Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/O6bMXB6HjQ3ABxhqeb5YwJU2hbU.roa
File:                     O6bMXB6HjQ3ABxhqeb5YwJU2hbU.roa (raw, json)
Hash identifier:          9W5QO/aPALKvLVh1Kl0oI/cb8BqQJkWN36rqRS8uUO0=
Subject key identifier:   3B:A6:CC:5C:1E:87:8D:0D:C0:07:18:6A:79:BE:58:C0:95:36:85:B5
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42558DF8D65F278F64C477BC9D47C79
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/O6bMXB6HjQ3ABxhqeb5YwJU2hbU.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        2a0b:b87:ffd1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:58:df:8d:65:f2:78:f6:4c:47:7b:c9:d4:7c:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ba6cc5c1e878d0dc007186a79be58c0953685b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:86:ae:96:3a:7f:92:89:ef:73:03:07:cc:75:
                    63:a2:a0:91:47:e0:28:95:81:79:01:e4:9d:a7:a0:
                    25:63:46:fc:13:23:3a:2c:85:cd:05:51:34:a3:05:
                    2a:e0:e5:fd:f5:e5:f6:dc:54:4e:26:f4:55:ea:14:
                    86:38:b2:35:4c:6f:a2:62:45:b2:27:18:7a:10:64:
                    7a:6c:bf:23:66:f2:e7:e0:7c:8d:30:8e:5e:97:58:
                    72:19:ae:7b:1a:d8:05:d5:0c:6c:5a:11:3c:ed:8b:
                    d7:61:84:90:c3:f4:ed:65:9c:25:0e:74:12:50:e8:
                    17:6b:bf:6d:d6:da:e5:a8:d9:45:19:f6:9e:df:39:
                    12:5b:78:e8:59:bb:c9:1f:d1:31:79:b8:51:d9:ab:
                    8a:fc:fa:30:01:0a:8a:0a:5f:b4:55:13:1e:4d:97:
                    a3:50:7f:a9:a9:b9:13:ed:06:d0:d5:ff:a4:45:96:
                    2b:2c:81:99:e0:73:05:2e:f6:c7:61:73:82:91:b0:
                    04:ae:97:56:92:b4:02:2e:1f:24:3f:7b:45:0e:1d:
                    4a:27:03:f8:13:e3:b0:f1:40:78:d0:f2:66:74:0a:
                    84:79:71:a4:7c:35:35:92:b5:d8:7f:47:40:24:9a:
                    48:4d:31:76:73:49:63:12:5c:e6:08:4f:99:5d:6c:
                    e6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A6:CC:5C:1E:87:8D:0D:C0:07:18:6A:79:BE:58:C0:95:36:85:B5
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/O6bMXB6HjQ3ABxhqeb5YwJU2hbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffd1::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:9c:6f:73:41:bb:21:be:a2:ce:29:e2:48:4f:c5:ac:ec:9c:
         1d:30:b2:14:26:3f:7d:74:f5:12:4e:7d:07:d3:7a:0b:c9:52:
         5f:a6:7c:13:05:c5:81:fc:d4:4d:4a:7c:a2:9c:7f:9a:8f:04:
         ab:e2:a7:56:03:ff:5d:32:87:90:05:2c:18:4b:43:f4:4e:79:
         45:f7:84:7c:7d:20:d8:47:e5:17:94:5f:85:76:43:24:3d:de:
         08:44:87:d1:d5:82:47:28:6b:3a:93:cd:07:1e:31:f3:8e:08:
         80:12:89:25:78:16:71:53:88:29:6f:8a:a6:fa:ac:88:e4:bb:
         99:0f:34:a2:f5:21:2a:b4:fe:73:af:20:e7:a4:e5:04:8c:15:
         f7:b4:89:9e:36:52:b5:ff:55:c5:af:e6:fa:94:a3:4e:88:4c:
         dd:46:e0:fb:56:06:05:00:27:cd:f5:15:44:5e:fd:7f:1a:a3:
         19:38:67:48:97:4a:64:75:aa:85:64:fa:39:35:bb:7a:4e:11:
         8b:df:5a:9f:f5:b9:29:6b:94:f0:4f:68:e9:35:e2:78:ac:54:
         03:79:2c:ee:0e:94:a0:6d:f1:47:e2:84:60:3c:e6:a9:c2:9f:
         5c:b8:7d:1d:c1:5c:c0:5a:e4:20:68:f7:01:f7:0a:23:eb:24:
         af:25:bb:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJVjfjWXyePZMR3vJ1Hx5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmE2Y2M1YzFlODc4ZDBkYzAwNzE4NmE3OWJlNThjMDk1MzY4NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4auljp/konvcwMHzHVjoqCRR+Ao
lYF5AeSdp6AlY0b8EyM6LIXNBVE0owUq4OX99eX23FROJvRV6hSGOLI1TG+iYkWy
Jxh6EGR6bL8jZvLn4HyNMI5el1hyGa57GtgF1QxsWhE87YvXYYSQw/TtZZwlDnQS
UOgXa79t1trlqNlFGfae3zkSW3joWbvJH9ExebhR2auK/PowAQqKCl+0VRMeTZej
UH+pqbkT7QbQ1f+kRZYrLIGZ4HMFLvbHYXOCkbAErpdWkrQCLh8kP3tFDh1KJwP4
E+Ow8UB40PJmdAqEeXGkfDU1krXYf0dAJJpITTF2c0ljElzmCE+ZXWzmmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDumzFweh40NwAcYanm+WMCVNoW1MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvTzZiTVhCNkhqUTNBQnhocWViNVl3SlUyaGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh//R
MA0GCSqGSIb3DQEBCwUAA4IBAQAMnG9zQbshvqLOKeJIT8Ws7JwdMLIUJj99dPUS
Tn0H03oLyVJfpnwTBcWB/NRNSnyinH+ajwSr4qdWA/9dMoeQBSwYS0P0TnlF94R8
fSDYR+UXlF+FdkMkPd4IRIfR1YJHKGs6k80HHjHzjgiAEokleBZxU4gpb4qm+qyI
5LuZDzSi9SEqtP5zryDnpOUEjBX3tImeNlK1/1XFr+b6lKNOiEzdRuD7VgYFACfN
9RVEXv1/GqMZOGdIl0pkdaqFZPo5Nbt6ThGL31qf9bkpa5TwT2jpNeJ4rFQDeSzu
DpSgbfFH4oRgPOapwp9cuH0dwVzAWuQgaPcB9woj6ySvJbvx
-----END CERTIFICATE-----