Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/tebT8pC3OiZgoeIMo7Xn4SfeOBs.roa
File:                     tebT8pC3OiZgoeIMo7Xn4SfeOBs.roa (raw, json)
Hash identifier:          lTDDcTNQY2TU1DOmOTiQ67bzgj+R+ebLQyiEEvXsfho=
Subject key identifier:   B5:E6:D3:F2:90:B7:3A:26:60:A1:E2:0C:A3:B5:E7:E1:27:DE:38:1B
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       018CC6B7B0EB38148C5E155F6FFF024806CF
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/tebT8pC3OiZgoeIMo7Xn4SfeOBs.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211447
IP address blocks:        2a0a:d6c0:194::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b0:eb:38:14:8c:5e:15:5f:6f:ff:02:48:06:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5e6d3f290b73a2660a1e20ca3b5e7e127de381b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7d:57:86:5f:12:59:48:e6:8c:87:48:9a:4c:
                    c1:ea:53:66:c2:12:8b:55:d9:24:6f:61:1a:af:3f:
                    b3:9d:0c:36:ee:77:e6:54:38:8b:67:9d:b8:d2:c0:
                    29:48:30:6e:cc:16:14:f0:7c:f1:2a:20:47:be:19:
                    bf:47:3d:38:dc:9f:cb:e3:7b:a5:75:60:2e:db:0a:
                    d8:fa:7b:95:95:fd:81:c2:4a:fb:c4:ac:58:0e:0b:
                    a0:9a:95:78:ce:04:45:45:4f:8c:f3:fd:b7:36:68:
                    ac:f1:52:43:21:99:fd:15:b6:45:b6:33:2b:10:47:
                    86:d5:8d:a0:77:2a:60:d7:e5:af:46:b3:25:fd:ba:
                    dd:e3:50:44:17:fc:e2:a4:40:9a:5c:be:60:20:e1:
                    9c:8d:d6:b4:af:f1:1a:0e:d9:40:32:ff:5d:fa:37:
                    29:da:1f:34:79:d3:9d:76:0b:42:d2:8c:a7:33:49:
                    49:4b:d9:81:2e:1c:c1:e1:a0:1e:f4:77:24:53:c4:
                    39:3d:23:b3:4a:dc:1b:a6:65:9a:e1:34:53:c8:48:
                    5f:84:04:26:86:93:5b:0a:9c:2f:ab:61:b1:8e:59:
                    88:7e:df:9b:5b:53:fe:60:a8:fe:18:95:ca:41:1d:
                    e4:a7:53:c8:97:d1:aa:58:44:9e:d9:65:59:df:f9:
                    99:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:E6:D3:F2:90:B7:3A:26:60:A1:E2:0C:A3:B5:E7:E1:27:DE:38:1B
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/tebT8pC3OiZgoeIMo7Xn4SfeOBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d6c0:194::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:2b:23:9d:81:3a:7e:9a:15:a2:0b:49:2f:01:cb:79:f2:5a:
         8c:b7:1f:03:9e:13:da:31:c2:20:b8:32:f8:e3:45:63:55:47:
         be:e0:06:d6:5c:3a:54:8d:bc:42:c3:07:55:f7:70:8b:11:a3:
         9d:a0:02:08:56:5b:a1:0e:93:fe:b5:79:b4:e6:81:ca:89:e1:
         2b:43:1c:31:68:aa:22:f2:ef:5b:17:8c:15:07:45:82:3c:df:
         f4:26:b7:34:52:1e:53:80:b2:38:a8:b1:e2:dc:41:32:6e:28:
         78:a4:bf:4f:bb:83:79:fc:32:03:6e:81:d7:7a:ca:50:e8:8e:
         ca:89:47:8d:6e:4d:39:b3:b9:12:f3:6b:32:33:b1:06:7e:42:
         a2:a3:f8:33:4a:6f:f2:7d:9b:d1:b5:3a:a4:be:a3:be:4c:34:
         d4:25:bd:92:ba:2a:72:60:f7:ab:81:17:02:a3:a3:f0:42:19:
         9d:19:03:d6:72:1c:2e:b0:0a:29:8e:df:14:89:59:f9:af:8c:
         3c:d3:b9:1c:79:4b:27:42:7c:94:6e:05:84:e8:18:d1:ee:fa:
         41:cf:a6:38:7e:bd:e6:8b:7d:2b:98:92:da:40:a9:5e:50:77:
         48:27:5d:ec:93:de:e9:6c:4e:81:36:97:86:3f:f5:35:4b:18:
         df:04:86:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt7DrOBSMXhVfb/8CSAbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWU2ZDNmMjkwYjczYTI2NjBhMWUyMGNhM2I1ZTdlMTI3ZGUzODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiH1Xhl8SWUjmjIdImkzB6lNmwhKL
Vdkkb2Earz+znQw27nfmVDiLZ5240sApSDBuzBYU8HzxKiBHvhm/Rz043J/L43ul
dWAu2wrY+nuVlf2Bwkr7xKxYDgugmpV4zgRFRU+M8/23Nmis8VJDIZn9FbZFtjMr
EEeG1Y2gdypg1+WvRrMl/brd41BEF/zipECaXL5gIOGcjda0r/EaDtlAMv9d+jcp
2h80edOddgtC0oynM0lJS9mBLhzB4aAe9HckU8Q5PSOzStwbpmWa4TRTyEhfhAQm
hpNbCpwvq2GxjlmIft+bW1P+YKj+GJXKQR3kp1PIl9GqWESe2WVZ3/mZmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLXm0/KQtzomYKHiDKO15+En3jgbMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvdGViVDhwQzNPaVpnb2VJTW83WG40U2ZlT0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrWwAGU
MA0GCSqGSIb3DQEBCwUAA4IBAQAvKyOdgTp+mhWiC0kvAct58lqMtx8DnhPaMcIg
uDL440VjVUe+4AbWXDpUjbxCwwdV93CLEaOdoAIIVluhDpP+tXm05oHKieErQxwx
aKoi8u9bF4wVB0WCPN/0Jrc0Uh5TgLI4qLHi3EEybih4pL9Pu4N5/DIDboHXespQ
6I7KiUeNbk05s7kS82syM7EGfkKio/gzSm/yfZvRtTqkvqO+TDTUJb2SuipyYPer
gRcCo6PwQhmdGQPWchwusAopjt8UiVn5r4w807kceUsnQnyUbgWE6BjR7vpBz6Y4
fr3mi30rmJLaQKleUHdIJ13sk97pbE6BNpeGP/U1SxjfBIbF
-----END CERTIFICATE-----