Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rmdGhfaf3S1TRSd3EZfMh2bnWGU.roa
File:                     rmdGhfaf3S1TRSd3EZfMh2bnWGU.roa (raw, json)
Hash identifier:          XkMuucACnfAaI+GNHsYqQX76QerdD+E6pjsakDbyYVA=
Subject key identifier:   AE:67:46:85:F6:9F:DD:2D:53:45:27:77:11:97:CC:87:66:E7:58:65
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018F3038EEF2EB617A4DEAE6BEB46D29021C
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rmdGhfaf3S1TRSd3EZfMh2bnWGU.roa
Signing time:             Tue 30 Apr 2024 18:16:28 +0000
ROA not before:           Tue 30 Apr 2024 18:16:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212802
IP address blocks:        2a0e:aa07:e016::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:38:ee:f2:eb:61:7a:4d:ea:e6:be:b4:6d:29:02:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Apr 30 18:16:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae674685f69fdd2d534527771197cc8766e75865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a7:96:f6:61:56:dc:98:38:96:cd:38:6a:69:
                    82:42:4c:18:84:96:aa:2f:25:e8:d1:64:67:52:ff:
                    63:c9:98:6f:66:0e:0a:86:c5:4e:9d:49:a7:3b:86:
                    e0:e8:46:41:14:5e:1d:34:8b:c9:5f:74:fb:f4:ad:
                    3d:e6:51:38:58:eb:22:42:93:14:85:f1:b7:f9:34:
                    34:c2:61:22:42:33:9a:71:da:71:51:6c:bf:a6:b7:
                    36:40:a6:5c:a0:2b:91:f8:90:b3:81:d6:ae:7d:5b:
                    29:1b:a7:4c:c9:2c:8f:aa:b3:6f:e1:23:d1:53:b8:
                    cc:2f:1b:82:89:9f:a0:48:d7:b9:65:b2:75:e8:bb:
                    89:bb:b3:ea:41:dc:3a:b5:02:41:76:a3:c7:79:46:
                    f2:17:2c:66:99:b2:5d:9a:56:8b:6e:b6:29:4e:bc:
                    d5:f8:09:c0:51:9e:9b:da:83:0b:7c:bf:24:67:d9:
                    73:79:c2:24:71:95:0d:0e:de:ad:1b:9e:1c:28:76:
                    3a:6d:4a:63:50:7f:e8:ec:41:2e:67:3b:4d:d9:e7:
                    bd:2b:fa:94:eb:ee:92:2e:d5:12:94:a6:9c:85:87:
                    0d:38:bb:d5:cd:fc:1b:90:43:3d:38:d0:ee:3e:6f:
                    8b:91:85:51:b4:9f:15:b2:a4:73:da:ce:d3:a6:51:
                    b8:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:67:46:85:F6:9F:DD:2D:53:45:27:77:11:97:CC:87:66:E7:58:65
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/rmdGhfaf3S1TRSd3EZfMh2bnWGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e016::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:aa:4d:72:df:bb:b5:5e:66:22:ea:8e:7c:58:6a:c4:ef:dd:
         a8:97:c7:24:a8:86:04:9e:51:02:93:f3:09:a2:75:1b:8f:3a:
         18:3e:c3:f1:7b:c7:40:da:e4:dc:4f:11:37:72:2a:88:d6:ef:
         80:38:ea:19:1e:78:a3:83:bd:28:b9:21:50:0e:b9:77:9b:08:
         a5:73:c3:7c:00:a0:71:92:fb:04:62:26:6b:fb:6d:92:30:20:
         80:92:e6:7d:d6:bb:a9:f2:92:2d:a8:7a:c9:5f:b6:37:25:ef:
         c9:27:e9:af:72:2f:17:43:be:44:cf:39:47:21:f6:f9:9a:06:
         4e:3e:1b:42:a6:9e:52:1e:c9:ab:34:0c:ff:75:c9:b5:e4:8d:
         45:8b:53:b6:75:36:81:77:e1:13:8b:b2:7f:d7:e0:2a:5e:94:
         d0:fc:09:b6:9d:f6:2b:35:51:60:0c:dd:42:1c:02:f7:ab:d3:
         a9:53:65:55:99:b4:a2:48:0a:2d:17:02:db:a2:a6:1b:76:f3:
         a1:48:08:92:4b:b2:d2:c0:ee:76:12:09:66:d2:b1:6b:ff:59:
         ff:63:00:f3:b5:3c:34:03:d1:8f:11:01:aa:77:f8:3e:14:5f:
         b9:a6:79:fa:d2:02:6a:67:8f:33:d9:a3:c1:f3:b3:ef:f8:59:
         77:aa:a2:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8wOO7y62F6TermvrRtKQIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNDMwMTgxNjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTY3NDY4NWY2OWZkZDJkNTM0NTI3NzcxMTk3Y2M4NzY2ZTc1ODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKeW9mFW3Jg4ls04ammCQkwYhJaq
LyXo0WRnUv9jyZhvZg4KhsVOnUmnO4bg6EZBFF4dNIvJX3T79K095lE4WOsiQpMU
hfG3+TQ0wmEiQjOacdpxUWy/prc2QKZcoCuR+JCzgdaufVspG6dMySyPqrNv4SPR
U7jMLxuCiZ+gSNe5ZbJ16LuJu7PqQdw6tQJBdqPHeUbyFyxmmbJdmlaLbrYpTrzV
+AnAUZ6b2oMLfL8kZ9lzecIkcZUNDt6tG54cKHY6bUpjUH/o7EEuZztN2ee9K/qU
6+6SLtUSlKachYcNOLvVzfwbkEM9ONDuPm+LkYVRtJ8VsqRz2s7TplG4jQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK5nRoX2n90tU0UndxGXzIdm51hlMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvcm1kR2hmYWYzUzFUUlNkM0VaZk1oMmJuV0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+AW
MA0GCSqGSIb3DQEBCwUAA4IBAQAqqk1y37u1XmYi6o58WGrE792ol8ckqIYEnlEC
k/MJonUbjzoYPsPxe8dA2uTcTxE3ciqI1u+AOOoZHnijg70ouSFQDrl3mwilc8N8
AKBxkvsEYiZr+22SMCCAkuZ91rup8pItqHrJX7Y3Je/JJ+mvci8XQ75EzzlHIfb5
mgZOPhtCpp5SHsmrNAz/dcm15I1Fi1O2dTaBd+ETi7J/1+AqXpTQ/Am2nfYrNVFg
DN1CHAL3q9OpU2VVmbSiSAotFwLboqYbdvOhSAiSS7LSwO52Eglm0rFr/1n/YwDz
tTw0A9GPEQGqd/g+FF+5pnn60gJqZ48z2aPB87Pv+Fl3qqL+
-----END CERTIFICATE-----