Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rQkLecAIA6z_Pur14gkqshKEJRY.roa
File:                     rQkLecAIA6z_Pur14gkqshKEJRY.roa (raw, json)
Hash identifier:          cszA/ZFQieoUVoyb9hBmgccpwzR4eLcFlAzxu2oDK+0=
Subject key identifier:   AD:09:0B:79:C0:08:03:AC:FF:3E:EA:F5:E2:09:2A:B2:12:84:25:16
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018F28EEFFA213DFA60753984FCE911E9453
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rQkLecAIA6z_Pur14gkqshKEJRY.roa
Signing time:             Mon 29 Apr 2024 08:18:22 +0000
ROA not before:           Mon 29 Apr 2024 08:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215019
IP address blocks:        2a0e:aa07:e190::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:ee:ff:a2:13:df:a6:07:53:98:4f:ce:91:1e:94:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Apr 29 08:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad090b79c00803acff3eeaf5e2092ab212842516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8e:a0:d4:07:d1:0d:be:0e:ec:63:53:96:9c:
                    ba:19:c6:5e:d6:30:f5:ac:99:ea:9e:e0:0a:92:3a:
                    5c:5a:79:78:5f:4a:18:28:b2:c4:de:e4:67:30:5b:
                    da:19:e2:7a:33:aa:fc:d1:6d:8b:f1:e1:99:2c:c7:
                    47:87:6b:ab:4f:a0:a3:49:60:6a:56:b7:60:a5:7b:
                    6d:b7:3b:22:65:5b:10:7c:bf:26:a1:bb:0f:f0:1a:
                    b5:a5:ed:26:b7:e5:a0:ea:57:5a:c1:01:02:43:a9:
                    0d:fb:32:c6:2e:e1:99:e5:9d:45:4e:d7:58:f9:40:
                    78:2d:57:51:0e:5a:cb:11:09:88:a9:04:5a:3b:db:
                    fc:b2:f9:24:31:6a:1a:d2:be:8f:fb:24:c3:5d:a7:
                    70:fe:6f:74:ce:0c:3b:81:d7:25:4a:bd:ba:ce:4c:
                    45:e0:3b:af:d6:60:06:3f:e5:38:52:a3:ca:f5:98:
                    df:8e:b3:2f:57:ee:fb:35:bc:86:80:90:25:ab:b8:
                    18:9a:92:cc:da:6a:a7:d6:6d:f3:91:bd:b9:80:34:
                    13:1a:b4:ea:5a:07:e0:0f:f2:18:27:9c:34:c6:6c:
                    26:ec:02:25:19:c4:ea:a4:64:6a:41:50:91:10:73:
                    03:cc:9e:c0:e9:28:f5:63:38:5d:3f:93:c4:6b:a9:
                    31:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:09:0B:79:C0:08:03:AC:FF:3E:EA:F5:E2:09:2A:B2:12:84:25:16
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rQkLecAIA6z_Pur14gkqshKEJRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e190::/44

    Signature Algorithm: sha256WithRSAEncryption
         8e:06:2c:da:69:32:96:ff:23:bc:d2:ff:11:4c:86:56:00:85:
         a6:5b:ac:eb:d7:54:33:74:9b:48:87:50:35:65:00:e9:ba:74:
         0b:b0:93:3b:80:9a:b9:9a:3e:c8:3d:cd:7e:0f:6e:21:4e:8b:
         2a:72:47:e0:d4:28:0e:8e:84:43:c7:c2:c4:34:76:3d:d5:32:
         d1:ae:e5:ee:81:32:24:83:62:40:9f:6d:46:ed:e2:91:49:52:
         4d:66:88:b0:65:cc:61:b5:9d:a7:9e:9b:57:24:7c:d2:38:ad:
         df:47:f3:96:7e:94:f7:c8:15:51:5a:0f:06:ba:79:76:58:65:
         3f:72:60:dc:a1:ab:60:cf:2d:e6:7d:49:b0:3f:4b:0f:af:05:
         45:e6:e6:87:78:fd:1f:51:73:20:76:3a:56:f3:95:5e:3e:8c:
         f1:ce:d6:74:98:49:20:fc:58:67:65:57:68:02:e6:da:38:ba:
         ea:17:77:83:11:91:1b:95:e0:24:09:be:ff:84:44:6b:88:5c:
         b5:de:77:74:8d:71:dd:ae:ea:09:99:0d:7c:de:23:a2:15:6f:
         c0:bd:01:ab:93:46:15:b7:39:cb:54:36:d1:1c:83:0c:7f:cd:
         fe:8b:84:ee:49:df:8e:26:8c:d3:18:27:35:85:58:7d:0c:61:
         92:2b:9b:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8o7v+iE9+mB1OYT86RHpRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNDI5MDgxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDA5MGI3OWMwMDgwM2FjZmYzZWVhZjVlMjA5MmFiMjEyODQyNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtI6g1AfRDb4O7GNTlpy6GcZe1jD1
rJnqnuAKkjpcWnl4X0oYKLLE3uRnMFvaGeJ6M6r80W2L8eGZLMdHh2urT6CjSWBq
VrdgpXtttzsiZVsQfL8mobsP8Bq1pe0mt+Wg6ldawQECQ6kN+zLGLuGZ5Z1FTtdY
+UB4LVdRDlrLEQmIqQRaO9v8svkkMWoa0r6P+yTDXadw/m90zgw7gdclSr26zkxF
4Duv1mAGP+U4UqPK9ZjfjrMvV+77NbyGgJAlq7gYmpLM2mqn1m3zkb25gDQTGrTq
WgfgD/IYJ5w0xmwm7AIlGcTqpGRqQVCREHMDzJ7A6Sj1YzhdP5PEa6kxQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK0JC3nACAOs/z7q9eIJKrIShCUWMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvclFrTGVjQUlBNnpfUHVyMTRna3FzaEtFSlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+GQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCOBizaaTKW/yO80v8RTIZWAIWmW6zr11QzdJtI
h1A1ZQDpunQLsJM7gJq5mj7IPc1+D24hTosqckfg1CgOjoRDx8LENHY91TLRruXu
gTIkg2JAn21G7eKRSVJNZoiwZcxhtZ2nnptXJHzSOK3fR/OWfpT3yBVRWg8Gunl2
WGU/cmDcoatgzy3mfUmwP0sPrwVF5uaHeP0fUXMgdjpW85VePozxztZ0mEkg/Fhn
ZVdoAubaOLrqF3eDEZEbleAkCb7/hERriFy13nd0jXHdruoJmQ183iOiFW/AvQGr
k0YVtznLVDbRHIMMf83+i4TuSd+OJozTGCc1hVh9DGGSK5s/
-----END CERTIFICATE-----