Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/OJOKARPn4UTNT4roJWhO6uqd0ew.roa
File:                     OJOKARPn4UTNT4roJWhO6uqd0ew.roa (raw, json)
Hash identifier:          Ctwf7kfl2U9NXYOORUxYCkDGRb2F1yea/BylZyV0I8A=
Subject key identifier:   38:93:8A:01:13:E7:E1:44:CD:4F:8A:E8:25:68:4E:EA:EA:9D:D1:EC
Certificate issuer:       /CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
Certificate serial:       0190CC732E2D9C996FEBCA991782C15540DB
Authority key identifier: 8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/OJOKARPn4UTNT4roJWhO6uqd0ew.roa
Signing time:             Fri 19 Jul 2024 19:23:38 +0000
ROA not before:           Fri 19 Jul 2024 19:23:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        2a13:a280::/29 maxlen: 29
                          2a13:a280::/33 maxlen: 33
                          2a13:a280:8000::/33 maxlen: 33
                          2a13:a281::/33 maxlen: 33
                          2a13:a281:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cc:73:2e:2d:9c:99:6f:eb:ca:99:17:82:c1:55:40:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e06f5a7314b2f966b24fc53155ce7bf604c07a6
        Validity
            Not Before: Jul 19 19:23:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38938a0113e7e144cd4f8ae825684eeaea9dd1ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5c:b7:6b:8a:75:f1:92:a2:f9:02:39:26:9c:
                    0b:05:07:49:78:1b:a4:8c:4a:ad:e2:3a:21:c9:a5:
                    bb:3f:fd:01:1a:a8:e1:74:87:6f:81:f8:78:e9:2a:
                    24:fc:ae:38:d9:f8:df:e1:70:d0:f8:e1:f7:a0:33:
                    2e:4d:8f:b7:82:14:01:59:d0:8d:c1:1d:69:08:cd:
                    36:a7:bd:9e:af:3d:92:43:ef:15:c5:e2:f6:6d:47:
                    5c:7e:22:af:01:d4:cc:a2:0d:6d:e7:40:92:51:3e:
                    11:70:d4:2a:ee:73:6a:f8:91:85:44:9e:4e:6e:1a:
                    57:38:99:79:1b:bd:78:e1:af:5d:87:9c:81:86:46:
                    9a:6c:07:69:38:f9:5f:32:42:3e:12:38:7a:f9:8b:
                    d2:a8:9c:6b:ba:5f:1d:59:e4:48:89:1b:27:3b:31:
                    2d:67:86:a4:6c:53:b8:f8:83:4a:1d:5a:88:2d:e4:
                    b7:73:ff:31:f3:42:52:14:b9:cf:9c:ab:b5:7f:9e:
                    12:15:ff:01:76:99:16:74:16:f7:b3:67:e7:74:4b:
                    d2:0e:c9:98:51:4a:cb:83:f9:51:7f:1a:f3:23:a3:
                    4c:84:a8:91:f3:84:50:20:f6:15:3e:4c:62:d3:fa:
                    f0:be:61:c3:a8:e0:4e:2d:76:8d:c9:b3:46:f0:4f:
                    2c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:93:8A:01:13:E7:E1:44:CD:4F:8A:E8:25:68:4E:EA:EA:9D:D1:EC
            X509v3 Authority Key Identifier:
