Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/7b0a85-9677-4d03-afb6-a9faf6a26426/1/j8OReRU7PaKfbSR2Y2Xnl0FQA_o.roa
File:                     j8OReRU7PaKfbSR2Y2Xnl0FQA_o.roa (raw, json)
Hash identifier:          /56UOyZlGhQZUqWhuF/OAR78axEehwQne5DtSrypzc8=
Subject key identifier:   8F:C3:91:79:15:3B:3D:A2:9F:6D:24:76:63:65:E7:97:41:50:03:FA
Certificate issuer:       /CN=f2807f280da99569eca24346babe9dc85ac13240
Certificate serial:       018CC3B6E4BAE486BFF5732A80326C1DBC63
Authority key identifier: F2:80:7F:28:0D:A9:95:69:EC:A2:43:46:BA:BE:9D:C8:5A:C1:32:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8oB_KA2plWnsokNGur6dyFrBMkA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/7b0a85-9677-4d03-afb6-a9faf6a26426/1/j8OReRU7PaKfbSR2Y2Xnl0FQA_o.roa
Signing time:             Mon 01 Jan 2024 06:29:52 +0000
ROA not before:           Mon 01 Jan 2024 06:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14616
IP address blocks:        2a02:e38:8100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/7b0a85-9677-4d03-afb6-a9faf6a26426/1/8oB_KA2plWnsokNGur6dyFrBMkA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/7b0a85-9677-4d03-afb6-a9faf6a26426/1/8oB_KA2plWnsokNGur6dyFrBMkA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8oB_KA2plWnsokNGur6dyFrBMkA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e4:ba:e4:86:bf:f5:73:2a:80:32:6c:1d:bc:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2807f280da99569eca24346babe9dc85ac13240
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fc39179153b3da29f6d24766365e797415003fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:76:a1:21:7c:05:4b:49:73:ac:78:62:7c:28:
                    3c:72:16:8b:20:eb:5c:34:28:b9:bc:7a:0b:02:c2:
                    49:75:49:58:27:4d:c6:8e:79:88:6f:44:db:91:90:
                    42:ab:91:d7:34:ee:5f:a4:44:a2:bf:f1:d4:bc:aa:
                    85:64:3a:d8:84:4f:39:7a:8d:c2:ab:6a:9e:f1:ad:
                    20:43:63:79:51:ad:f7:10:cf:c2:d1:08:26:bb:5c:
                    23:6c:8c:bb:8c:55:55:d8:86:1a:dc:9f:ca:67:bd:
                    ae:bc:13:6c:9e:4f:0e:1a:21:df:4c:d4:ed:ec:54:
                    f6:d9:ea:f4:98:e6:e4:b8:0f:e2:01:6d:4b:95:af:
                    7a:a8:bf:95:86:e2:26:b3:62:d3:ee:d7:62:ab:2d:
                    de:aa:dd:de:66:07:57:a2:b4:8e:d2:da:f2:b4:aa:
                    15:91:88:8c:46:33:e0:53:ac:4b:af:e0:4b:6e:e2:
                    83:4a:74:c9:39:94:1e:20:ac:91:df:ac:79:6a:6d:
                    d5:8a:ad:0b:48:13:2d:b4:02:f2:e0:9a:07:89:f0:
                    a9:0a:87:d4:fb:98:32:25:35:68:ad:dc:44:02:0f:
                    6a:b0:19:f0:ef:56:ae:05:ce:55:35:d2:58:71:4c:
                    f6:14:28:76:55:90:f6:a7:54:a4:fa:8e:9e:ce:95:
                    b4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C3:91:79:15:3B:3D:A2:9F:6D:24:76:63:65:E7:97:41:50:03:FA
            X509v3 Authority Key Identifier:
