Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/oeaxRMpd0KqdD7R_xct4conv55M.roa
File:                     oeaxRMpd0KqdD7R_xct4conv55M.roa (raw, json)
Hash identifier:          58iJ9cOCvMvlUvZ5JGWAj4XYE9er/1tC2y/3wi1AfqU=
Subject key identifier:   A1:E6:B1:44:CA:5D:D0:AA:9D:0F:B4:7F:C5:CB:78:72:89:EF:E7:93
Certificate issuer:       /CN=8ecc229e5699105828564b78509f3b72f3090a21
Certificate serial:       018CC86F1A3587927E1BF0B62A3842228F5B
Authority key identifier: 8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/oeaxRMpd0KqdD7R_xct4conv55M.roa
Signing time:             Tue 02 Jan 2024 04:29:33 +0000
ROA not before:           Tue 02 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46997
IP address blocks:        2a02:7080::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 10:03:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1a:35:87:92:7e:1b:f0:b6:2a:38:42:22:8f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ecc229e5699105828564b78509f3b72f3090a21
        Validity
            Not Before: Jan  2 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e6b144ca5dd0aa9d0fb47fc5cb787289efe793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2f:03:ef:4b:a1:72:90:b5:26:83:8a:57:5f:
                    bd:9b:c7:97:08:95:e9:f9:7e:ef:dd:49:69:51:a5:
                    38:43:93:f2:97:76:f2:dd:c2:43:b7:c5:d4:41:1b:
                    78:8c:9b:ab:9f:6b:6d:75:8a:99:99:e0:cb:44:61:
                    1c:e0:00:42:4d:0f:93:94:cc:d4:5b:d0:0f:58:97:
                    d0:31:23:0d:59:50:06:d2:81:6f:04:ca:8d:47:5f:
                    1e:29:0a:24:eb:c1:fd:5f:23:87:c2:db:d0:66:a9:
                    bb:78:a8:f3:dc:5a:0e:1b:50:07:a0:6b:48:79:38:
                    ac:0b:95:a9:e6:cc:01:ae:51:aa:90:e4:fa:a4:d6:
                    32:d7:af:76:59:9c:31:aa:01:52:08:9e:2a:98:46:
                    84:89:b8:08:91:1c:b1:d1:00:2f:b5:fb:49:44:c2:
                    70:68:71:d9:a0:5b:48:bd:f8:56:b5:a5:e8:c8:cc:
                    f3:a7:a1:70:8a:a2:1e:50:70:76:c8:b5:cf:37:6d:
                    c4:a2:d3:10:5e:e8:9f:0a:5d:37:c4:35:2c:f2:1f:
                    3e:a7:5d:86:fd:48:d5:eb:ad:29:e2:34:a7:f7:88:
                    13:20:d7:ac:41:7b:35:7f:b4:c6:fd:16:20:79:1c:
                    1f:17:4a:f2:b7:75:cb:46:48:ed:37:f1:16:b8:b9:
                    c5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E6:B1:44:CA:5D:D0:AA:9D:0F:B4:7F:C5:CB:78:72:89:EF:E7:93
            X509v3 Authority Key Identifier:
                keyid:8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/oeaxRMpd0KqdD7R_xct4conv55M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7080::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:f3:fd:24:18:f8:13:b1:d2:78:09:ff:8f:c4:fc:ef:80:7f:
         ce:49:6f:b6:1e:9f:29:cc:62:0b:5b:94:00:51:2f:29:b7:04:
         2a:ee:e3:10:ff:24:c9:44:b8:18:23:80:14:1b:80:20:03:fa:
         35:54:e7:7e:92:e0:03:ed:12:f1:b3:3e:2c:12:9a:8b:ce:5f:
         1a:39:e5:f2:a6:1a:6f:3e:20:b7:1f:d0:33:12:e5:f8:d8:ba:
         46:75:24:15:75:d5:c9:70:6d:92:86:ea:33:0b:54:d5:a8:67:
         07:9f:f8:72:88:89:76:77:78:51:8a:eb:3b:2c:af:7b:9d:7d:
         3a:0c:09:73:ab:06:5c:14:96:f0:e8:a5:aa:0f:39:c9:81:9b:
         ac:a0:b0:09:5b:b1:93:5c:60:75:e6:06:75:c9:d5:ce:69:86:
         01:aa:9c:a1:2a:8e:9c:d4:fd:35:d4:21:ed:b2:cf:f3:40:c0:
         1a:d8:67:65:01:4b:f1:20:3d:e8:f7:14:fd:d9:5b:c2:43:75:
         af:23:af:96:e0:3c:bd:87:b2:88:15:af:f2:bf:f2:76:af:c8:
         be:b4:2f:56:1f:90:03:6a:f9:c6:18:1d:9b:94:2a:81:12:09:
         37:97:a7:9e:0a:1c:24:9c:70:76:84:eb:bb:4b:26:5b:ac:ae:
         6b:3f:70:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbxo1h5J+G/C2KjhCIo9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlY2MyMjllNTY5OTEwNTgyODU2NGI3ODUwOWYzYjcyZjMw
OTBhMjEwHhcNMjQwMTAyMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU2YjE0NGNhNWRkMGFhOWQwZmI0N2ZjNWNiNzg3Mjg5ZWZlNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly8D70uhcpC1JoOKV1+9m8eXCJXp
+X7v3UlpUaU4Q5Pyl3by3cJDt8XUQRt4jJurn2ttdYqZmeDLRGEc4ABCTQ+TlMzU
W9APWJfQMSMNWVAG0oFvBMqNR18eKQok68H9XyOHwtvQZqm7eKjz3FoOG1AHoGtI
eTisC5Wp5swBrlGqkOT6pNYy1692WZwxqgFSCJ4qmEaEibgIkRyx0QAvtftJRMJw
aHHZoFtIvfhWtaXoyMzzp6FwiqIeUHB2yLXPN23EotMQXuifCl03xDUs8h8+p12G
/UjV660p4jSn94gTINesQXs1f7TG/RYgeRwfF0ryt3XLRkjtN/EWuLnFlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKHmsUTKXdCqnQ+0f8XLeHKJ7+eTMB8GA1UdIwQY
MBaAFI7MIp5WmRBYKFZLeFCfO3LzCQohMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanN3aW5sYVpFRmdvVmt0NFVKODdjdk1KQ2lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8zMDYwYmQtZmViMi00OTg2LWI5ZTMt
M2M5ZWJjNDU2NjIzLzEvb2VheFJNcGQwS3FkRDdSX3hjdDRjb252NTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8zMDYwYmQtZmViMi00OTg2LWI5ZTMtM2M5ZWJjNDU2NjIz
LzEvanN3aW5sYVpFRmdvVmt0NFVKODdjdk1KQ2lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJwgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAu8/0kGPgTsdJ4Cf+PxPzvgH/OSW+2Hp8pzGIL
W5QAUS8ptwQq7uMQ/yTJRLgYI4AUG4AgA/o1VOd+kuAD7RLxsz4sEpqLzl8aOeXy
phpvPiC3H9AzEuX42LpGdSQVddXJcG2ShuozC1TVqGcHn/hyiIl2d3hRius7LK97
nX06DAlzqwZcFJbw6KWqDznJgZusoLAJW7GTXGB15gZ1ydXOaYYBqpyhKo6c1P01
1CHtss/zQMAa2GdlAUvxID3o9xT92VvCQ3WvI6+W4Dy9h7KIFa/yv/J2r8i+tC9W
H5ADavnGGB2blCqBEgk3l6eeChwknHB2hOu7SyZbrK5rP3D/
-----END CERTIFICATE-----