Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tGjxHTVZAtqnHk4vDpCbRs5pr_Q.roa
File:                     tGjxHTVZAtqnHk4vDpCbRs5pr_Q.roa (raw, json)
Hash identifier:          AZNIO895MqAB5BihV3uk/dR5Y30tUzRI8x6xRFwbTH0=
Subject key identifier:   B4:68:F1:1D:35:59:02:DA:A7:1E:4E:2F:0E:90:9B:46:CE:69:AF:F4
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D4739B584FB27B735DD0C57041860
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tGjxHTVZAtqnHk4vDpCbRs5pr_Q.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216368
IP address blocks:        2a0e:aa07:e110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:39:b5:84:fb:27:b7:35:dd:0c:57:04:18:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b468f11d355902daa71e4e2f0e909b46ce69aff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:69:20:3e:5c:2a:4b:af:0b:4a:65:9e:db:88:
                    db:65:22:47:d8:64:82:55:ee:27:35:a3:56:fd:28:
                    63:66:6c:55:90:28:b6:13:8d:da:c0:63:6b:5c:05:
                    63:e8:07:97:5d:d7:69:dd:11:4e:51:0a:62:d4:3a:
                    b2:0e:85:c6:3f:be:40:25:76:f2:a9:e9:0c:0d:0c:
                    df:f9:4e:a9:12:86:fb:82:d0:19:cd:c9:f4:dd:c4:
                    a2:1e:02:67:66:d6:89:50:10:23:2c:50:54:6f:ef:
                    53:77:4d:c8:f8:b4:78:19:2e:e4:6c:2b:7a:e9:46:
                    c8:60:33:0b:21:5b:4c:4e:b0:bd:78:f5:b8:91:1e:
                    cf:4b:15:1b:76:dc:cd:4c:a8:da:3b:cb:68:8c:c7:
                    1e:ee:07:ca:64:fb:7b:4f:e2:5f:32:92:03:2e:a3:
                    42:0a:e7:af:e2:11:ea:e3:b9:60:b4:c8:8f:b3:cc:
                    5b:4a:ab:06:61:25:2f:71:2a:7d:27:85:16:73:7f:
                    f8:62:31:41:fb:de:14:1e:8b:d6:12:71:e0:ee:e0:
                    3e:c7:1f:66:e4:a2:ca:d2:bd:ab:9d:22:bd:63:55:
                    28:90:b0:59:1b:1d:59:80:d3:10:1c:d0:81:02:d8:
                    c7:02:e5:34:a8:d4:0c:e5:fe:93:1f:b6:67:f8:b9:
                    db:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:68:F1:1D:35:59:02:DA:A7:1E:4E:2F:0E:90:9B:46:CE:69:AF:F4
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tGjxHTVZAtqnHk4vDpCbRs5pr_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e110::/44

    Signature Algorithm: sha256WithRSAEncryption
         bf:51:a2:7f:86:42:31:5d:d5:c5:f7:4b:88:a1:75:ba:1a:42:
         8a:f4:71:ac:cb:a7:f7:06:0a:54:8f:fd:fc:fb:8f:60:d1:e5:
         07:ed:45:f5:3f:2b:66:4e:0a:48:0a:25:c0:ef:8d:c3:c5:dd:
         5b:30:7f:d5:f7:f0:97:37:3b:95:d6:59:a5:08:37:a1:82:e2:
         da:08:83:52:24:1c:80:a7:87:e9:3c:86:48:fc:0c:93:f9:3d:
         b7:da:0e:88:42:c5:52:40:d8:ce:00:81:2c:3f:5e:8f:65:b1:
         7b:89:d1:f9:10:3f:51:b4:e8:33:21:bb:b8:36:86:90:c1:ee:
         9b:a9:3c:4c:2c:1d:52:78:e9:37:57:02:23:bc:f9:23:3c:4e:
         2c:22:f2:13:6a:69:87:0a:c1:d1:ad:41:23:ce:76:28:c3:d0:
         d3:84:ed:21:69:dc:09:41:fc:fb:67:e5:79:ae:37:38:16:ea:
         d0:61:f7:fb:87:93:26:ab:23:d0:8c:56:ab:ed:40:f8:58:56:
         c7:51:77:e1:be:b8:ab:cc:9f:34:0d:eb:c4:80:75:d4:a4:cb:
         8b:0f:3e:04:53:92:4f:fd:cc:84:30:86:aa:83:ca:0e:9a:59:
         47:2d:66:33:5b:f4:3d:25:6b:d5:cc:d0:4f:d1:ad:17:2d:93:
         01:1e:c7:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUc5tYT7J7c13QxXBBhgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY4ZjExZDM1NTkwMmRhYTcxZTRlMmYwZTkwOWI0NmNlNjlhZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWkgPlwqS68LSmWe24jbZSJH2GSC
Ve4nNaNW/ShjZmxVkCi2E43awGNrXAVj6AeXXddp3RFOUQpi1DqyDoXGP75AJXby
qekMDQzf+U6pEob7gtAZzcn03cSiHgJnZtaJUBAjLFBUb+9Td03I+LR4GS7kbCt6
6UbIYDMLIVtMTrC9ePW4kR7PSxUbdtzNTKjaO8tojMce7gfKZPt7T+JfMpIDLqNC
Cuev4hHq47lgtMiPs8xbSqsGYSUvcSp9J4UWc3/4YjFB+94UHovWEnHg7uA+xx9m
5KLK0r2rnSK9Y1UokLBZGx1ZgNMQHNCBAtjHAuU0qNQM5f6TH7Zn+LnbLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLRo8R01WQLapx5OLw6Qm0bOaa/0MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdEdqeEhUVlpBdHFuSGs0dkRwQ2JSczVwcl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+EQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC/UaJ/hkIxXdXF90uIoXW6GkKK9HGsy6f3BgpU
j/38+49g0eUH7UX1PytmTgpICiXA743Dxd1bMH/V9/CXNzuV1lmlCDehguLaCINS
JByAp4fpPIZI/AyT+T232g6IQsVSQNjOAIEsP16PZbF7idH5ED9RtOgzIbu4NoaQ
we6bqTxMLB1SeOk3VwIjvPkjPE4sIvITammHCsHRrUEjznYow9DThO0hadwJQfz7
Z+V5rjc4FurQYff7h5MmqyPQjFar7UD4WFbHUXfhvrirzJ80DevEgHXUpMuLDz4E
U5JP/cyEMIaqg8oOmllHLWYzW/Q9JWvVzNBP0a0XLZMBHsdm
-----END CERTIFICATE-----