Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/OKRMe0ydGfV8Z-GK4l5zsP2Cqk4.roa
File:                     OKRMe0ydGfV8Z-GK4l5zsP2Cqk4.roa (raw, json)
Hash identifier:          pqHkceixrmu/0Ljm+XLmVW9Tzl4E22A3ygMkiEBiomg=
Subject key identifier:   38:A4:4C:7B:4C:9D:19:F5:7C:67:E1:8A:E2:5E:73:B0:FD:82:AA:4E
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018F7C927BB1BC7DC08D7DC1CB0F630DB9C1
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/OKRMe0ydGfV8Z-GK4l5zsP2Cqk4.roa
Signing time:             Wed 15 May 2024 14:05:25 +0000
ROA not before:           Wed 15 May 2024 14:05:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201732
IP address blocks:        2a0b:3c40:18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:92:7b:b1:bc:7d:c0:8d:7d:c1:cb:0f:63:0d:b9:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: May 15 14:05:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38a44c7b4c9d19f57c67e18ae25e73b0fd82aa4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2b:b6:3b:41:b3:9d:c8:31:6b:11:e2:69:16:
                    9c:0c:f9:89:dc:af:aa:05:b2:b9:39:a4:c4:1d:9b:
                    e7:3b:b3:f4:6c:48:35:62:6a:34:81:35:fc:4c:45:
                    34:31:3c:8e:7b:ca:90:78:eb:16:b9:b7:7b:55:35:
                    a6:9b:e5:7c:a4:9b:95:1a:11:60:de:6f:90:03:b8:
                    c4:11:54:f1:6d:d4:16:4c:4d:cb:de:21:f4:66:d9:
                    e9:0b:85:f6:cf:19:6e:cf:4a:42:86:d9:c2:84:a7:
                    a5:a2:74:5a:55:14:4d:1d:55:9e:bb:ad:16:8b:4b:
                    83:7e:59:95:65:67:f4:44:e9:c0:7c:df:30:d6:b9:
                    25:41:19:6b:23:66:a0:fc:b5:d2:65:2f:ef:f9:f9:
                    25:86:ac:9e:80:e3:53:6a:bd:2f:6a:16:69:cf:98:
                    bd:cd:db:6c:fe:17:a2:66:f3:95:2e:ea:e3:cf:15:
                    e1:79:5c:1e:95:f1:44:43:c9:3e:f7:32:08:7f:ab:
                    cf:e3:ad:f3:c9:03:34:b8:30:b2:84:ed:ce:48:af:
                    c0:78:b9:52:c4:79:0e:a1:72:5e:3f:5e:f6:4d:91:
                    77:01:4f:fa:e8:6e:67:e8:40:f2:b6:56:d1:5d:3e:
                    e0:15:2e:a2:ba:0f:6b:15:71:fd:cd:d4:bf:5b:87:
                    81:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:A4:4C:7B:4C:9D:19:F5:7C:67:E1:8A:E2:5E:73:B0:FD:82:AA:4E
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/OKRMe0ydGfV8Z-GK4l5zsP2Cqk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:3c40:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:5a:fc:7b:75:a5:08:72:a1:94:e8:cb:49:44:24:8f:33:48:
         52:8e:d3:8a:76:14:50:43:81:27:97:ea:eb:7a:2a:af:62:f6:
         c1:21:1b:95:bc:3e:8b:06:30:ff:89:fd:8d:b4:f0:c6:50:3f:
         08:67:ec:3f:a6:2a:64:fd:8e:5c:c1:f2:c2:04:f7:9c:b7:ce:
         00:de:9a:b5:f6:a8:fa:b4:59:dd:15:bb:45:27:cf:01:37:43:
         7b:8f:aa:7d:21:b0:f8:43:d7:fe:9f:a8:4a:c0:ea:93:eb:f6:
         10:1a:7c:a0:68:a8:5a:82:a5:db:0e:e1:36:19:b2:c9:08:7e:
         cc:aa:f6:e8:2c:f7:51:6e:27:b8:82:a0:64:be:99:b4:dd:4f:
         7c:fb:04:7f:de:31:f4:88:90:62:97:8b:38:47:0a:e0:db:58:
         7e:be:ca:a8:98:d3:98:05:99:66:3f:f5:4b:4c:2e:8c:0b:37:
         aa:21:9a:fd:a8:d7:e0:67:c4:ac:33:57:4e:6d:85:47:e3:da:
         3d:9b:69:14:ae:3d:45:ac:0e:76:3f:fb:76:48:ae:9b:34:1e:
         d6:e8:f3:90:04:18:fd:00:b6:7a:45:21:1d:e3:60:43:c0:b0:
         1c:6e:24:b6:7f:c0:45:cf:1e:9b:c3:5f:b8:ac:4b:8c:1e:c9:
         60:bc:71:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY98knuxvH3AjX3Byw9jDbnBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwNTE1MTQwNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGE0NGM3YjRjOWQxOWY1N2M2N2UxOGFlMjVlNzNiMGZkODJhYTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yu2O0GzncgxaxHiaRacDPmJ3K+q
BbK5OaTEHZvnO7P0bEg1Ymo0gTX8TEU0MTyOe8qQeOsWubd7VTWmm+V8pJuVGhFg
3m+QA7jEEVTxbdQWTE3L3iH0ZtnpC4X2zxluz0pChtnChKelonRaVRRNHVWeu60W
i0uDflmVZWf0ROnAfN8w1rklQRlrI2ag/LXSZS/v+fklhqyegONTar0vahZpz5i9
zdts/heiZvOVLurjzxXheVwelfFEQ8k+9zIIf6vP463zyQM0uDCyhO3OSK/AeLlS
xHkOoXJeP172TZF3AU/66G5n6EDytlbRXT7gFS6iug9rFXH9zdS/W4eBTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDikTHtMnRn1fGfhiuJec7D9gqpOMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvT0tSTWUweWRHZlY4Wi1HSzRsNXpzUDJDcWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgs8QAAY
MA0GCSqGSIb3DQEBCwUAA4IBAQAAWvx7daUIcqGU6MtJRCSPM0hSjtOKdhRQQ4En
l+rreiqvYvbBIRuVvD6LBjD/if2NtPDGUD8IZ+w/pipk/Y5cwfLCBPect84A3pq1
9qj6tFndFbtFJ88BN0N7j6p9IbD4Q9f+n6hKwOqT6/YQGnygaKhagqXbDuE2GbLJ
CH7MqvboLPdRbie4gqBkvpm03U98+wR/3jH0iJBil4s4Rwrg21h+vsqomNOYBZlm
P/VLTC6MCzeqIZr9qNfgZ8SsM1dObYVH49o9m2kUrj1FrA52P/t2SK6bNB7W6POQ
BBj9ALZ6RSEd42BDwLAcbiS2f8BFzx6bw1+4rEuMHslgvHHJ
-----END CERTIFICATE-----