Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/o8mQtEbwhhRzrDHxoHVHNlM7fGo.roa
File:                     o8mQtEbwhhRzrDHxoHVHNlM7fGo.roa (raw, json)
Hash identifier:          ej8ZIGrekr+Wodah1wjkcYoa8LSKjjZlJRKjcC5LceE=
Subject key identifier:   A3:C9:90:B4:46:F0:86:14:73:AC:31:F1:A0:75:47:36:53:3B:7C:6A
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       018CC86FA82EB0B44CC5F49734A000DF5A7A
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/o8mQtEbwhhRzrDHxoHVHNlM7fGo.roa
Signing time:             Tue 02 Jan 2024 04:30:09 +0000
ROA not before:           Tue 02 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     131631
IP address blocks:        2a13:d040:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a8:2e:b0:b4:4c:c5:f4:97:34:a0:00:df:5a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Jan  2 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3c990b446f0861473ac31f1a0754736533b7c6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:12:7f:94:7c:75:ac:d6:96:2c:2a:b4:cd:94:
                    a7:fc:45:c9:27:1a:a5:0d:bb:61:84:de:8e:e6:e9:
                    75:b5:d8:3a:13:5d:dc:d8:c6:ea:5a:6e:d5:a7:25:
                    80:42:bf:85:1d:d9:70:be:bc:4f:74:71:31:83:c0:
                    ea:85:4d:2b:c3:a7:f9:68:6e:6d:d0:18:59:cb:3f:
                    8c:71:15:cf:7e:c2:7d:cd:c5:9e:ef:2f:74:b4:09:
                    2c:ef:e8:9d:71:31:1a:38:95:93:f2:a4:31:af:6f:
                    5b:03:5c:bc:6d:91:61:4f:4a:5e:ef:d3:1e:f9:5c:
                    82:d2:06:78:3c:0f:17:7c:43:eb:46:c2:40:83:69:
                    40:50:bf:50:ae:ea:08:23:d4:40:6d:a2:04:f7:82:
                    39:30:45:e5:f9:22:d9:2b:a0:e9:80:d6:c3:f7:da:
                    6d:3e:c5:f5:06:34:b3:74:41:2f:84:b9:5d:79:68:
                    25:fb:28:1c:b2:05:44:61:af:5a:ae:8b:53:43:2f:
                    22:ce:8d:3b:af:aa:0a:dd:bd:76:f9:fd:13:1e:28:
                    63:95:40:8a:fc:1b:70:1b:48:3d:0d:9a:ef:d8:1b:
                    82:ad:36:7d:69:72:e5:a2:68:dd:9e:5f:1b:1d:21:
                    a3:f1:e8:09:24:4e:21:9d:02:96:24:ce:00:b6:4b:
                    ba:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C9:90:B4:46:F0:86:14:73:AC:31:F1:A0:75:47:36:53:3B:7C:6A
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/o8mQtEbwhhRzrDHxoHVHNlM7fGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d040:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:a5:1e:54:5e:fc:0e:04:9a:12:ec:db:87:05:fb:b6:67:79:
         69:8b:68:07:0b:54:5a:07:66:ac:ec:fe:b0:89:87:e1:a7:cf:
         4d:df:78:b4:70:64:ea:71:33:96:af:f0:a0:af:9c:7a:3b:c8:
         c2:8e:de:b7:91:fc:db:a7:a3:77:4f:3a:13:43:9a:dd:aa:c5:
         b8:71:25:49:5e:a6:98:11:24:1e:e8:c3:85:c9:0f:46:e2:40:
         9e:69:de:bd:53:99:a4:3b:c1:c6:af:91:ae:52:20:4d:1c:bb:
         0d:55:31:6b:eb:87:52:70:80:1e:ff:ca:7e:16:0b:88:a5:4e:
         74:b8:c1:97:6c:98:79:ad:13:99:6c:af:6f:d9:ad:a4:b5:ed:
         b4:e1:e9:01:c5:ee:5f:d5:aa:e1:25:ae:7d:fb:c1:f6:f1:1c:
         3c:94:f4:c2:5f:bb:ea:2b:c3:1d:e1:0a:88:dd:5d:96:26:59:
         0c:35:8a:8e:41:56:c8:8c:af:99:5a:27:93:14:29:92:fa:f7:
         26:f7:5b:5e:87:c1:49:04:82:9e:fc:7c:41:b0:95:7a:6a:0c:
         4d:af:b5:81:50:aa:85:05:ce:0a:77:2c:1d:8a:79:a5:9e:08:
         ee:88:72:13:6b:11:a3:a2:13:f1:8e:2d:2f:10:03:47:dc:12:
         f6:36:20:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb6gusLRMxfSXNKAA31p6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjQwMTAyMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2M5OTBiNDQ2ZjA4NjE0NzNhYzMxZjFhMDc1NDczNjUzM2I3YzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhJ/lHx1rNaWLCq0zZSn/EXJJxql
DbthhN6O5ul1tdg6E13c2MbqWm7VpyWAQr+FHdlwvrxPdHExg8DqhU0rw6f5aG5t
0BhZyz+McRXPfsJ9zcWe7y90tAks7+idcTEaOJWT8qQxr29bA1y8bZFhT0pe79Me
+VyC0gZ4PA8XfEPrRsJAg2lAUL9QruoII9RAbaIE94I5MEXl+SLZK6DpgNbD99pt
PsX1BjSzdEEvhLldeWgl+ygcsgVEYa9arotTQy8izo07r6oK3b12+f0THihjlUCK
/BtwG0g9DZrv2BuCrTZ9aXLlomjdnl8bHSGj8egJJE4hnQKWJM4Atku6HQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKPJkLRG8IYUc6wx8aB1RzZTO3xqMB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEvbzhtUXRFYndoaFJ6ckRIeG9IVkhObE03ZkdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPQQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBCpR5UXvwOBJoS7NuHBfu2Z3lpi2gHC1RaB2as
7P6wiYfhp89N33i0cGTqcTOWr/Cgr5x6O8jCjt63kfzbp6N3TzoTQ5rdqsW4cSVJ
XqaYESQe6MOFyQ9G4kCead69U5mkO8HGr5GuUiBNHLsNVTFr64dScIAe/8p+FguI
pU50uMGXbJh5rROZbK9v2a2kte204ekBxe5f1arhJa59+8H28Rw8lPTCX7vqK8Md
4QqI3V2WJlkMNYqOQVbIjK+ZWieTFCmS+vcm91teh8FJBIKe/HxBsJV6agxNr7WB
UKqFBc4KdywdinmlngjuiHITaxGjohPxji0vEANH3BL2NiCS
-----END CERTIFICATE-----