                keyid:F2:80:7F:28:0D:A9:95:69:EC:A2:43:46:BA:BE:9D:C8:5A:C1:32:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8oB_KA2plWnsokNGur6dyFrBMkA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7b0a85-9677-4d03-afb6-a9faf6a26426/1/j8OReRU7PaKfbSR2Y2Xnl0FQA_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7b0a85-9677-4d03-afb6-a9faf6a26426/1/8oB_KA2plWnsokNGur6dyFrBMkA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e38:8100::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:89:30:15:aa:af:ef:c3:80:0f:c7:3c:ac:77:07:23:b3:85:
         ee:e1:49:cb:b9:d1:de:c2:37:f0:09:8c:8c:36:e0:6e:b8:2c:
         8d:95:02:a8:83:b0:1b:1c:74:c0:17:bf:12:d7:54:c9:50:0c:
         b7:f8:48:af:9d:e5:b6:29:2b:90:82:cc:7d:27:db:94:38:d4:
         c8:b4:e1:54:85:6e:c8:59:93:7f:26:7b:1d:5a:33:55:8d:12:
         0a:e0:6c:26:a1:31:1c:8c:cf:c2:4a:d9:1d:c7:01:23:aa:0a:
         88:5e:5e:4a:a2:d5:35:a7:15:89:2b:f6:09:aa:4c:fd:c8:48:
         24:ce:73:f6:11:97:00:1e:de:70:2e:1e:8a:97:d1:1a:c1:42:
         cc:b9:e2:3f:cb:98:04:64:7d:75:65:2c:f8:fa:a4:09:02:4d:
         47:ad:a6:63:94:d0:aa:db:0b:9e:c2:0f:0e:01:71:e3:20:a0:
         ad:da:b4:d4:a2:d4:7b:b6:cb:47:7b:00:9e:b6:4c:81:3f:b5:
         56:37:c3:de:81:78:66:35:f9:a8:c9:16:e7:43:a1:dc:a9:8c:
         81:2f:e2:76:f3:8c:01:ef:3d:60:df:5a:51:a0:72:c9:da:7e:
         d4:53:5c:c3:32:81:b0:6e:fc:05:93:c6:a6:2c:8b:80:d0:0a:
         a6:b4:1f:8f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtuS65Ia/9XMqgDJsHbxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyODA3ZjI4MGRhOTk1NjllY2EyNDM0NmJhYmU5ZGM4NWFj
MTMyNDAwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmMzOTE3OTE1M2IzZGEyOWY2ZDI0NzY2MzY1ZTc5NzQxNTAwM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3ahIXwFS0lzrHhifCg8chaLIOtc
NCi5vHoLAsJJdUlYJ03GjnmIb0TbkZBCq5HXNO5fpESiv/HUvKqFZDrYhE85eo3C
q2qe8a0gQ2N5Ua33EM/C0Qgmu1wjbIy7jFVV2IYa3J/KZ72uvBNsnk8OGiHfTNTt
7FT22er0mObkuA/iAW1Lla96qL+VhuIms2LT7tdiqy3eqt3eZgdXorSO0trytKoV
kYiMRjPgU6xLr+BLbuKDSnTJOZQeIKyR36x5am3Viq0LSBMttALy4JoHifCpCofU
+5gyJTVordxEAg9qsBnw71auBc5VNdJYcUz2FCh2VZD2p1Sk+o6ezpW08wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI/DkXkVOz2in20kdmNl55dBUAP6MB8GA1UdIwQY
MBaAFPKAfygNqZVp7KJDRrq+nchawTJAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG9CX0tBMnBsV25zb2tOR3VyNmR5RnJCTWtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy83YjBhODUtOTY3Ny00ZDAzLWFmYjYt
YTlmYWY2YTI2NDI2LzEvajhPUmVSVTdQYUtmYlNSMlkyWG5sMEZRQV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy83YjBhODUtOTY3Ny00ZDAzLWFmYjYtYTlmYWY2YTI2NDI2
LzEvOG9CX0tBMnBsV25zb2tOR3VyNmR5RnJCTWtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgIOOIEw
DQYJKoZIhvcNAQELBQADggEBAA2JMBWqr+/DgA/HPKx3ByOzhe7hScu50d7CN/AJ
jIw24G64LI2VAqiDsBscdMAXvxLXVMlQDLf4SK+d5bYpK5CCzH0n25Q41Mi04VSF
bshZk38mex1aM1WNEgrgbCahMRyMz8JK2R3HASOqCoheXkqi1TWnFYkr9gmqTP3I
SCTOc/YRlwAe3nAuHoqX0RrBQsy54j/LmARkfXVlLPj6pAkCTUetpmOU0KrbC57C
Dw4BceMgoK3atNSi1Hu2y0d7AJ62TIE/tVY3w96BeGY1+ajJFudDodypjIEv4nbz
jAHvPWDfWlGgcsnaftRTXMMygbBu/AWTxqYsi4DQCqa0H48=
-----END CERTIFICATE-----