Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/s4QnSaBj7JZgIWMTJ6xw1694Em0.roa
File:                     s4QnSaBj7JZgIWMTJ6xw1694Em0.roa (raw, json)
Hash identifier:          CgmfpV90Kl2HBqtVuo0QXrl3+MZJ5XJw8VozidlJevY=
Subject key identifier:   B3:84:27:49:A0:63:EC:96:60:21:63:13:27:AC:70:D7:AF:78:12:6D
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ED3C59AC284028A50D04EF32FBCA3
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/s4QnSaBj7JZgIWMTJ6xw1694Em0.roa
Signing time:             Thu 02 Jan 2025 05:48:24 +0000
ROA not before:           Thu 02 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203899
IP address blocks:        2a0e:aa07:e042::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d3:c5:9a:c2:84:02:8a:50:d0:4e:f3:2f:bc:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3842749a063ec966021631327ac70d7af78126d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:35:bb:02:bb:5c:9a:ed:2a:7f:3a:ba:dd:08:
                    e9:fa:c0:74:7c:62:4d:7b:8c:f1:f6:c5:98:65:7b:
                    55:9a:d6:81:fe:6b:42:63:5f:f5:d4:e0:5f:ca:c9:
                    21:a5:ea:48:1a:95:76:8e:91:d5:3a:b2:d9:d4:33:
                    08:31:41:da:5f:ac:b5:99:36:f2:d9:c9:95:9a:91:
                    fa:87:91:ee:85:25:5a:93:f6:47:5a:3e:d0:82:2e:
                    55:65:d6:4d:4f:96:67:70:ca:db:c2:96:82:8b:33:
                    4f:8d:38:82:ce:f9:8f:98:89:fb:33:d1:68:01:d6:
                    83:72:28:de:53:ed:71:aa:63:be:80:5d:81:c1:39:
                    16:bd:7f:ec:d9:b1:88:b6:06:2c:a9:83:ab:25:5a:
                    ba:35:6f:a9:87:bb:3a:74:ae:e9:95:e1:e1:0d:3a:
                    fb:55:3a:a8:c6:49:1f:ba:b5:50:bd:d8:ec:68:8f:
                    55:97:2d:33:a7:08:9c:64:62:71:c9:9e:67:80:4f:
                    f1:f0:f9:9b:a3:e5:f6:e7:b2:90:8d:1a:ec:02:2c:
                    c1:4d:29:39:df:eb:1a:16:af:59:f9:8d:7c:f1:a4:
                    ce:ec:46:ac:be:d7:f0:b7:1b:5b:1e:d2:5f:2b:93:
                    09:62:52:a5:fb:59:4b:2b:37:30:e5:68:84:96:5f:
                    1e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:84:27:49:A0:63:EC:96:60:21:63:13:27:AC:70:D7:AF:78:12:6D
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/s4QnSaBj7JZgIWMTJ6xw1694Em0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e042::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:b9:c7:66:18:c5:2d:dc:b6:ea:fb:ab:20:52:4a:cf:f1:08:
         0e:42:e8:a8:ad:ad:f6:7e:e1:24:56:5e:ae:9f:80:44:45:54:
         13:1e:dd:95:7c:63:c2:5c:ad:50:64:00:85:90:23:a4:a8:53:
         9f:96:5f:28:76:48:5e:65:d4:42:96:68:5e:46:e3:3a:b5:73:
         bc:a8:8c:b4:c2:f0:8d:6c:fd:ed:76:7b:84:6a:90:98:09:9d:
         59:57:36:76:69:98:83:c2:d4:fc:14:e7:8a:4c:44:7e:93:6b:
         da:98:56:c1:06:59:89:bc:6c:e2:7f:f9:8a:c1:5d:ec:27:36:
         85:74:e1:46:81:76:a2:9c:a9:5e:f8:55:e7:97:55:da:aa:17:
         63:84:a0:9a:de:eb:4f:39:6b:f3:5d:de:6c:71:83:ff:3d:43:
         0f:a5:48:67:f3:59:82:0d:f6:f9:c9:6d:69:01:8c:16:73:22:
         9a:7b:a5:83:bb:d4:3f:43:f4:cf:d2:17:5b:18:65:57:14:73:
         48:70:49:12:02:eb:67:d2:93:2f:57:ff:1f:cc:59:e7:e2:e8:
         2b:be:3f:1e:0a:d7:da:83:d2:a4:8d:42:96:b5:7f:6f:bc:fa:
         51:36:f1:5c:ab:02:1a:18:9f:88:a6:7e:92:e4:c1:e7:b2:d9:
         8c:a5:19:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljtPFmsKEAopQ0E7zL7yjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzg0Mjc0OWEwNjNlYzk2NjAyMTYzMTMyN2FjNzBkN2FmNzgxMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzW7Artcmu0qfzq63Qjp+sB0fGJN
e4zx9sWYZXtVmtaB/mtCY1/11OBfyskhpepIGpV2jpHVOrLZ1DMIMUHaX6y1mTby
2cmVmpH6h5HuhSVak/ZHWj7Qgi5VZdZNT5ZncMrbwpaCizNPjTiCzvmPmIn7M9Fo
AdaDcijeU+1xqmO+gF2BwTkWvX/s2bGItgYsqYOrJVq6NW+ph7s6dK7pleHhDTr7
VTqoxkkfurVQvdjsaI9Vly0zpwicZGJxyZ5ngE/x8Pmbo+X257KQjRrsAizBTSk5
3+saFq9Z+Y188aTO7EasvtfwtxtbHtJfK5MJYlKl+1lLKzcw5WiEll8erQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLOEJ0mgY+yWYCFjEyescNeveBJtMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvczRRblNhQmo3SlpnSVdNVEo2eHcxNjk0RW0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BC
MA0GCSqGSIb3DQEBCwUAA4IBAQBzucdmGMUt3Lbq+6sgUkrP8QgOQuiora32fuEk
Vl6un4BERVQTHt2VfGPCXK1QZACFkCOkqFOfll8odkheZdRClmheRuM6tXO8qIy0
wvCNbP3tdnuEapCYCZ1ZVzZ2aZiDwtT8FOeKTER+k2vamFbBBlmJvGzif/mKwV3s
JzaFdOFGgXainKle+FXnl1XaqhdjhKCa3utPOWvzXd5scYP/PUMPpUhn81mCDfb5
yW1pAYwWcyKae6WDu9Q/Q/TP0hdbGGVXFHNIcEkSAutn0pMvV/8fzFnn4ugrvj8e
Ctfag9KkjUKWtX9vvPpRNvFcqwIaGJ+Ipn6S5MHnstmMpRll
-----END CERTIFICATE-----