Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/2bbd21-d147-4c78-8d2e-a209b90f27d9/1/9BrWMaEzArCGFZABN-AnokGRM0w.roa
File:                     9BrWMaEzArCGFZABN-AnokGRM0w.roa (raw, json)
Hash identifier:          XdA7YFFUZ3GewQ5UyDVXDaGwyuoB7Vm8CsHlAb1HNdk=
Subject key identifier:   F4:1A:D6:31:A1:33:02:B0:86:15:90:01:37:E0:27:A2:41:91:33:4C
Certificate issuer:       /CN=72d742616a68041f7f0fcd0792f38e4103a79dc2
Certificate serial:       0192D853B3F58D2031FF1D4D02939DFE2A38
Authority key identifier: 72:D7:42:61:6A:68:04:1F:7F:0F:CD:07:92:F3:8E:41:03:A7:9D:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ctdCYWpoBB9_D80HkvOOQQOnncI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/2bbd21-d147-4c78-8d2e-a209b90f27d9/1/9BrWMaEzArCGFZABN-AnokGRM0w.roa
Signing time:             Tue 29 Oct 2024 12:50:16 +0000
ROA not before:           Tue 29 Oct 2024 12:50:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214083
IP address blocks:        2001:678:db4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/2bbd21-d147-4c78-8d2e-a209b90f27d9/1/ctdCYWpoBB9_D80HkvOOQQOnncI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/2bbd21-d147-4c78-8d2e-a209b90f27d9/1/ctdCYWpoBB9_D80HkvOOQQOnncI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ctdCYWpoBB9_D80HkvOOQQOnncI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:53:b3:f5:8d:20:31:ff:1d:4d:02:93:9d:fe:2a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72d742616a68041f7f0fcd0792f38e4103a79dc2
        Validity
            Not Before: Oct 29 12:50:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f41ad631a13302b08615900137e027a24191334c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:38:85:9e:8d:a6:92:e9:e5:ea:80:1a:74:c1:
                    c0:f8:21:4c:78:44:3f:f8:8e:cc:53:8a:c2:23:e3:
                    19:7b:1b:e6:92:1d:65:3c:64:f9:2e:52:47:19:9d:
                    f9:60:47:8b:7e:65:70:a1:c7:fa:70:f1:e3:18:4d:
                    91:ad:3d:c1:6b:cc:b4:44:d5:fc:4f:8c:8e:9d:d6:
                    cf:5f:db:08:c1:93:00:c5:10:dd:28:9f:14:72:71:
                    56:37:5a:45:e4:d8:fc:e8:07:eb:f9:d8:c8:1e:b3:
                    6f:52:6b:42:1c:5c:0e:90:b4:2c:cf:0e:91:02:2a:
                    8b:14:99:64:f4:fb:80:04:7b:92:32:a8:5f:4c:34:
                    1a:ff:c8:36:12:6c:0b:25:c7:1c:1c:0b:c0:32:1b:
                    4b:eb:90:dc:05:f8:26:5c:01:95:01:fc:d9:17:8b:
                    fd:ec:c2:8d:8b:13:74:15:07:3a:01:c1:e9:ae:4d:
                    c8:65:ec:f9:b8:fb:a8:66:7d:9b:4c:0c:e6:eb:80:
                    f7:46:dc:3a:b6:bc:b6:a9:1e:6a:04:ef:a4:4f:b2:
                    3d:f2:96:65:d4:64:b3:17:62:68:8c:c6:a8:42:be:
                    cc:b1:84:ba:1a:d8:44:77:72:71:e4:90:fa:db:53:
                    c1:ed:7e:09:f9:e6:7d:c5:ac:9a:ca:a1:31:17:d5:
                    15:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1A:D6:31:A1:33:02:B0:86:15:90:01:37:E0:27:A2:41:91:33:4C
            X509v3 Authority Key Identifier:
