Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jweNgG4Cnfed_9BEeYDfG4bf7lI.roa
File:                     jweNgG4Cnfed_9BEeYDfG4bf7lI.roa (raw, json)
Hash identifier:          v/1YZj5FZGwD0yYHm6rADB+/mvDA3HXAFsRODgPTtlw=
Subject key identifier:   8F:07:8D:80:6E:02:9D:F7:9D:FF:D0:44:79:80:DF:1B:86:DF:EE:52
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D25AA7C35C457D41660D7EB2790C3
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jweNgG4Cnfed_9BEeYDfG4bf7lI.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61350
IP address blocks:        2a0e:aa07:e038::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:25:aa:7c:35:c4:57:d4:16:60:d7:eb:27:90:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f078d806e029df79dffd0447980df1b86dfee52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:28:2d:8c:8e:ec:a5:20:68:00:a4:e0:a1:83:
                    98:f9:27:54:24:c2:6a:51:5c:c9:05:0c:c3:4d:7e:
                    7d:8a:0d:eb:09:17:ab:5e:01:75:40:49:9c:69:cf:
                    ae:9f:82:e9:02:ea:57:3a:d7:d7:15:bb:8e:d3:da:
                    e4:fb:e6:bb:db:81:77:9d:a0:a7:86:31:2b:54:c1:
                    b0:ef:67:06:75:1e:6c:db:7e:0e:b2:e4:f4:10:2b:
                    c6:91:1c:0d:cd:9d:97:0d:3f:42:dd:79:5c:b9:ae:
                    b7:85:7f:fe:fe:3a:bb:96:55:ae:5a:3f:a1:de:0a:
                    c7:75:cf:74:d7:75:04:f0:e2:bb:1d:b0:15:98:57:
                    79:43:60:7f:7c:1b:a1:79:4f:9c:bb:a7:5e:f3:ca:
                    1e:17:50:b8:49:36:ad:82:27:ab:23:49:88:ac:84:
                    e7:6a:cd:d6:dc:f7:08:9f:6b:dd:28:b1:14:c1:b9:
                    ce:67:b2:6f:89:43:97:0c:c7:1c:22:3f:75:01:5b:
                    e3:d4:70:71:b1:97:0d:b4:e8:85:c3:42:f5:4f:9d:
                    26:7d:65:26:bc:17:d1:17:6d:cd:23:d4:fa:69:7a:
                    0a:37:91:e3:1a:ee:a6:d7:4c:dd:c1:7e:16:67:06:
                    94:a0:dc:42:3e:af:39:0f:6b:e5:f4:a4:dc:fa:c8:
                    86:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:07:8D:80:6E:02:9D:F7:9D:FF:D0:44:79:80:DF:1B:86:DF:EE:52
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jweNgG4Cnfed_9BEeYDfG4bf7lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e038::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:1b:87:ef:3a:32:26:91:5a:21:51:60:63:5f:66:2c:ac:44:
         77:85:57:6a:42:a1:64:ee:a8:f8:d8:da:2f:01:02:32:74:d1:
         97:4d:b1:16:56:ba:ab:bc:c4:30:ef:72:00:74:20:00:94:c6:
         90:a0:ee:cf:ea:d0:9d:2a:e1:e7:c5:31:0e:5e:87:7b:5b:f3:
         a8:27:bf:2d:c9:da:9c:43:ad:8d:f0:64:71:f5:2a:bb:62:63:
         fe:66:25:3d:74:52:2c:32:9c:59:ba:e5:43:7b:e3:29:1d:2b:
         44:f2:ab:23:f3:bc:ff:d9:fe:a5:db:e0:69:38:69:be:68:9f:
         94:bf:48:78:cc:ed:16:a9:78:43:10:58:27:17:31:d0:67:db:
         00:4f:5d:6b:db:bf:dc:e3:12:b4:d8:b5:c3:c9:45:66:68:17:
         cf:ae:dc:93:fb:6d:ce:ae:a6:a3:dc:d5:15:b2:74:18:6e:e1:
         42:4f:42:1c:68:81:ba:07:1a:7c:8a:98:7b:e5:2f:7d:85:56:
         34:11:9e:f9:ab:37:7d:42:5b:d3:f7:d5:c6:90:31:b8:64:36:
         f1:e8:48:1f:31:6e:11:ef:3b:96:b9:8a:09:53:96:98:8e:51:
         85:75:ce:20:bc:b2:60:13:53:c5:a4:87:90:dd:ee:64:6a:8f:
         06:50:c7:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSWqfDXEV9QWYNfrJ5DDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjA3OGQ4MDZlMDI5ZGY3OWRmZmQwNDQ3OTgwZGYxYjg2ZGZlZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApygtjI7spSBoAKTgoYOY+SdUJMJq
UVzJBQzDTX59ig3rCRerXgF1QEmcac+un4LpAupXOtfXFbuO09rk++a724F3naCn
hjErVMGw72cGdR5s234OsuT0ECvGkRwNzZ2XDT9C3Xlcua63hX/+/jq7llWuWj+h
3grHdc9013UE8OK7HbAVmFd5Q2B/fBuheU+cu6de88oeF1C4STatgierI0mIrITn
as3W3PcIn2vdKLEUwbnOZ7JviUOXDMccIj91AVvj1HBxsZcNtOiFw0L1T50mfWUm
vBfRF23NI9T6aXoKN5HjGu6m10zdwX4WZwaUoNxCPq85D2vl9KTc+siGcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI8HjYBuAp33nf/QRHmA3xuG3+5SMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvandlTmdHNENuZmVkXzlCRWVZRGZHNGJmN2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+A4
MA0GCSqGSIb3DQEBCwUAA4IBAQAIG4fvOjImkVohUWBjX2YsrER3hVdqQqFk7qj4
2NovAQIydNGXTbEWVrqrvMQw73IAdCAAlMaQoO7P6tCdKuHnxTEOXod7W/OoJ78t
ydqcQ62N8GRx9Sq7YmP+ZiU9dFIsMpxZuuVDe+MpHStE8qsj87z/2f6l2+BpOGm+
aJ+Uv0h4zO0WqXhDEFgnFzHQZ9sAT11r27/c4xK02LXDyUVmaBfPrtyT+23Orqaj
3NUVsnQYbuFCT0IcaIG6Bxp8iph75S99hVY0EZ75qzd9QlvT99XGkDG4ZDbx6Egf
MW4R7zuWuYoJU5aYjlGFdc4gvLJgE1PFpIeQ3e5kao8GUMd3
-----END CERTIFICATE-----