Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/ONkj0lm5Lto5bOa0g6EHPaOERok.roa
File:                     ONkj0lm5Lto5bOa0g6EHPaOERok.roa (raw, json)
Hash identifier:          74ESDJb+PcGyLSfa8bzOdhYX51WvEqVo2UoFVC4bKcg=
Subject key identifier:   38:D9:23:D2:59:B9:2E:DA:39:6C:E6:B4:83:A1:07:3D:A3:84:46:89
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       018FE86FBD3E8F33FDA8D64A5A670A769A0A
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/ONkj0lm5Lto5bOa0g6EHPaOERok.roa
Signing time:             Wed 05 Jun 2024 12:46:28 +0000
ROA not before:           Wed 05 Jun 2024 12:46:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44803
IP address blocks:        2a06:1301:4050::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:6f:bd:3e:8f:33:fd:a8:d6:4a:5a:67:0a:76:9a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Jun  5 12:46:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38d923d259b92eda396ce6b483a1073da3844689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c5:0e:0e:07:0f:6d:6e:8e:74:ca:4b:e5:cf:
                    c0:7e:ce:9d:56:70:17:13:74:42:1f:21:f5:85:5b:
                    49:27:d8:5a:a2:8c:f7:35:9e:82:90:3f:8b:88:9f:
                    48:19:3b:86:0f:1f:c1:27:d4:e4:a0:d0:08:3a:86:
                    03:bc:73:dc:12:9e:c4:df:fc:3b:17:1e:ff:7d:7b:
                    cf:65:28:d3:6b:d2:cd:b9:63:a2:4c:2a:26:01:a7:
                    f6:be:ef:05:e9:48:cf:f8:ef:a9:fb:6e:94:39:09:
                    0c:72:d2:29:0a:0d:2b:27:cf:a5:bf:17:81:38:e4:
                    79:b2:b5:12:8a:aa:2d:89:b5:0a:90:0b:0b:7c:26:
                    7c:7d:9a:b5:44:3e:9d:95:8c:2b:b9:2c:9c:9b:d1:
                    3f:f6:74:db:78:71:a3:1c:d6:da:61:e7:dc:3c:dc:
                    dc:42:4b:8d:4c:d4:bb:63:f1:12:ed:3f:50:2a:b6:
                    5d:49:b7:5a:1e:75:7a:95:bd:7a:7c:53:bc:30:ce:
                    27:da:76:eb:f6:c4:76:0d:dd:ee:fa:64:01:d4:54:
                    62:9a:8b:4e:0e:d7:ef:9a:0e:2c:96:29:00:9e:46:
                    49:d2:de:25:8a:e4:98:98:ea:9b:ea:f4:0c:d7:cf:
                    a6:ce:86:8f:ce:6e:97:ef:fe:48:27:11:18:99:24:
                    2c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D9:23:D2:59:B9:2E:DA:39:6C:E6:B4:83:A1:07:3D:A3:84:46:89
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/ONkj0lm5Lto5bOa0g6EHPaOERok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1301:4050::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:c2:c5:76:e0:3e:d5:a8:d6:e8:91:66:fe:b3:b2:b4:bf:17:
         df:c0:21:a0:f7:0c:95:24:ef:15:3a:2e:6f:09:17:a5:e6:b4:
         6b:74:81:de:17:6f:2d:bb:4e:dc:6f:90:92:e0:a5:ec:4f:fb:
         ff:3b:83:a8:49:88:21:d8:06:4c:e2:f8:9c:5e:a7:8b:db:a8:
         97:19:de:f7:a8:d8:fb:c9:65:80:cc:e8:d0:d9:6e:1b:c7:cc:
         81:3d:ac:97:60:3c:16:88:c3:ff:92:ce:b8:5c:b4:6c:c7:9b:
         d8:40:71:36:96:0a:6a:db:54:ac:1f:bb:5c:2e:92:2f:5d:32:
         a4:ca:39:c4:02:62:5a:52:1d:3f:f6:2c:e7:33:3d:60:9d:c5:
         0a:ba:e5:ce:8d:33:50:4d:f4:8d:c0:d7:a5:ce:98:22:e5:09:
         a8:e2:d9:dc:0e:64:03:67:ea:64:b1:40:77:9e:75:7f:54:7c:
         f2:89:d4:60:c0:bd:05:03:19:14:2c:96:81:6c:9e:45:7a:e7:
         ac:cc:ed:ae:d0:d5:7a:e1:4c:3d:cf:14:65:f4:d6:2b:38:20:
         00:e5:c5:06:37:45:5d:5f:b8:47:c5:31:79:27:ee:f6:3e:27:
         d9:ec:86:4d:24:38:d1:e7:44:88:ec:f1:ff:b2:12:b7:ee:17:
         d4:f3:6c:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/ob70+jzP9qNZKWmcKdpoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwNjA1MTI0NjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ5MjNkMjU5YjkyZWRhMzk2Y2U2YjQ4M2ExMDczZGEzODQ0Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cUODgcPbW6OdMpL5c/Afs6dVnAX
E3RCHyH1hVtJJ9haooz3NZ6CkD+LiJ9IGTuGDx/BJ9TkoNAIOoYDvHPcEp7E3/w7
Fx7/fXvPZSjTa9LNuWOiTComAaf2vu8F6UjP+O+p+26UOQkMctIpCg0rJ8+lvxeB
OOR5srUSiqotibUKkAsLfCZ8fZq1RD6dlYwruSycm9E/9nTbeHGjHNbaYefcPNzc
QkuNTNS7Y/ES7T9QKrZdSbdaHnV6lb16fFO8MM4n2nbr9sR2Dd3u+mQB1FRimotO
Dtfvmg4slikAnkZJ0t4liuSYmOqb6vQM18+mzoaPzm6X7/5IJxEYmSQsPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDjZI9JZuS7aOWzmtIOhBz2jhEaJMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvT05rajBsbTVMdG81Yk9hMGc2RUhQYU9FUm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYTAUBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCnwsV24D7VqNbokWb+s7K0vxffwCGg9wyVJO8V
Oi5vCRel5rRrdIHeF28tu07cb5CS4KXsT/v/O4OoSYgh2AZM4vicXqeL26iXGd73
qNj7yWWAzOjQ2W4bx8yBPayXYDwWiMP/ks64XLRsx5vYQHE2lgpq21SsH7tcLpIv
XTKkyjnEAmJaUh0/9iznMz1gncUKuuXOjTNQTfSNwNelzpgi5Qmo4tncDmQDZ+pk
sUB3nnV/VHzyidRgwL0FAxkULJaBbJ5FeueszO2u0NV64Uw9zxRl9NYrOCAA5cUG
N0VdX7hHxTF5J+72PifZ7IZNJDjR50SI7PH/shK37hfU82zl
-----END CERTIFICATE-----