                keyid:8E:06:F5:A7:31:4B:2F:96:6B:24:FC:53:15:5C:E7:BF:60:4C:07:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/OJOKARPn4UTNT4roJWhO6uqd0ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/62633f-2b3f-4072-8f4a-b474970eca66/1/jgb1pzFLL5ZrJPxTFVznv2BMB6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a280::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:7a:77:0a:b1:90:d7:c6:8b:d5:65:36:0e:1d:ae:60:75:fb:
         54:82:17:da:78:d2:b7:71:d8:95:f6:d7:c4:60:26:8b:72:2b:
         cf:54:3d:16:2b:38:91:15:21:d1:42:60:54:99:53:41:b5:45:
         a0:d1:97:5e:68:c2:0d:f0:9c:87:88:80:5f:64:95:af:59:71:
         f1:4b:c1:38:15:a3:f4:78:11:f0:44:4f:56:82:9e:fe:60:0a:
         29:99:ca:6b:fb:bf:84:97:97:24:2c:9c:75:e6:b9:e3:98:63:
         28:b9:4c:0e:24:3a:44:56:7c:2b:31:de:6f:16:07:a2:53:a9:
         54:d7:c3:6d:26:2b:55:fa:a6:a9:25:db:de:02:e6:59:4c:a2:
         16:e4:b1:b7:db:e2:56:04:37:a4:bb:9a:dc:6e:58:bf:0f:d3:
         c5:79:2e:54:c4:6e:9d:c0:81:28:27:30:d3:2e:68:84:33:4f:
         91:08:c1:b4:e1:eb:ba:bf:85:93:8c:7f:20:3e:fd:ee:35:1e:
         6b:ec:42:f0:c5:63:68:4b:57:77:d6:aa:f6:a5:0a:d9:39:3a:
         6e:44:30:c7:f2:fa:0a:06:0c:dc:dd:d7:86:df:f2:56:93:d5:
         60:37:4f:ad:47:de:44:76:88:9b:da:40:71:26:2c:7d:c6:1e:
         ae:fa:bc:13
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDMcy4tnJlv68qZF4LBVUDbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMDZmNWE3MzE0YjJmOTY2YjI0ZmM1MzE1NWNlN2JmNjA0
YzA3YTYwHhcNMjQwNzE5MTkyMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODkzOGEwMTEzZTdlMTQ0Y2Q0ZjhhZTgyNTY4NGVlYWVhOWRkMWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoly3a4p18ZKi+QI5JpwLBQdJeBuk
jEqt4johyaW7P/0BGqjhdIdvgfh46Sok/K442fjf4XDQ+OH3oDMuTY+3ghQBWdCN
wR1pCM02p72erz2SQ+8VxeL2bUdcfiKvAdTMog1t50CSUT4RcNQq7nNq+JGFRJ5O
bhpXOJl5G7144a9dh5yBhkaabAdpOPlfMkI+Ejh6+YvSqJxrul8dWeRIiRsnOzEt
Z4akbFO4+INKHVqILeS3c/8x80JSFLnPnKu1f54SFf8BdpkWdBb3s2fndEvSDsmY
UUrLg/lRfxrzI6NMhKiR84RQIPYVPkxi0/rwvmHDqOBOLXaNybNG8E8shQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDiTigET5+FEzU+K6CVoTurqndHsMB8GA1UdIwQY
MBaAFI4G9acxSy+WayT8UxVc579gTAemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEt
YjQ3NDk3MGVjYTY2LzEvT0pPS0FSUG40VVROVDRyb0pXaE82dXFkMGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82MjYzM2YtMmIzZi00MDcyLThmNGEtYjQ3NDk3MGVjYTY2
LzEvamdiMXB6RkxMNVpySlB4VEZWem52MkJNQjZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOigDAN
BgkqhkiG9w0BAQsFAAOCAQEANnp3CrGQ18aL1WU2Dh2uYHX7VIIX2njSt3HYlfbX
xGAmi3Irz1Q9Fis4kRUh0UJgVJlTQbVFoNGXXmjCDfCch4iAX2SVr1lx8UvBOBWj
9HgR8ERPVoKe/mAKKZnKa/u/hJeXJCycdea545hjKLlMDiQ6RFZ8KzHebxYHolOp
VNfDbSYrVfqmqSXb3gLmWUyiFuSxt9viVgQ3pLua3G5Yvw/TxXkuVMRuncCBKCcw
0y5ohDNPkQjBtOHrur+Fk4x/ID797jUea+xC8MVjaEtXd9aq9qUK2Tk6bkQwx/L6
CgYM3N3Xht/yVpPVYDdPrUfeRHaIm9pAcSYsfcYervq8Ew==
-----END CERTIFICATE-----