                keyid:72:D7:42:61:6A:68:04:1F:7F:0F:CD:07:92:F3:8E:41:03:A7:9D:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ctdCYWpoBB9_D80HkvOOQQOnncI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2bbd21-d147-4c78-8d2e-a209b90f27d9/1/9BrWMaEzArCGFZABN-AnokGRM0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2bbd21-d147-4c78-8d2e-a209b90f27d9/1/ctdCYWpoBB9_D80HkvOOQQOnncI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:db4::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:f2:c5:c3:16:4d:51:42:02:eb:c3:19:16:21:d0:dd:dd:ad:
         56:28:a1:6b:9c:25:02:55:eb:fd:13:59:e6:05:4f:35:b9:6b:
         e4:88:3f:57:0d:40:62:08:19:0a:28:9d:a8:ae:f0:ee:97:b9:
         a0:8f:51:58:d4:96:0e:c9:11:91:2f:45:bf:86:a8:92:df:a9:
         4c:d2:ab:2e:02:f3:3d:40:0d:1f:19:8b:fe:7b:a4:fa:88:e4:
         5b:db:ff:c1:36:f9:7d:8f:e6:5f:a3:27:22:14:89:4c:b5:f7:
         33:d7:e6:45:aa:8a:d4:4a:b2:47:ba:f4:53:bf:0d:04:ad:67:
         3a:14:47:2f:79:a0:cf:e9:59:7e:41:4a:05:6e:43:fc:6e:44:
         e2:47:fc:8c:35:49:d5:d2:ca:1b:99:f5:62:e5:33:1e:08:d7:
         31:bf:b8:4d:c8:79:87:d1:e0:98:5a:39:d7:1d:74:be:5c:5e:
         75:83:55:81:ab:0b:78:4c:75:bc:24:ab:f7:b2:b0:83:54:b4:
         0b:5c:0a:9e:cf:da:16:1f:b3:c0:65:61:75:1c:5e:96:7a:1b:
         8c:68:f4:50:0f:6d:ce:2a:26:a1:c7:05:56:57:b6:97:34:e0:
         9a:8f:57:e8:4f:61:1f:5f:0c:51:97:a2:76:ac:7f:a8:de:db:
         9c:c0:0e:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZLYU7P1jSAx/x1NApOd/io4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZDc0MjYxNmE2ODA0MWY3ZjBmY2QwNzkyZjM4ZTQxMDNh
NzlkYzIwHhcNMjQxMDI5MTI1MDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFhZDYzMWExMzMwMmIwODYxNTkwMDEzN2UwMjdhMjQxOTEzMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDiFno2mkunl6oAadMHA+CFMeEQ/
+I7MU4rCI+MZexvmkh1lPGT5LlJHGZ35YEeLfmVwocf6cPHjGE2RrT3Ba8y0RNX8
T4yOndbPX9sIwZMAxRDdKJ8UcnFWN1pF5Nj86Afr+djIHrNvUmtCHFwOkLQszw6R
AiqLFJlk9PuABHuSMqhfTDQa/8g2EmwLJcccHAvAMhtL65DcBfgmXAGVAfzZF4v9
7MKNixN0FQc6AcHprk3IZez5uPuoZn2bTAzm64D3Rtw6try2qR5qBO+kT7I98pZl
1GSzF2JojMaoQr7MsYS6GthEd3Jx5JD621PB7X4J+eZ9xayayqExF9UV1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPQa1jGhMwKwhhWQATfgJ6JBkTNMMB8GA1UdIwQY
MBaAFHLXQmFqaAQffw/NB5LzjkEDp53CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3RkQ1lXcG9CQjlfRDgwSGt2T09RUU9ubmNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8yYmJkMjEtZDE0Ny00Yzc4LThkMmUt
YTIwOWI5MGYyN2Q5LzEvOUJyV01hRXpBckNHRlpBQk4tQW5va0dSTTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8yYmJkMjEtZDE0Ny00Yzc4LThkMmUtYTIwOWI5MGYyN2Q5
LzEvY3RkQ1lXcG9CQjlfRDgwSGt2T09RUU9ubmNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA20
MA0GCSqGSIb3DQEBCwUAA4IBAQCB8sXDFk1RQgLrwxkWIdDd3a1WKKFrnCUCVev9
E1nmBU81uWvkiD9XDUBiCBkKKJ2orvDul7mgj1FY1JYOyRGRL0W/hqiS36lM0qsu
AvM9QA0fGYv+e6T6iORb2//BNvl9j+ZfoyciFIlMtfcz1+ZFqorUSrJHuvRTvw0E
rWc6FEcveaDP6Vl+QUoFbkP8bkTiR/yMNUnV0sobmfVi5TMeCNcxv7hNyHmH0eCY
WjnXHXS+XF51g1WBqwt4THW8JKv3srCDVLQLXAqez9oWH7PAZWF1HF6WehuMaPRQ
D23OKiahxwVWV7aXNOCaj1foT2EfXwxRl6J2rH+o3tucwA6x
-----END CERTIFICATE-----