Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xUOPhzgcLa4gvfv2Yx-Ex9q5WSk.roa
File:                     xUOPhzgcLa4gvfv2Yx-Ex9q5WSk.roa (raw, json)
Hash identifier:          49ycnZOHkQiLuR6KJC2avwNxAibWYuZvF9ndXQRmGkw=
Subject key identifier:   C5:43:8F:87:38:1C:2D:AE:20:BD:FB:F6:63:1F:84:C7:DA:B9:59:29
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D36C7A506C78CFF9861B57C4C0126
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xUOPhzgcLa4gvfv2Yx-Ex9q5WSk.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208993
IP address blocks:        2a0e:aa07:f040::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:c7:a5:06:c7:8c:ff:98:61:b5:7c:4c:01:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5438f87381c2dae20bdfbf6631f84c7dab95929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:44:d1:04:04:20:b8:5e:d7:6e:87:dc:2b:a9:
                    fa:e4:83:c7:84:ad:75:bf:17:38:dc:5f:d1:80:45:
                    4a:36:45:f7:b0:77:3b:da:1f:57:68:be:93:58:26:
                    5d:19:31:96:6f:54:5e:a7:a1:d1:64:9d:c1:97:6b:
                    1f:81:a4:bd:b4:df:af:ca:07:95:96:0a:ee:4a:17:
                    53:59:00:50:6a:dd:97:c4:f3:f7:7a:ad:ed:f2:ef:
                    71:f2:ed:26:f4:81:a3:b7:bd:13:a8:67:9d:05:4b:
                    73:54:8e:26:01:cf:7c:2a:a2:59:25:8e:ef:11:e2:
                    03:24:54:c2:65:70:5b:8b:d0:6e:52:61:41:b9:f3:
                    fd:e1:44:5b:8f:7a:d3:12:3a:bf:d6:69:a9:40:78:
                    bb:a2:37:a9:3c:2c:89:be:4e:cb:3b:d7:b7:98:a3:
                    c3:a3:85:9c:b1:60:c7:4b:db:4c:dc:18:f9:d1:1e:
                    58:32:2b:e3:c7:db:50:64:f6:6a:b8:a1:b0:88:c5:
                    eb:4a:e2:c4:99:f0:d9:42:2a:dd:c7:2e:06:f4:d2:
                    57:c6:0c:11:86:16:5d:06:0f:af:d9:95:cc:1d:31:
                    db:53:7f:d3:99:27:b5:41:3b:ba:17:97:e4:f1:73:
                    8f:29:c7:37:90:17:a7:90:96:b2:c5:50:2e:b6:aa:
                    f9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:43:8F:87:38:1C:2D:AE:20:BD:FB:F6:63:1F:84:C7:DA:B9:59:29
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xUOPhzgcLa4gvfv2Yx-Ex9q5WSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f040::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:48:71:e1:10:77:8c:67:21:ce:4a:51:d3:74:dc:d9:ab:8b:
         16:6c:c7:dd:82:f3:30:6b:fc:8e:a1:2e:8f:1a:5c:6d:b9:17:
         0c:88:0a:4f:1c:14:0c:e3:b5:5b:37:4e:1b:78:4c:3a:bf:e0:
         9e:05:9e:86:a5:36:2f:65:47:27:09:38:68:a0:09:b2:4d:bf:
         47:10:85:5f:dc:63:c0:20:83:0d:e6:2d:58:0a:9b:8d:e6:3a:
         6c:27:73:a4:01:ac:57:c2:c3:f2:65:46:f2:2a:a7:9b:10:1e:
         68:18:21:b7:8c:d6:6c:55:7c:e2:50:30:96:84:ba:1e:28:e5:
         db:f4:89:3b:cf:03:87:79:95:91:af:26:4e:ba:5d:83:57:2d:
         bb:14:e8:e6:51:7b:fc:60:ec:11:94:98:f4:1f:a9:51:48:77:
         25:5e:6e:8c:8e:d1:e2:c2:47:d2:c9:43:47:16:0f:32:d2:31:
         2d:6e:b0:5f:49:6a:d3:f4:42:7c:26:7b:0a:ee:7d:ae:47:53:
         bd:41:95:62:30:88:f6:c5:44:ce:a3:8f:2e:a5:d3:68:f7:7c:
         ce:01:6b:02:07:cd:63:57:dd:c5:0a:ac:86:ab:62:67:12:bd:
         4b:5d:00:ac:03:64:35:9a:d3:5f:57:9b:7f:28:5b:62:7f:57:
         d4:0c:33:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTbHpQbHjP+YYbV8TAEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQzOGY4NzM4MWMyZGFlMjBiZGZiZjY2MzFmODRjN2RhYjk1OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoETRBAQguF7XbofcK6n65IPHhK11
vxc43F/RgEVKNkX3sHc72h9XaL6TWCZdGTGWb1Rep6HRZJ3Bl2sfgaS9tN+vygeV
lgruShdTWQBQat2XxPP3eq3t8u9x8u0m9IGjt70TqGedBUtzVI4mAc98KqJZJY7v
EeIDJFTCZXBbi9BuUmFBufP94URbj3rTEjq/1mmpQHi7ojepPCyJvk7LO9e3mKPD
o4WcsWDHS9tM3Bj50R5YMivjx9tQZPZquKGwiMXrSuLEmfDZQirdxy4G9NJXxgwR
hhZdBg+v2ZXMHTHbU3/TmSe1QTu6F5fk8XOPKcc3kBenkJayxVAutqr52QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMVDj4c4HC2uIL379mMfhMfauVkpMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEveFVPUGh6Z2NMYTRndmZ2Mll4LUV4OXE1V1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB/BA
MA0GCSqGSIb3DQEBCwUAA4IBAQA+SHHhEHeMZyHOSlHTdNzZq4sWbMfdgvMwa/yO
oS6PGlxtuRcMiApPHBQM47VbN04beEw6v+CeBZ6GpTYvZUcnCThooAmyTb9HEIVf
3GPAIIMN5i1YCpuN5jpsJ3OkAaxXwsPyZUbyKqebEB5oGCG3jNZsVXziUDCWhLoe
KOXb9Ik7zwOHeZWRryZOul2DVy27FOjmUXv8YOwRlJj0H6lRSHclXm6MjtHiwkfS
yUNHFg8y0jEtbrBfSWrT9EJ8JnsK7n2uR1O9QZViMIj2xUTOo48updNo93zOAWsC
B81jV93FCqyGq2JnEr1LXQCsA2Q1mtNfV5t/KFtif1fUDDNU
-----END CERTIFICATE-----