Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xmbhob9HeHpi9gReDlWy9-9Yyn4.roa
File:                     xmbhob9HeHpi9gReDlWy9-9Yyn4.roa (raw, json)
Hash identifier:          9b/buZ+vknp5EgNAd1AjopaYjCHgQLttfDXIgUHLKN0=
Subject key identifier:   C6:66:E1:A1:BF:47:78:7A:62:F6:04:5E:0E:55:B2:F7:EF:58:CA:7E
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D46130018F52DC5EB8759CF77224E
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xmbhob9HeHpi9gReDlWy9-9Yyn4.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213169
IP address blocks:        2a0e:aa07:4000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:46:13:00:18:f5:2d:c5:eb:87:59:cf:77:22:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c666e1a1bf47787a62f6045e0e55b2f7ef58ca7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:99:bb:19:97:2c:ef:3a:6d:a7:33:c8:36:b0:
                    44:e9:54:52:07:4d:20:70:47:6c:ed:a3:0b:44:b5:
                    91:0f:35:4b:01:dc:af:6b:21:51:a0:ec:9e:84:39:
                    23:19:5b:74:06:5e:0a:47:04:35:56:4c:2c:f0:cb:
                    19:84:26:7e:1c:8c:c4:75:d9:ab:7a:70:d9:b7:85:
                    62:ae:82:39:55:aa:4e:55:f8:41:30:f0:b1:bf:88:
                    2e:64:bd:b6:18:d8:72:85:f7:60:28:3c:e2:13:8b:
                    f2:40:1d:ac:49:cd:7c:d2:e8:99:11:17:8d:77:e3:
                    11:42:2f:91:2d:00:6a:a3:a7:00:83:45:58:6d:73:
                    22:10:1a:45:29:0e:02:f3:42:90:92:d8:e3:f4:f2:
                    11:1c:b1:56:1b:e8:b0:d9:f5:55:dd:03:bc:6b:02:
                    13:f9:61:f7:2e:5c:64:9c:70:6c:f6:2d:4d:b6:eb:
                    74:d4:f1:ed:72:44:56:67:03:29:57:f0:22:f2:4e:
                    f1:55:5a:d2:a8:c0:5b:1e:80:56:3e:a6:c5:06:ba:
                    16:7d:4e:5b:d9:72:32:d3:c8:a7:be:78:98:33:4f:
                    54:ae:d2:f9:b9:b8:53:a1:ae:e8:24:6b:d6:15:15:
                    8b:37:db:92:72:64:1e:08:04:fe:5c:b9:24:49:24:
                    fe:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:66:E1:A1:BF:47:78:7A:62:F6:04:5E:0E:55:B2:F7:EF:58:CA:7E
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xmbhob9HeHpi9gReDlWy9-9Yyn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6b:f0:8d:ad:5e:94:e2:2b:cb:7f:ba:71:d2:c1:22:ba:e3:00:
         ce:3f:b5:3d:c9:5a:8a:c6:8f:1e:3f:ae:c5:88:3d:66:47:a4:
         47:7d:31:8d:26:1e:af:6c:ec:b9:51:f9:85:fd:12:44:b8:ad:
         d1:59:48:a4:13:37:41:a9:70:28:3d:c8:34:df:ca:f9:21:3a:
         65:ad:fe:3e:a8:c8:0d:58:1e:d6:31:b5:3f:97:57:2c:f7:6e:
         35:36:88:f8:98:02:d1:0a:3d:6b:f6:e1:68:99:49:df:54:92:
         6f:fc:92:ed:be:74:bb:8e:b9:71:ac:25:76:7f:f4:65:54:8d:
         45:7d:85:c8:8e:a9:64:45:ff:e7:68:ab:13:a1:98:21:9e:b3:
         78:a0:c6:30:79:cb:04:e5:c1:12:08:d0:e7:ce:df:62:fa:21:
         e8:85:01:50:bf:d0:cc:d7:5e:26:20:05:a6:f6:94:a6:72:f7:
         61:18:66:af:3b:96:2a:59:3e:01:ac:03:36:57:71:f5:9a:68:
         0f:ce:41:9c:4e:37:74:47:cf:0e:c6:e7:c5:4c:09:97:c2:88:
         87:08:df:2f:1b:62:0e:cc:d2:fe:1d:f0:26:61:bd:ee:e0:d2:
         91:53:a6:bc:b4:78:51:b1:8b:62:fe:93:a1:44:a1:37:79:53:
         de:1d:51:fb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzCbUYTABj1LcXrh1nPdyJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY2ZTFhMWJmNDc3ODdhNjJmNjA0NWUwZTU1YjJmN2VmNThjYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpm7GZcs7zptpzPINrBE6VRSB00g
cEds7aMLRLWRDzVLAdyvayFRoOyehDkjGVt0Bl4KRwQ1Vkws8MsZhCZ+HIzEddmr
enDZt4ViroI5VapOVfhBMPCxv4guZL22GNhyhfdgKDziE4vyQB2sSc180uiZEReN
d+MRQi+RLQBqo6cAg0VYbXMiEBpFKQ4C80KQktjj9PIRHLFWG+iw2fVV3QO8awIT
+WH3LlxknHBs9i1Ntut01PHtckRWZwMpV/Ai8k7xVVrSqMBbHoBWPqbFBroWfU5b
2XIy08invniYM09UrtL5ubhToa7oJGvWFRWLN9uScmQeCAT+XLkkSST+IQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMZm4aG/R3h6YvYEXg5VsvfvWMp+MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEveG1iaG9iOUhlSHBpOWdSZURsV3k5LTlZeW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg6qB0Aw
DQYJKoZIhvcNAQELBQADggEBAGvwja1elOIry3+6cdLBIrrjAM4/tT3JWorGjx4/
rsWIPWZHpEd9MY0mHq9s7LlR+YX9EkS4rdFZSKQTN0GpcCg9yDTfyvkhOmWt/j6o
yA1YHtYxtT+XVyz3bjU2iPiYAtEKPWv24WiZSd9Ukm/8ku2+dLuOuXGsJXZ/9GVU
jUV9hciOqWRF/+doqxOhmCGes3igxjB5ywTlwRII0OfO32L6IeiFAVC/0MzXXiYg
Bab2lKZy92EYZq87lipZPgGsAzZXcfWaaA/OQZxON3RHzw7G58VMCZfCiIcI3y8b
Yg7M0v4d8CZhve7g0pFTpry0eFGxi2L+k6FEoTd5U94dUfs=
-----END CERTIFICATE-----