Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/oRo-6FYCAVZU656gbMVK2P5oH7I.roa
File:                     oRo-6FYCAVZU656gbMVK2P5oH7I.roa (raw, json)
Hash identifier:          0Xc6aj+eUezWf6VzK4LBrjqUsIiyg4kBnWs3IUfhOoo=
Subject key identifier:   A1:1A:3E:E8:56:02:01:56:54:EB:9E:A0:6C:C5:4A:D8:FE:68:1F:B2
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD998C7EBD8AF89380D40C7C5BD67
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/oRo-6FYCAVZU656gbMVK2P5oH7I.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49048
IP address blocks:        2a02:2698:7400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d9:98:c7:eb:d8:af:89:38:0d:40:c7:c5:bd:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a11a3ee85602015654eb9ea06cc54ad8fe681fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:77:57:e0:6f:d6:2b:95:b0:a0:c4:04:c6:af:
                    04:ba:82:70:f1:d7:9c:b7:be:d3:72:f6:fc:a2:cb:
                    96:d8:3e:c3:9a:d2:0d:30:ea:8f:f8:f1:f8:6b:13:
                    8d:50:9f:ce:ff:52:d2:b6:72:0a:8b:83:9e:8d:dc:
                    d7:91:99:32:fc:d0:5b:2b:4f:f6:70:ed:1f:e5:ce:
                    16:2b:1c:b0:40:12:86:0d:27:f4:00:ee:aa:8d:53:
                    eb:d1:09:e2:aa:2e:82:f7:c9:54:ec:43:e3:e4:dc:
                    29:b8:b8:c3:c7:dc:88:c9:f7:4f:ca:24:bb:44:b2:
                    95:c4:ac:23:38:f2:7e:12:4f:9a:b6:70:c4:a0:a7:
                    ce:29:f4:19:e3:10:1a:4e:46:c1:24:f5:e7:3e:3f:
                    e5:69:59:c0:f2:55:1c:8c:5d:bc:7c:c0:47:f2:e9:
                    b8:14:5e:c0:eb:92:e5:70:6c:67:5a:d5:99:27:1c:
                    cd:04:2a:c4:f0:7f:f7:6d:1c:ea:52:b4:03:bd:96:
                    55:01:95:1f:39:10:2e:5d:1d:91:4d:26:a3:88:cd:
                    fa:ac:79:bb:26:90:2e:b7:91:e2:74:30:35:7c:dc:
                    0a:dd:c5:1a:d2:fa:6d:f3:ce:95:a5:9c:36:44:90:
                    b2:5c:6a:5b:0d:0b:4f:54:5e:33:01:fa:8d:5b:92:
                    b2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1A:3E:E8:56:02:01:56:54:EB:9E:A0:6C:C5:4A:D8:FE:68:1F:B2
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/oRo-6FYCAVZU656gbMVK2P5oH7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:7400::/38

    Signature Algorithm: sha256WithRSAEncryption
         80:98:e7:12:d5:3a:85:d5:a9:64:ce:5c:2e:dc:71:85:d0:a6:
         4f:b8:47:66:a6:19:f0:b9:02:54:02:ff:4b:79:c8:18:61:14:
         e8:b0:90:ee:95:3d:a8:79:1d:c8:30:30:ef:92:a0:a7:b7:a9:
         b1:11:f3:a1:b6:f1:e3:3a:63:d7:e5:a6:f0:ec:b5:c6:ad:9c:
         5a:d0:58:f4:19:72:b0:43:8c:ea:65:83:ab:c3:83:ad:59:d1:
         bf:68:d1:8f:75:df:ff:ee:36:c9:18:a8:92:79:f2:40:c8:96:
         a1:82:75:56:f2:86:3e:91:b6:c6:fa:af:4e:9c:59:66:d7:a7:
         dc:ad:c4:ec:9b:e6:00:cb:8a:3c:af:94:a1:28:9a:41:ff:a5:
         bf:81:40:cd:4a:92:08:e0:38:da:51:71:86:73:ca:8d:30:7a:
         5e:16:77:3a:a1:eb:57:f0:88:cb:d4:93:b2:41:61:4c:af:5c:
         db:4a:1b:41:62:c6:78:91:63:3f:b5:6b:5a:aa:d3:5b:78:80:
         e3:2f:a2:bc:4e:0e:31:ea:7a:9e:bd:41:fa:b6:fe:b6:79:aa:
         d8:6f:67:15:fe:3b:3e:1a:15:a5:11:8e:16:27:5e:3a:49:9d:
         79:43:cb:51:09:d1:7c:ec:ec:63:2d:49:5c:c5:f0:b3:33:a9:
         ff:fe:f3:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNmYx+vYr4k4DUDHxb1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFhM2VlODU2MDIwMTU2NTRlYjllYTA2Y2M1NGFkOGZlNjgxZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhndX4G/WK5WwoMQExq8EuoJw8dec
t77Tcvb8osuW2D7DmtINMOqP+PH4axONUJ/O/1LStnIKi4OejdzXkZky/NBbK0/2
cO0f5c4WKxywQBKGDSf0AO6qjVPr0Qniqi6C98lU7EPj5NwpuLjDx9yIyfdPyiS7
RLKVxKwjOPJ+Ek+atnDEoKfOKfQZ4xAaTkbBJPXnPj/laVnA8lUcjF28fMBH8um4
FF7A65LlcGxnWtWZJxzNBCrE8H/3bRzqUrQDvZZVAZUfORAuXR2RTSajiM36rHm7
JpAut5HidDA1fNwK3cUa0vpt886VpZw2RJCyXGpbDQtPVF4zAfqNW5KynwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKEaPuhWAgFWVOueoGzFStj+aB+yMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvb1JvLTZGWUNBVlpVNjU2Z2JNVksyUDVvSDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmHQw
DQYJKoZIhvcNAQELBQADggEBAICY5xLVOoXVqWTOXC7ccYXQpk+4R2amGfC5AlQC
/0t5yBhhFOiwkO6VPah5HcgwMO+SoKe3qbER86G28eM6Y9flpvDstcatnFrQWPQZ
crBDjOplg6vDg61Z0b9o0Y913//uNskYqJJ58kDIlqGCdVbyhj6Rtsb6r06cWWbX
p9ytxOyb5gDLijyvlKEomkH/pb+BQM1KkgjgONpRcYZzyo0wel4Wdzqh61fwiMvU
k7JBYUyvXNtKG0FixniRYz+1a1qq01t4gOMvorxODjHqep69Qfq2/rZ5qthvZxX+
Oz4aFaURjhYnXjpJnXlDy1EJ0Xzs7GMtSVzF8LMzqf/+8zU=
-----END CERTIFICATE-----