Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/oGROSml4x0mewlyC-zm4XXWt5kY.roa
File:                     oGROSml4x0mewlyC-zm4XXWt5kY.roa (raw, json)
Hash identifier:          I4AvjYpCxX+z3B4bXtE0mIB9qvCMqMDwEt8CCX3G3f4=
Subject key identifier:   A0:64:4E:4A:69:78:C7:49:9E:C2:5C:82:FB:39:B8:5D:75:AD:E6:46
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       018F76E93933DD7A52A654CCB22AD782965D
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/oGROSml4x0mewlyC-zm4XXWt5kY.roa
Signing time:             Tue 14 May 2024 11:42:26 +0000
ROA not before:           Tue 14 May 2024 11:42:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215480
IP address blocks:        2a05:9080:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e9:39:33:dd:7a:52:a6:54:cc:b2:2a:d7:82:96:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 14 11:42:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0644e4a6978c7499ec25c82fb39b85d75ade646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ec:df:51:4f:6d:e7:94:78:9f:51:87:33:50:
                    46:b4:1b:96:da:ec:b2:6f:32:a4:e3:d8:15:0f:31:
                    2c:6c:92:5d:b2:66:75:06:cd:f3:86:af:72:e3:54:
                    5c:e7:b1:6a:18:86:0e:eb:82:57:a2:71:c0:31:54:
                    18:9a:a4:35:d2:07:21:54:0e:3b:73:5a:85:26:7d:
                    4e:49:77:18:36:45:9b:a4:c8:8c:b3:eb:9b:53:44:
                    19:ee:82:8c:cb:db:8c:c3:45:46:fd:f3:f3:bc:57:
                    f7:55:cf:26:a5:f2:99:93:9f:5f:75:8f:29:12:0c:
                    b8:a1:8e:c7:58:cc:4d:80:d2:cd:54:a7:6e:9c:4b:
                    bf:bc:3e:95:42:cc:bf:28:5e:15:25:7f:ac:21:77:
                    8e:bd:3e:72:56:fb:b4:36:b8:51:4e:a4:0a:a2:56:
                    6c:2e:b4:89:4d:21:12:2e:1b:59:0c:c4:ab:c4:71:
                    c3:b7:ed:06:d6:a9:61:27:27:26:e8:50:b5:b1:e8:
                    7a:5b:d8:5d:2e:71:d4:f4:c2:cd:5e:54:ec:29:4c:
                    c3:fb:c9:f0:5b:a3:c3:c4:a3:c4:2a:99:2d:75:ec:
                    4d:a0:43:f0:45:a5:a4:36:e8:4b:a7:cd:18:1a:f8:
                    32:cf:75:95:37:0b:5e:f9:20:53:58:c6:fe:c9:93:
                    92:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:64:4E:4A:69:78:C7:49:9E:C2:5C:82:FB:39:B8:5D:75:AD:E6:46
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/oGROSml4x0mewlyC-zm4XXWt5kY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:dd:ec:7d:c7:63:3e:43:06:fc:07:6f:e2:37:41:9a:1d:79:
         ee:f8:a2:25:95:de:91:eb:c5:16:b6:4d:f9:fb:64:39:e7:0e:
         e8:1f:b8:65:73:28:d3:be:0f:86:4b:dd:9b:83:04:d7:92:d9:
         16:62:9d:6f:29:c5:06:bf:01:37:e9:7a:5a:3c:28:58:2f:bf:
         b1:3f:25:a7:ed:4c:d4:a7:a9:d6:79:66:50:a1:4c:d2:d8:04:
         9b:2c:96:fe:57:87:8a:b9:da:1b:b1:77:d7:8b:00:27:4c:a2:
         dc:35:12:4d:d4:74:91:90:50:80:fe:44:ef:a6:c2:69:49:86:
         ba:84:e0:f9:24:40:d1:c3:69:f4:88:12:ec:d6:d2:bc:e8:e9:
         6b:35:13:ca:fe:fd:7f:32:a9:2b:b2:9b:7b:ca:e8:aa:be:9a:
         e6:ea:00:84:ac:6f:a5:46:07:e1:c6:f9:46:b0:40:0b:a4:db:
         1f:88:d3:96:80:27:13:a6:72:05:bf:2a:19:b4:f3:69:fc:60:
         65:41:56:93:02:d0:2d:f8:c8:e8:7a:f8:c9:c8:6f:64:c3:60:
         a1:c1:12:d3:d9:79:8a:06:ac:43:ef:e6:07:db:e0:c7:ab:e8:
         ea:9f:40:8e:7d:76:da:c9:a3:5f:19:a7:d8:20:11:a2:a8:b5:
         b6:43:9a:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY926Tkz3XpSplTMsirXgpZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwNTE0MTE0MjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDY0NGU0YTY5NzhjNzQ5OWVjMjVjODJmYjM5Yjg1ZDc1YWRlNjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuzfUU9t55R4n1GHM1BGtBuW2uyy
bzKk49gVDzEsbJJdsmZ1Bs3zhq9y41Rc57FqGIYO64JXonHAMVQYmqQ10gchVA47
c1qFJn1OSXcYNkWbpMiMs+ubU0QZ7oKMy9uMw0VG/fPzvFf3Vc8mpfKZk59fdY8p
Egy4oY7HWMxNgNLNVKdunEu/vD6VQsy/KF4VJX+sIXeOvT5yVvu0NrhRTqQKolZs
LrSJTSESLhtZDMSrxHHDt+0G1qlhJycm6FC1seh6W9hdLnHU9MLNXlTsKUzD+8nw
W6PDxKPEKpktdexNoEPwRaWkNuhLp80YGvgyz3WVNwte+SBTWMb+yZOSZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKBkTkppeMdJnsJcgvs5uF11reZGMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvb0dST1NtbDR4MG1ld2x5Qy16bTRYWFd0NWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQDD3ex9x2M+Qwb8B2/iN0GaHXnu+KIlld6R68UW
tk35+2Q55w7oH7hlcyjTvg+GS92bgwTXktkWYp1vKcUGvwE36XpaPChYL7+xPyWn
7UzUp6nWeWZQoUzS2ASbLJb+V4eKudobsXfXiwAnTKLcNRJN1HSRkFCA/kTvpsJp
SYa6hOD5JEDRw2n0iBLs1tK86OlrNRPK/v1/Mqkrspt7yuiqvprm6gCErG+lRgfh
xvlGsEALpNsfiNOWgCcTpnIFvyoZtPNp/GBlQVaTAtAt+MjoevjJyG9kw2ChwRLT
2XmKBqxD7+YH2+DHq+jqn0COfXbayaNfGafYIBGiqLW2Q5o5
-----END CERTIFICATE-----