Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tn9kBfwTb8K3fEL0wksmVZ-xKDU.roa
File:                     tn9kBfwTb8K3fEL0wksmVZ-xKDU.roa (raw, json)
Hash identifier:          2FeX230nLYDSHbgmTeoClkgsV/0+12RGJbUdpwfLAww=
Subject key identifier:   B6:7F:64:05:FC:13:6F:C2:B7:7C:42:F4:C2:4B:26:55:9F:B1:28:35
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2B2C24B741CC8BDA41D6BF6B38A5
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tn9kBfwTb8K3fEL0wksmVZ-xKDU.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198734
IP address blocks:        2a0e:aa07:e0a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:2c:24:b7:41:cc:8b:da:41:d6:bf:6b:38:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b67f6405fc136fc2b77c42f4c24b26559fb12835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8b:8d:0e:38:96:3d:c7:10:dd:15:d0:bb:0c:
                    77:0e:28:72:44:ac:c9:b2:d5:a8:5e:f9:01:17:7a:
                    5b:26:ab:3c:f0:f4:91:ea:7a:cf:0f:d2:03:29:0b:
                    06:9c:89:28:33:c9:b8:98:19:0c:99:93:5a:94:2a:
                    f0:9d:93:9b:f5:49:e2:3c:f9:58:8b:5c:91:38:81:
                    76:47:0c:a3:0b:6e:52:c8:88:57:55:77:f5:c0:8b:
                    0c:ee:a5:19:4c:5a:20:0a:7e:17:21:2f:6c:18:56:
                    20:47:4c:6b:1d:4a:62:05:1e:ff:06:6c:69:8b:f1:
                    14:cb:fa:ba:8c:e8:29:6b:5d:53:01:88:60:6f:2c:
                    9e:39:4a:08:ee:45:ec:18:ab:3a:09:dd:b3:5b:9f:
                    74:69:f7:d1:be:c4:1e:5a:18:43:4e:b6:a3:ae:c3:
                    32:d1:e1:71:9b:d0:88:f8:d9:c5:09:32:b8:2d:c7:
                    5e:c9:00:f6:23:d0:4f:0d:1e:bf:de:91:cc:30:e4:
                    34:52:10:67:5c:ca:3e:e1:e0:35:36:01:d4:fb:06:
                    4b:49:51:15:5d:56:62:3a:7c:e1:af:66:ce:93:f1:
                    d1:5a:a2:5f:f1:31:d5:f4:55:c4:69:fa:26:31:fe:
                    97:5a:75:10:f2:ca:9b:4f:8f:ed:d5:b4:fa:fd:3c:
                    85:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:7F:64:05:FC:13:6F:C2:B7:7C:42:F4:C2:4B:26:55:9F:B1:28:35
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tn9kBfwTb8K3fEL0wksmVZ-xKDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e0a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         89:5e:54:bf:74:42:1e:43:56:86:32:27:6c:bc:cf:5a:83:eb:
         4f:8c:75:37:81:ca:4b:83:4a:b7:17:15:65:4f:3d:fe:90:51:
         f5:9d:72:62:29:dc:0a:e3:07:0e:63:a4:06:5d:b5:06:58:36:
         2b:b4:c9:c1:83:a5:29:10:e5:81:6d:30:f8:7b:d9:a9:55:1f:
         c8:a7:61:17:fa:29:ef:9c:c9:20:19:e1:62:d5:29:8b:e1:b3:
         a1:b8:d9:0f:0c:5c:03:6a:6d:db:f0:21:8f:9e:61:a3:18:3e:
         2b:c5:19:bf:5f:cf:f1:fa:be:73:88:10:e6:e0:d6:e4:54:ab:
         79:e0:7a:e7:18:67:15:39:68:f0:bf:99:df:31:fd:a1:71:e6:
         dd:c1:00:b6:b0:4b:8b:7a:c7:df:56:e4:5f:33:45:0d:de:ca:
         89:32:37:22:6d:39:a6:a3:4a:49:47:7c:40:08:7b:5a:dc:21:
         81:2d:00:08:f6:b8:8e:14:81:db:a2:2f:9c:67:5a:fc:8a:64:
         eb:44:11:f4:43:e4:b7:77:f4:ba:36:89:bd:3b:fd:24:d2:4c:
         fb:b3:4b:d9:29:70:80:25:8e:0c:64:a7:c5:a5:91:3c:11:03:
         6e:a4:d8:fe:59:d4:2e:91:c2:8a:50:25:71:b4:7a:0e:c5:3d:
         db:ac:aa:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSssJLdBzIvaQda/azilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjdmNjQwNWZjMTM2ZmMyYjc3YzQyZjRjMjRiMjY1NTlmYjEyODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYuNDjiWPccQ3RXQuwx3DihyRKzJ
stWoXvkBF3pbJqs88PSR6nrPD9IDKQsGnIkoM8m4mBkMmZNalCrwnZOb9UniPPlY
i1yROIF2RwyjC25SyIhXVXf1wIsM7qUZTFogCn4XIS9sGFYgR0xrHUpiBR7/Bmxp
i/EUy/q6jOgpa11TAYhgbyyeOUoI7kXsGKs6Cd2zW590affRvsQeWhhDTrajrsMy
0eFxm9CI+NnFCTK4LcdeyQD2I9BPDR6/3pHMMOQ0UhBnXMo+4eA1NgHU+wZLSVEV
XVZiOnzhr2bOk/HRWqJf8THV9FXEafomMf6XWnUQ8sqbT4/t1bT6/TyFwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLZ/ZAX8E2/Ct3xC9MJLJlWfsSg1MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdG45a0Jmd1RiOEszZkVMMHdrc21WWi14S0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Cg
MA0GCSqGSIb3DQEBCwUAA4IBAQCJXlS/dEIeQ1aGMidsvM9ag+tPjHU3gcpLg0q3
FxVlTz3+kFH1nXJiKdwK4wcOY6QGXbUGWDYrtMnBg6UpEOWBbTD4e9mpVR/Ip2EX
+invnMkgGeFi1SmL4bOhuNkPDFwDam3b8CGPnmGjGD4rxRm/X8/x+r5ziBDm4Nbk
VKt54HrnGGcVOWjwv5nfMf2hcebdwQC2sEuLesffVuRfM0UN3sqJMjcibTmmo0pJ
R3xACHta3CGBLQAI9riOFIHboi+cZ1r8imTrRBH0Q+S3d/S6Nom9O/0k0kz7s0vZ
KXCAJY4MZKfFpZE8EQNupNj+WdQukcKKUCVxtHoOxT3brKpz
-----END CERTIFICATE-----