Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/lt2mmKr1Lbo-rIfY56Jy3Dwi5H0.roa
File:                     lt2mmKr1Lbo-rIfY56Jy3Dwi5H0.roa (raw, json)
Hash identifier:          w9dgBdHJXtbXCisZIq5o8T8g4/7jv+nzfFlvllSluqw=
Subject key identifier:   96:DD:A6:98:AA:F5:2D:BA:3E:AC:87:D8:E7:A2:72:DC:3C:22:E4:7D
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D26BE40AE87BF0AD9C8750A978CBC
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/lt2mmKr1Lbo-rIfY56Jy3Dwi5H0.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138631
IP address blocks:        2a0e:aa06:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:26:be:40:ae:87:bf:0a:d9:c8:75:0a:97:8c:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96dda698aaf52dba3eac87d8e7a272dc3c22e47d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ac:2a:7f:88:0f:b6:b4:da:09:bf:a1:aa:63:
                    6f:16:70:33:da:16:b4:00:39:d2:97:02:5a:73:ff:
                    e5:26:5c:d8:54:9f:86:5a:00:fe:c1:2a:de:ad:21:
                    ba:60:eb:d9:01:61:bf:50:b5:1e:c5:8c:f2:6e:08:
                    1e:e9:cb:f8:22:f0:b8:e2:bc:b0:94:47:7b:0c:d7:
                    4d:69:6d:83:7c:3b:8f:11:4c:a8:e1:bb:31:53:9f:
                    f5:1d:e9:9a:63:39:8e:8a:fa:92:a3:5a:2d:57:bb:
                    f1:dc:c7:4e:5a:d5:45:e2:e0:97:17:b0:07:5d:b8:
                    cc:0b:97:56:43:90:8e:0c:72:b2:bf:fa:12:c5:55:
                    b6:40:e9:3b:3e:d5:98:fd:0a:47:1d:95:0a:fc:be:
                    96:f9:e3:2a:fa:66:de:e7:48:bf:75:e9:0a:bc:65:
                    79:7b:cf:ef:d3:38:2d:06:79:3d:07:72:79:0c:38:
                    91:99:10:04:d8:65:cf:7e:2f:58:a5:00:51:77:42:
                    0b:8f:a2:d1:5b:d1:28:4c:ee:9e:a8:49:89:89:d0:
                    da:68:9e:de:0e:95:5d:e3:91:60:52:ef:8a:d8:30:
                    b5:2b:62:46:5a:f3:ac:55:dd:0b:87:a2:83:9c:73:
                    95:95:08:2e:77:4b:5c:bf:47:5e:8e:a4:6f:00:0c:
                    a6:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DD:A6:98:AA:F5:2D:BA:3E:AC:87:D8:E7:A2:72:DC:3C:22:E4:7D
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/lt2mmKr1Lbo-rIfY56Jy3Dwi5H0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:23:e2:ae:18:c5:e5:33:a7:3d:ab:4f:a8:1c:79:14:f7:41:
         ea:86:aa:7f:12:5e:39:03:4a:8b:77:96:72:e1:f0:a3:46:78:
         aa:e5:e9:c7:01:f5:e6:27:88:69:13:bc:8b:7a:b3:aa:95:c9:
         31:05:d0:2c:14:f7:4e:d8:95:0d:1d:50:89:b3:0e:40:08:ef:
         95:87:8f:a0:87:f4:97:d3:82:73:77:a1:29:17:22:02:d1:1f:
         b5:db:a0:08:3e:dd:56:1e:3f:bc:a5:aa:a2:7c:68:82:98:07:
         e0:18:8f:85:cc:af:99:ed:e4:bc:9e:7e:32:e5:75:ec:b8:e7:
         02:0f:d8:de:53:b1:d7:ed:ef:9b:fb:fa:61:c1:07:bd:f1:86:
         30:0a:c4:6a:3a:d5:cd:c0:6c:09:f5:6f:ca:02:1f:8c:a7:3d:
         6e:cd:bb:0b:c5:4f:ed:ea:7d:00:3a:05:b8:ca:9f:6d:89:bb:
         32:7f:cd:03:bc:cf:34:2c:6d:ee:7a:88:34:bc:03:1f:84:ed:
         f0:fe:e9:4a:5c:ee:59:b4:83:a8:4e:0c:48:58:34:98:38:9b:
         9d:17:fe:69:71:b1:3f:f8:11:d1:f7:43:25:4d:ea:1c:cc:34:
         95:67:9a:f1:ba:6b:43:21:54:a3:00:7f:09:70:da:5b:b3:a1:
         3c:34:5f:5f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzCbSa+QK6HvwrZyHUKl4y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmRkYTY5OGFhZjUyZGJhM2VhYzg3ZDhlN2EyNzJkYzNjMjJlNDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6wqf4gPtrTaCb+hqmNvFnAz2ha0
ADnSlwJac//lJlzYVJ+GWgD+wSrerSG6YOvZAWG/ULUexYzybgge6cv4IvC44ryw
lEd7DNdNaW2DfDuPEUyo4bsxU5/1HemaYzmOivqSo1otV7vx3MdOWtVF4uCXF7AH
XbjMC5dWQ5CODHKyv/oSxVW2QOk7PtWY/QpHHZUK/L6W+eMq+mbe50i/dekKvGV5
e8/v0zgtBnk9B3J5DDiRmRAE2GXPfi9YpQBRd0ILj6LRW9EoTO6eqEmJidDaaJ7e
DpVd45FgUu+K2DC1K2JGWvOsVd0Lh6KDnHOVlQgud0tcv0dejqRvAAympwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJbdppiq9S26PqyH2Oeictw8IuR9MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvbHQybW1LcjFMYm8tcklmWTU2SnkzRHdpNUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg6qBgEw
DQYJKoZIhvcNAQELBQADggEBAHkj4q4YxeUzpz2rT6gceRT3QeqGqn8SXjkDSot3
lnLh8KNGeKrl6ccB9eYniGkTvIt6s6qVyTEF0CwU907YlQ0dUImzDkAI75WHj6CH
9JfTgnN3oSkXIgLRH7XboAg+3VYeP7ylqqJ8aIKYB+AYj4XMr5nt5LyefjLldey4
5wIP2N5Tsdft75v7+mHBB73xhjAKxGo61c3AbAn1b8oCH4ynPW7NuwvFT+3qfQA6
BbjKn22JuzJ/zQO8zzQsbe56iDS8Ax+E7fD+6Upc7lm0g6hODEhYNJg4m50X/mlx
sT/4EdH3QyVN6hzMNJVnmvG6a0MhVKMAfwlw2luzoTw0X18=
-----END CERTIFICATE-----