Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/kRrd9VQJlK99HbV3MbYrokjaPWI.roa
File:                     kRrd9VQJlK99HbV3MbYrokjaPWI.roa (raw, json)
Hash identifier:          Zq8kCI1hj1HtS3tesUlOJ+JQSSQNecsQQfaoTiTVWVM=
Subject key identifier:   91:1A:DD:F5:54:09:94:AF:7D:1D:B5:77:31:B6:2B:A2:48:DA:3D:62
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ED078F40C8B9001E59B93D7A9844B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/kRrd9VQJlK99HbV3MbYrokjaPWI.roa
Signing time:             Thu 02 Jan 2025 05:48:24 +0000
ROA not before:           Thu 02 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200078
IP address blocks:        2a0e:aa07:e050::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d0:78:f4:0c:8b:90:01:e5:9b:93:d7:a9:84:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=911addf5540994af7d1db57731b62ba248da3d62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c4:ef:68:3c:21:6c:2c:22:4c:69:7d:f1:bd:
                    70:98:ce:24:98:1d:57:e0:aa:7a:30:de:a8:61:f3:
                    29:89:b5:bc:52:c5:36:bb:0f:b1:1c:a9:f1:f0:f1:
                    fe:33:90:9a:04:25:d2:49:1d:6b:54:fc:55:a3:e1:
                    5d:cd:ec:0a:03:dc:21:17:85:8a:34:b9:bf:ce:c1:
                    46:9c:ac:17:82:2a:68:11:03:f4:29:33:26:0f:d1:
                    51:7e:80:0c:a6:0b:59:f4:1e:87:ef:63:fe:ad:f0:
                    7c:70:47:75:93:3f:4c:ad:fb:6f:f9:3a:54:92:0b:
                    93:13:cc:88:0f:07:59:a8:bb:3d:70:4e:5e:ba:9f:
                    a3:01:f2:23:89:76:bd:80:b0:68:c5:cb:57:39:4f:
                    ae:19:14:47:53:c3:89:51:a1:73:1d:76:ac:51:32:
                    57:6a:5c:6b:95:cc:65:8c:f2:f7:c2:c2:48:b4:31:
                    9c:08:44:c2:b0:0a:e2:01:60:9e:5c:77:27:06:9b:
                    c6:30:a4:4b:d3:98:a7:36:60:d9:53:fd:78:e9:90:
                    96:1d:76:15:64:33:68:ec:64:8c:a3:c2:f5:43:7d:
                    09:b5:cd:f1:3a:b9:66:06:4e:65:00:d6:73:e0:3d:
                    7b:98:50:bf:73:3d:c6:25:48:93:99:70:4d:e0:cc:
                    e4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1A:DD:F5:54:09:94:AF:7D:1D:B5:77:31:B6:2B:A2:48:DA:3D:62
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/kRrd9VQJlK99HbV3MbYrokjaPWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e050::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:5d:fa:79:f1:37:7b:66:96:51:36:f1:d4:8c:60:20:72:0e:
         cf:a0:f8:f0:71:3e:e1:52:87:87:55:06:3c:06:cd:84:38:61:
         2b:7b:de:15:e6:6f:6a:d7:32:3b:2c:3f:22:1c:50:c9:39:4e:
         39:6d:c9:95:1b:69:20:49:65:33:e8:ff:f1:15:01:65:af:f4:
         e2:62:3c:f3:98:1a:cb:92:e1:a8:9c:1b:14:59:45:ca:79:2b:
         0f:be:73:97:81:60:c8:52:53:10:c4:46:02:fe:40:7e:c4:a1:
         99:4c:cb:c5:fa:e5:e7:81:f4:dc:62:8a:eb:79:d0:c8:2d:6c:
         2e:c6:67:98:80:af:e4:08:a1:9a:9f:4b:ef:64:ee:db:f8:e0:
         62:d1:ef:bc:a8:b5:8a:2d:a6:6a:1f:4e:fd:d6:ec:41:30:fe:
         37:88:84:2e:03:3f:63:2a:25:5a:48:63:e6:2d:94:e3:17:f9:
         2c:7d:dc:12:46:62:04:ea:2f:69:37:a2:9e:77:5f:32:73:83:
         5d:ed:37:9a:84:22:23:7d:42:86:b3:60:f1:ca:b0:7b:de:f9:
         50:e0:7d:16:71:f3:23:c1:26:30:65:18:c2:1d:14:cb:17:82:
         55:e2:01:b8:17:69:d7:2e:2f:1f:51:73:f2:18:1d:c0:eb:96:
         cd:2f:38:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljtB49AyLkAHlm5PXqYRLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFhZGRmNTU0MDk5NGFmN2QxZGI1NzczMWI2MmJhMjQ4ZGEzZDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMTvaDwhbCwiTGl98b1wmM4kmB1X
4Kp6MN6oYfMpibW8UsU2uw+xHKnx8PH+M5CaBCXSSR1rVPxVo+FdzewKA9whF4WK
NLm/zsFGnKwXgipoEQP0KTMmD9FRfoAMpgtZ9B6H72P+rfB8cEd1kz9Mrftv+TpU
kguTE8yIDwdZqLs9cE5eup+jAfIjiXa9gLBoxctXOU+uGRRHU8OJUaFzHXasUTJX
alxrlcxljPL3wsJItDGcCETCsAriAWCeXHcnBpvGMKRL05inNmDZU/146ZCWHXYV
ZDNo7GSMo8L1Q30Jtc3xOrlmBk5lANZz4D17mFC/cz3GJUiTmXBN4MzkpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJEa3fVUCZSvfR21dzG2K6JI2j1iMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEva1JyZDlWUUpsSzk5SGJWM01iWXJva2phUFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+BQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBQXfp58Td7ZpZRNvHUjGAgcg7PoPjwcT7hUoeH
VQY8Bs2EOGEre94V5m9q1zI7LD8iHFDJOU45bcmVG2kgSWUz6P/xFQFlr/TiYjzz
mBrLkuGonBsUWUXKeSsPvnOXgWDIUlMQxEYC/kB+xKGZTMvF+uXngfTcYorredDI
LWwuxmeYgK/kCKGan0vvZO7b+OBi0e+8qLWKLaZqH0791uxBMP43iIQuAz9jKiVa
SGPmLZTjF/ksfdwSRmIE6i9pN6Ked18yc4Nd7TeahCIjfUKGs2DxyrB73vlQ4H0W
cfMjwSYwZRjCHRTLF4JV4gG4F2nXLi8fUXPyGB3A65bNLzhl
-----END CERTIFICATE-----