Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rFI88sSG9KAuikfyEddJY_J7Cfw.roa
File:                     rFI88sSG9KAuikfyEddJY_J7Cfw.roa (raw, json)
Hash identifier:          UdN4X0kQJxyuOYtwC9q0n8mCTaAhUp9QgAE9QdLcF2U=
Subject key identifier:   AC:52:3C:F2:C4:86:F4:A0:2E:8A:47:F2:11:D7:49:63:F2:7B:09:FC
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2DDBAFE98AD607A0FDB9C677D1B1
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rFI88sSG9KAuikfyEddJY_J7Cfw.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203664
IP address blocks:        2a0e:aa07:e044::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2d:db:af:e9:8a:d6:07:a0:fd:b9:c6:77:d1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac523cf2c486f4a02e8a47f211d74963f27b09fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c1:e8:81:d8:1b:07:39:2d:a3:75:f7:fd:38:
                    6d:5c:d9:5c:e5:8c:df:d2:50:70:59:74:7c:e1:f7:
                    8b:52:8d:52:2c:d9:f0:82:7e:b4:7a:b4:69:52:6a:
                    ae:c0:a3:44:04:8e:5d:f1:5a:05:0b:ff:56:6c:98:
                    9a:e9:58:da:47:b7:cb:de:94:b6:b5:4b:ff:45:12:
                    b7:ff:91:9a:30:98:01:58:40:82:75:b5:f9:f6:80:
                    f2:b5:90:4e:3d:5d:d7:d0:6d:f6:73:8a:8f:65:d9:
                    c0:56:3a:73:d5:a6:1e:3a:39:63:be:21:ec:e5:57:
                    15:25:8c:b1:b4:df:cf:1d:76:1b:5e:5d:da:fe:cb:
                    30:7b:cf:a3:7b:c7:41:22:7b:46:2f:c0:87:27:28:
                    93:8f:38:c6:50:8e:5f:04:09:85:52:8a:58:ce:71:
                    4c:4b:cc:6f:51:0e:57:c6:55:9b:6a:ce:84:1d:45:
                    b9:a5:e7:49:bc:8f:66:15:1d:75:31:2c:46:ae:5a:
                    2d:71:5c:88:3f:a2:85:1a:9f:ef:b8:00:7d:98:70:
                    77:14:4c:81:64:53:db:51:df:6a:ac:9f:38:7c:b2:
                    95:ce:ac:20:03:7e:bb:c6:bb:56:df:eb:2a:4f:40:
                    7d:cc:f9:71:82:75:23:b4:7a:26:ba:bc:33:52:3c:
                    45:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:52:3C:F2:C4:86:F4:A0:2E:8A:47:F2:11:D7:49:63:F2:7B:09:FC
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rFI88sSG9KAuikfyEddJY_J7Cfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e044::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:6e:d6:1b:07:c1:38:52:11:09:5b:6b:2c:13:e3:2e:1d:cf:
         c5:05:f8:17:eb:76:15:29:2a:26:fd:d0:d1:2b:68:15:4e:9d:
         82:24:79:53:57:9f:da:5b:71:b2:04:32:c1:9f:1f:98:77:73:
         0a:ad:29:11:be:df:9e:71:b5:61:bc:dd:4d:5e:c6:4f:c4:19:
         f0:10:9f:83:6a:ea:01:52:22:60:f6:c3:ab:96:ec:f0:4e:88:
         9c:0b:66:f0:c7:ae:51:3d:86:38:95:9f:6a:80:7d:ed:0c:51:
         00:00:02:90:7a:89:10:6f:68:bb:ca:25:72:de:4c:d5:43:df:
         cc:3d:ed:91:3f:23:2a:e5:05:3c:e1:2d:31:08:15:ad:fb:a9:
         24:c5:68:94:f7:5a:ae:ff:10:5f:e1:ab:a7:6e:c6:26:74:0c:
         4f:b0:ad:30:63:a3:fd:e9:bb:f6:98:f2:7f:e0:de:c3:7d:71:
         60:d6:95:6c:25:37:dd:70:db:e7:50:25:8c:1e:3c:96:db:50:
         35:33:33:61:f1:e1:67:ad:1d:11:8f:2e:3b:bb:68:f5:61:a8:
         7d:01:77:b3:04:08:c7:e7:e7:24:53:87:e3:21:9f:50:06:d0:
         5b:a8:4d:3f:c6:e3:2b:a3:3f:8d:c1:3c:9a:b5:7e:b4:7e:49:
         02:36:ce:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbS3br+mK1geg/bnGd9GxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzUyM2NmMmM0ODZmNGEwMmU4YTQ3ZjIxMWQ3NDk2M2YyN2IwOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMHogdgbBzkto3X3/ThtXNlc5Yzf
0lBwWXR84feLUo1SLNnwgn60erRpUmquwKNEBI5d8VoFC/9WbJia6VjaR7fL3pS2
tUv/RRK3/5GaMJgBWECCdbX59oDytZBOPV3X0G32c4qPZdnAVjpz1aYeOjljviHs
5VcVJYyxtN/PHXYbXl3a/sswe8+je8dBIntGL8CHJyiTjzjGUI5fBAmFUopYznFM
S8xvUQ5XxlWbas6EHUW5pedJvI9mFR11MSxGrlotcVyIP6KFGp/vuAB9mHB3FEyB
ZFPbUd9qrJ84fLKVzqwgA367xrtW3+sqT0B9zPlxgnUjtHomurwzUjxFMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKxSPPLEhvSgLopH8hHXSWPyewn8MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvckZJODhzU0c5S0F1aWtmeUVkZEpZX0o3Q2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BE
MA0GCSqGSIb3DQEBCwUAA4IBAQBWbtYbB8E4UhEJW2ssE+MuHc/FBfgX63YVKSom
/dDRK2gVTp2CJHlTV5/aW3GyBDLBnx+Yd3MKrSkRvt+ecbVhvN1NXsZPxBnwEJ+D
auoBUiJg9sOrluzwToicC2bwx65RPYY4lZ9qgH3tDFEAAAKQeokQb2i7yiVy3kzV
Q9/MPe2RPyMq5QU84S0xCBWt+6kkxWiU91qu/xBf4aunbsYmdAxPsK0wY6P96bv2
mPJ/4N7DfXFg1pVsJTfdcNvnUCWMHjyW21A1MzNh8eFnrR0Rjy47u2j1Yah9AXez
BAjH5+ckU4fjIZ9QBtBbqE0/xuMroz+NwTyatX60fkkCNs4N
-----END CERTIFICATE-----