Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/n41Okl_KKNJSE6bbomnj5mAlLMU.roa
File:                     n41Okl_KKNJSE6bbomnj5mAlLMU.roa (raw, json)
Hash identifier:          vi6a6FRY8q5Yyy7vLXLTYl1vgTMSxW7Q1Jq0vbACPg0=
Subject key identifier:   9F:8D:4E:92:5F:CA:28:D2:52:13:A6:DB:A2:69:E3:E6:60:25:2C:C5
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D24AA9D5758434FEB67709C471308
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/n41Okl_KKNJSE6bbomnj5mAlLMU.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59566
IP address blocks:        2a0e:aa07:e017::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:24:aa:9d:57:58:43:4f:eb:67:70:9c:47:13:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f8d4e925fca28d25213a6dba269e3e660252cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:15:cd:95:20:f6:40:8c:bc:72:b1:17:c5:4d:
                    ea:09:42:f9:ee:03:11:d0:7e:f0:e1:9a:5b:6a:2b:
                    1e:57:d2:13:6e:89:69:5f:52:d0:7c:c0:18:0e:f5:
                    5a:2c:20:a8:71:5b:e1:27:90:3c:f4:14:1e:81:d2:
                    10:b3:24:06:27:30:66:bd:e5:85:c8:ec:6f:e8:17:
                    e6:6e:2d:91:f8:f8:97:ea:30:ba:39:0f:a9:c4:3d:
                    bf:bc:e5:bc:d0:d6:d4:7a:6f:ad:0a:b7:11:a8:63:
                    52:70:b0:24:23:c4:69:c1:85:b9:fe:fc:59:05:b8:
                    3e:dd:71:4d:1f:c0:65:c6:bd:fa:38:fc:35:81:e3:
                    79:ea:c2:bf:16:bf:8d:1c:dc:80:e2:93:05:8b:74:
                    9a:3c:9b:df:19:6b:5d:62:1f:af:8e:2f:68:60:5a:
                    87:67:4b:7a:6b:2c:3f:a4:57:13:f4:13:1f:f5:d6:
                    74:2a:ac:40:e6:95:88:9e:c6:c3:1e:fd:b7:51:02:
                    40:53:ca:bd:e3:84:d5:8e:3d:e4:88:82:e8:12:57:
                    45:f3:f2:c3:48:95:dc:b5:65:79:13:1c:9b:c0:20:
                    f8:39:38:ea:14:6e:1e:d7:3b:ca:5a:5a:2f:b0:6d:
                    67:7e:85:ce:ac:be:c7:d1:83:c2:60:e9:43:45:79:
                    a9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:8D:4E:92:5F:CA:28:D2:52:13:A6:DB:A2:69:E3:E6:60:25:2C:C5
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/n41Okl_KKNJSE6bbomnj5mAlLMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e017::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:46:56:47:c0:b6:73:df:95:37:a4:d2:50:e8:ed:c9:da:cb:
         9f:24:fe:8c:a4:7e:3f:2d:71:93:71:c0:79:67:76:02:3d:a0:
         a9:df:49:80:8c:13:f1:68:38:f1:ed:7b:9f:95:40:38:3d:15:
         a6:9e:b7:48:0c:c7:68:e4:30:ce:18:fc:0f:27:85:19:df:c9:
         b5:30:36:30:4d:ed:0e:52:c9:76:e2:65:29:be:1f:c8:06:45:
         78:36:6c:96:18:f7:9a:04:89:fb:27:a3:2e:4d:ed:ef:38:40:
         92:6c:fc:ef:fb:de:7f:30:de:e9:d6:6f:19:11:6a:81:c6:6d:
         2c:07:7b:b9:91:35:5e:d0:84:54:37:d7:24:e3:ad:5c:d2:48:
         be:42:ae:df:4d:51:67:b2:88:8b:2d:8c:6d:cb:d8:4c:64:63:
         86:b2:b2:f0:50:ec:4d:e2:f9:48:e7:e9:ab:f6:70:75:99:25:
         ab:42:fa:d2:ca:9a:78:78:0a:9a:8b:6c:b3:a9:17:39:26:62:
         0b:cf:4b:99:6d:85:f5:96:51:36:b1:9b:61:bd:4a:17:55:fb:
         af:c8:e6:6d:c5:15:3e:4a:70:ff:e9:18:ad:96:3c:aa:7f:d2:
         41:4c:0b:24:79:dd:ca:c9:02:df:b0:69:33:44:ba:23:7c:84:
         e4:f1:02:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSSqnVdYQ0/rZ3CcRxMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjhkNGU5MjVmY2EyOGQyNTIxM2E2ZGJhMjY5ZTNlNjYwMjUyY2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xXNlSD2QIy8crEXxU3qCUL57gMR
0H7w4ZpbaiseV9ITbolpX1LQfMAYDvVaLCCocVvhJ5A89BQegdIQsyQGJzBmveWF
yOxv6Bfmbi2R+PiX6jC6OQ+pxD2/vOW80NbUem+tCrcRqGNScLAkI8RpwYW5/vxZ
Bbg+3XFNH8Blxr36OPw1geN56sK/Fr+NHNyA4pMFi3SaPJvfGWtdYh+vji9oYFqH
Z0t6ayw/pFcT9BMf9dZ0KqxA5pWInsbDHv23UQJAU8q944TVjj3kiILoEldF8/LD
SJXctWV5ExybwCD4OTjqFG4e1zvKWlovsG1nfoXOrL7H0YPCYOlDRXmpFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ+NTpJfyijSUhOm26Jp4+ZgJSzFMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvbjQxT2tsX0tLTkpTRTZiYm9tbmo1bUFsTE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+AX
MA0GCSqGSIb3DQEBCwUAA4IBAQBsRlZHwLZz35U3pNJQ6O3J2sufJP6MpH4/LXGT
ccB5Z3YCPaCp30mAjBPxaDjx7XuflUA4PRWmnrdIDMdo5DDOGPwPJ4UZ38m1MDYw
Te0OUsl24mUpvh/IBkV4NmyWGPeaBIn7J6MuTe3vOECSbPzv+95/MN7p1m8ZEWqB
xm0sB3u5kTVe0IRUN9ck461c0ki+Qq7fTVFnsoiLLYxty9hMZGOGsrLwUOxN4vlI
5+mr9nB1mSWrQvrSypp4eAqai2yzqRc5JmILz0uZbYX1llE2sZthvUoXVfuvyOZt
xRU+SnD/6Ritljyqf9JBTAsked3KyQLfsGkzRLojfITk8QIq
-----END CERTIFICATE-----