Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rdYnbATNrqAyTLlVa1ok6RVFhic.roa
File:                     rdYnbATNrqAyTLlVa1ok6RVFhic.roa (raw, json)
Hash identifier:          sFme4zgj+J5NZeTV78a1oU4XQ/4tAbq0GoM1rU/kGhU=
Subject key identifier:   AD:D6:27:6C:04:CD:AE:A0:32:4C:B9:55:6B:5A:24:E9:15:45:86:27
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D241BAA6A40A83170DF78EB6C4F72
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rdYnbATNrqAyTLlVa1ok6RVFhic.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48646
IP address blocks:        2a0e:aa01:ab02::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:24:1b:aa:6a:40:a8:31:70:df:78:eb:6c:4f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=add6276c04cdaea0324cb9556b5a24e915458627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:39:ce:07:c3:ba:59:99:1f:eb:5a:e9:e5:a2:
                    72:20:e2:8a:60:3b:84:a9:2c:24:4d:03:bc:4e:df:
                    18:ff:06:a1:2f:51:fd:20:fb:8d:ba:c7:33:5c:b8:
                    13:f2:a9:07:75:dd:a4:dd:83:b0:85:6d:ac:79:48:
                    5e:c1:68:5e:6d:12:6a:fb:6c:b2:88:2b:b6:f1:26:
                    50:20:70:86:bd:e1:be:e1:ad:e0:48:4b:2f:5c:63:
                    7e:6e:50:fd:bf:46:71:4d:2b:35:e5:19:80:54:e4:
                    c9:7d:e4:66:f2:65:d8:08:c4:6b:b0:f2:d9:9f:44:
                    93:a9:bf:f9:c9:e5:3f:04:c7:60:2c:15:ce:e4:a5:
                    74:1e:8c:bf:c2:71:80:0f:a1:00:70:fc:fd:c4:f3:
                    91:00:86:0e:41:ed:ca:c9:50:2e:95:9d:8f:39:15:
                    6f:b0:60:5e:35:e9:87:da:69:a5:2a:74:60:fe:06:
                    ac:ec:2f:8b:6c:7b:1c:d9:19:f6:94:08:11:4b:ee:
                    54:c5:83:46:48:51:61:b6:83:46:c5:ae:7d:4f:c6:
                    7b:89:70:44:ac:c7:08:9b:dd:7d:c3:fa:6d:9e:33:
                    20:a0:2a:c9:c7:bc:d2:c9:15:45:c3:3f:76:f4:fe:
                    53:dc:75:f4:4b:e1:b9:ca:f9:e7:5e:58:63:d8:2f:
                    ad:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D6:27:6C:04:CD:AE:A0:32:4C:B9:55:6B:5A:24:E9:15:45:86:27
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rdYnbATNrqAyTLlVa1ok6RVFhic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:ab02::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:82:02:8d:00:b7:b9:a7:be:3a:d4:d0:db:0c:53:19:9f:15:
         3d:c5:d2:a1:5e:a0:b6:7f:e8:f2:5b:03:ab:43:2e:85:01:1a:
         ba:b9:1d:9a:8f:76:ee:d9:29:f3:31:b0:43:15:08:b5:3d:c5:
         fb:91:87:59:e8:4c:48:1f:96:e5:a0:a2:9b:f1:70:9d:0a:4b:
         b5:d1:33:18:35:f7:09:8b:e3:e1:16:37:01:85:73:ec:9c:c5:
         7e:5a:6e:f1:12:52:d1:0b:fc:92:03:41:88:49:b1:98:1b:fb:
         f4:8a:b2:c8:2b:24:e3:51:e0:8c:35:ce:bb:77:ff:67:8a:9d:
         66:4b:2e:f6:c3:9b:44:c7:98:9d:06:0f:7a:7f:23:2e:6f:8e:
         58:fb:71:e3:52:39:36:06:fd:e6:b2:86:25:5c:54:61:b3:f4:
         5a:31:80:f1:2c:6c:39:18:d1:66:85:37:73:b0:1b:79:b0:72:
         37:41:c4:a7:37:7d:be:db:1c:62:c0:7e:13:d7:15:24:44:9d:
         16:fb:51:80:4e:56:ed:f3:74:4a:30:bb:1b:1e:c2:36:c7:8a:
         f6:81:fb:9a:96:78:54:63:32:42:b2:34:50:f3:54:43:7c:44:
         4a:4a:ba:a6:cb:ed:b2:89:90:79:3f:dd:01:dd:ed:3c:c2:8e:
         2f:ed:b4:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSQbqmpAqDFw33jrbE9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQ2Mjc2YzA0Y2RhZWEwMzI0Y2I5NTU2YjVhMjRlOTE1NDU4NjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjnOB8O6WZkf61rp5aJyIOKKYDuE
qSwkTQO8Tt8Y/wahL1H9IPuNusczXLgT8qkHdd2k3YOwhW2seUhewWhebRJq+2yy
iCu28SZQIHCGveG+4a3gSEsvXGN+blD9v0ZxTSs15RmAVOTJfeRm8mXYCMRrsPLZ
n0STqb/5yeU/BMdgLBXO5KV0Hoy/wnGAD6EAcPz9xPORAIYOQe3KyVAulZ2PORVv
sGBeNemH2mmlKnRg/gas7C+LbHsc2Rn2lAgRS+5UxYNGSFFhtoNGxa59T8Z7iXBE
rMcIm919w/ptnjMgoCrJx7zSyRVFwz929P5T3HX0S+G5yvnnXlhj2C+tHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK3WJ2wEza6gMky5VWtaJOkVRYYnMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvcmRZbmJBVE5ycUF5VExsVmExb2s2UlZGaGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qAasC
MA0GCSqGSIb3DQEBCwUAA4IBAQBbggKNALe5p7461NDbDFMZnxU9xdKhXqC2f+jy
WwOrQy6FARq6uR2aj3bu2SnzMbBDFQi1PcX7kYdZ6ExIH5bloKKb8XCdCku10TMY
NfcJi+PhFjcBhXPsnMV+Wm7xElLRC/ySA0GISbGYG/v0irLIKyTjUeCMNc67d/9n
ip1mSy72w5tEx5idBg96fyMub45Y+3HjUjk2Bv3msoYlXFRhs/RaMYDxLGw5GNFm
hTdzsBt5sHI3QcSnN32+2xxiwH4T1xUkRJ0W+1GATlbt83RKMLsbHsI2x4r2gfua
lnhUYzJCsjRQ81RDfERKSrqmy+2yiZB5P90B3e08wo4v7bT5
-----END CERTIFICATE-----