRVpi0eFUeMLcfmxKs5Do5PGW7AKCXDdxQlXzUsZ+D0CG
ZcAR8ts13uP+5OmZweSg7/BUMU71mqMni8OwqdXthvWblAjPC5JrBqfJOO3y
-----END CERTIFICATE-----