Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xZ-niYOxxNe8u4NnYy08UKAmJmw.roa
File:                     xZ-niYOxxNe8u4NnYy08UKAmJmw.roa (raw, json)
Hash identifier:          4GP0fWEUJpR7ZHeFkaxnLLPvGY03CUhA8BSNU29nq4E=
Subject key identifier:   C5:9F:A7:89:83:B1:C4:D7:BC:BB:83:67:63:2D:3C:50:A0:26:26:6C
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0196EF94384D1FD9F121960FE93CC2044508
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xZ-niYOxxNe8u4NnYy08UKAmJmw.roa
Signing time:             Tue 20 May 2025 21:23:10 +0000
ROA not before:           Tue 20 May 2025 21:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8987
IP address blocks:        2a0e:aa07:f0d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ef:94:38:4d:1f:d9:f1:21:96:0f:e9:3c:c2:04:45:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: May 20 21:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c59fa78983b1c4d7bcbb8367632d3c50a026266c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d4:41:94:37:1c:0b:e4:28:4b:a9:e9:5b:9c:
                    d0:52:91:97:7e:ed:af:9f:77:c0:b6:b8:f9:94:35:
                    82:4a:1b:ce:22:95:d9:69:67:75:b9:07:4e:b0:0d:
                    08:0f:0d:eb:4e:26:75:e1:b0:f0:6a:55:81:2f:e4:
                    51:71:6a:0c:2d:ab:08:bc:c3:b2:f0:d2:0c:eb:e7:
                    89:f6:b2:99:96:cf:a8:74:e3:7f:5e:36:f0:0f:88:
                    ef:4c:89:6d:e8:59:93:53:98:3d:75:29:f9:a7:47:
                    96:28:45:5d:6b:9f:52:ff:fe:6a:1f:ff:7b:a2:f0:
                    08:55:36:5d:9d:74:06:17:7a:3e:e9:9d:f5:34:0c:
                    c7:67:4a:cd:3e:32:59:2c:4d:9b:6e:e4:a4:8f:b3:
                    2c:8c:f0:8c:88:3e:3c:19:21:49:b0:94:25:9b:2c:
                    ad:0d:00:71:9f:58:5d:81:d4:fd:9b:2b:1b:6d:89:
                    0e:e1:bd:e7:96:7d:5a:5e:f4:2f:6a:f2:4a:d0:00:
                    ca:1e:b0:35:fc:13:6e:a9:74:20:2f:89:9a:37:fb:
                    48:99:b1:33:29:54:e3:64:e5:b3:6c:99:aa:3b:00:
                    48:ac:db:be:6e:80:e1:1a:69:81:2e:8b:99:4e:a9:
                    35:84:75:6f:ce:61:5d:5f:c2:4a:4b:1b:0c:ac:ca:
                    33:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9F:A7:89:83:B1:C4:D7:BC:BB:83:67:63:2D:3C:50:A0:26:26:6C
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xZ-niYOxxNe8u4NnYy08UKAmJmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f0d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:e0:8f:56:3c:9d:ba:c8:6b:cd:ca:04:74:b9:fd:7b:07:f8:
         b5:6c:44:6c:23:c5:8e:4f:95:1b:d7:87:c4:ba:e4:0a:63:d6:
         7d:c0:39:db:f0:c1:40:76:24:57:eb:f7:b3:d5:6a:bd:62:85:
         35:33:a2:58:f4:f5:ff:fe:2f:51:60:97:5b:90:bb:f8:c0:17:
         75:b6:f0:fd:ad:a9:cd:a8:f5:73:f0:81:6b:c5:ed:ab:16:0d:
         79:3d:15:45:88:65:f5:53:0a:27:82:57:fc:92:6d:e3:e1:64:
         10:b9:55:4a:98:2e:ba:5f:56:80:0d:a4:f5:a2:17:d0:33:4b:
         8d:a7:0a:74:92:a0:be:91:bc:86:d1:cc:51:ca:f6:45:b8:95:
         56:b0:65:e5:07:d7:2d:80:17:d0:7f:8a:55:bb:72:02:ce:1e:
         f2:29:c4:d3:94:9a:73:63:e9:15:c9:e4:52:4b:d7:9a:75:ec:
         f5:b1:da:9a:72:58:fc:58:5f:de:f1:91:00:6b:95:0a:b1:da:
         e1:b6:0e:29:88:02:24:25:8b:f8:73:85:82:6f:23:f7:fa:75:
         1e:ee:c2:b2:77:10:75:99:17:2f:57:4c:de:53:7f:06:aa:4f:
         8e:ac:30:83:96:e4:3d:8e:46:fd:1d:b4:c8:98:0b:7b:84:d7:
         8e:77:cd:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbvlDhNH9nxIZYP6TzCBEUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwNTIwMjEyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTlmYTc4OTgzYjFjNGQ3YmNiYjgzNjc2MzJkM2M1MGEwMjYyNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNRBlDccC+QoS6npW5zQUpGXfu2v
n3fAtrj5lDWCShvOIpXZaWd1uQdOsA0IDw3rTiZ14bDwalWBL+RRcWoMLasIvMOy
8NIM6+eJ9rKZls+odON/XjbwD4jvTIlt6FmTU5g9dSn5p0eWKEVda59S//5qH/97
ovAIVTZdnXQGF3o+6Z31NAzHZ0rNPjJZLE2bbuSkj7MsjPCMiD48GSFJsJQlmyyt
DQBxn1hdgdT9mysbbYkO4b3nln1aXvQvavJK0ADKHrA1/BNuqXQgL4maN/tImbEz
KVTjZOWzbJmqOwBIrNu+boDhGmmBLouZTqk1hHVvzmFdX8JKSxsMrMozrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMWfp4mDscTXvLuDZ2MtPFCgJiZsMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEveFotbmlZT3h4TmU4dTRObll5MDhVS0FtSm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB/DQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBn4I9WPJ26yGvNygR0uf17B/i1bERsI8WOT5Ub
14fEuuQKY9Z9wDnb8MFAdiRX6/ez1Wq9YoU1M6JY9PX//i9RYJdbkLv4wBd1tvD9
ranNqPVz8IFrxe2rFg15PRVFiGX1Uwonglf8km3j4WQQuVVKmC66X1aADaT1ohfQ
M0uNpwp0kqC+kbyG0cxRyvZFuJVWsGXlB9ctgBfQf4pVu3ICzh7yKcTTlJpzY+kV
yeRSS9eadez1sdqaclj8WF/e8ZEAa5UKsdrhtg4piAIkJYv4c4WCbyP3+nUe7sKy
dxB1mRcvV0zeU38Gqk+OrDCDluQ9jkb9HbTImAt7hNeOd831
-----END CERTIFICATE-----