Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/oD0KXOKNz7mOKIT0kgeXdDaT2aw.roa
File:                     oD0KXOKNz7mOKIT0kgeXdDaT2aw.roa (raw, json)
Hash identifier:          6uNeWtnoDE3euitBmaSJ9nV7C0if8x/KMc9Ox+GI4wI=
Subject key identifier:   A0:3D:0A:5C:E2:8D:CF:B9:8E:28:84:F4:92:07:97:74:36:93:D9:AC
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       018CCEFABE273D19E642E557061B22FF8F50
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/oD0KXOKNz7mOKIT0kgeXdDaT2aw.roa
Signing time:             Wed 03 Jan 2024 10:59:48 +0000
ROA not before:           Wed 03 Jan 2024 10:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4785
IP address blocks:        2a14:1f80::/29 maxlen: 128
                          2a12:a300::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:fa:be:27:3d:19:e6:42:e5:57:06:1b:22:ff:8f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  3 10:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a03d0a5ce28dcfb98e2884f4920797743693d9ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:be:2e:7f:79:7e:0f:f6:6d:31:78:9f:47:45:
                    39:1f:3e:e4:6c:0f:4f:5d:04:5d:a3:fd:e0:f8:8e:
                    bc:24:47:2b:33:e0:7b:b2:6a:7d:e4:b6:54:b8:35:
                    cb:87:4a:19:3f:26:a7:a3:43:ad:f5:a3:b9:1f:f4:
                    19:90:e4:90:31:6b:9f:20:fc:15:d4:10:69:39:96:
                    e7:6a:37:db:bb:b3:49:99:21:99:13:8d:0b:04:cb:
                    98:77:cd:0e:26:db:c2:c2:31:0d:b0:51:23:c9:68:
                    92:9d:2f:13:aa:fc:5d:cb:3c:88:6f:81:fb:2e:7e:
                    19:4f:bf:d7:93:0e:db:13:11:15:81:d4:9a:a2:4f:
                    45:6c:58:d0:b8:e6:52:c0:ad:85:a9:83:b4:0c:b2:
                    4e:79:e7:a9:53:1a:ea:5c:2f:75:b2:1a:b7:a6:9e:
                    6b:71:94:8d:3c:44:47:fe:71:c6:0c:df:59:ae:a3:
                    6c:56:3f:06:32:e9:d8:50:a2:39:d6:86:c0:e0:a3:
                    2f:4a:65:98:2b:21:1a:fe:fa:ef:1c:2b:b7:83:57:
                    a1:54:b0:32:46:14:8c:fc:52:94:28:13:67:13:01:
                    66:9d:02:0a:79:f7:3e:af:7c:b5:ef:d4:b1:ec:5a:
                    5c:11:bc:63:20:05:50:a1:cb:e8:3c:44:c3:f2:ce:
                    27:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:3D:0A:5C:E2:8D:CF:B9:8E:28:84:F4:92:07:97:74:36:93:D9:AC
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/oD0KXOKNz7mOKIT0kgeXdDaT2aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a300::/29
                  2a14:1f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:ef:59:38:91:04:00:a1:ff:14:00:38:2e:ee:d4:8e:35:6a:
         af:1a:e5:74:80:b9:06:8c:d1:24:15:25:be:79:e9:ce:c3:e5:
         55:f7:c8:38:47:79:80:1a:a7:65:37:47:92:46:73:84:45:6f:
         cf:a6:ff:2d:c6:e3:22:f2:19:18:0f:24:74:35:8b:67:18:d0:
         b4:ac:16:18:0d:55:ca:a5:c6:10:e8:6c:d5:3f:c3:c9:59:2d:
         83:b3:31:bf:ec:5d:27:c9:fa:1e:68:d5:69:7b:04:af:72:f5:
         3a:f4:a3:b5:2d:66:44:cc:cb:c8:9d:a7:fc:1f:d8:f5:88:fd:
         a6:df:bf:9c:73:17:e9:bc:27:3a:76:cd:5d:74:e2:57:6a:71:
         79:8d:72:e1:d3:ee:7f:aa:1d:15:db:28:79:40:67:ae:91:b4:
         e1:93:8a:a3:79:8c:b4:db:9d:5c:9e:48:7c:62:b6:e5:d9:5d:
         7d:3c:43:b4:8f:1a:08:56:63:f5:fe:fb:b8:25:a5:05:e1:2e:
         3f:18:e7:f1:6b:62:d4:4d:af:9c:e9:9f:75:8d:a9:a8:90:14:
         c1:e1:23:07:b5:72:eb:27:5f:3f:9b:37:b7:42:3d:12:5f:5c:
         fc:bc:4b:68:eb:8a:40:cc:7a:58:24:48:32:7a:de:62:58:83:
         8b:ca:c4:78
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzO+r4nPRnmQuVXBhsi/49QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjQwMTAzMTA1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDNkMGE1Y2UyOGRjZmI5OGUyODg0ZjQ5MjA3OTc3NDM2OTNkOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL4uf3l+D/ZtMXifR0U5Hz7kbA9P
XQRdo/3g+I68JEcrM+B7smp95LZUuDXLh0oZPyano0Ot9aO5H/QZkOSQMWufIPwV
1BBpOZbnajfbu7NJmSGZE40LBMuYd80OJtvCwjENsFEjyWiSnS8TqvxdyzyIb4H7
Ln4ZT7/Xkw7bExEVgdSaok9FbFjQuOZSwK2FqYO0DLJOeeepUxrqXC91shq3pp5r
cZSNPERH/nHGDN9ZrqNsVj8GMunYUKI51obA4KMvSmWYKyEa/vrvHCu3g1ehVLAy
RhSM/FKUKBNnEwFmnQIKefc+r3y179Sx7FpcEbxjIAVQocvoPETD8s4nUQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKA9Clzijc+5jiiE9JIHl3Q2k9msMB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvb0QwS1hPS056N21PS0lUMGtnZVhkRGFUMmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhKjAAMF
AyoUH4AwDQYJKoZIhvcNAQELBQADggEBAB3vWTiRBACh/xQAOC7u1I41aq8a5XSA
uQaM0SQVJb556c7D5VX3yDhHeYAap2U3R5JGc4RFb8+m/y3G4yLyGRgPJHQ1i2cY
0LSsFhgNVcqlxhDobNU/w8lZLYOzMb/sXSfJ+h5o1Wl7BK9y9Tr0o7UtZkTMy8id
p/wf2PWI/abfv5xzF+m8Jzp2zV104ldqcXmNcuHT7n+qHRXbKHlAZ66RtOGTiqN5
jLTbnVyeSHxituXZXX08Q7SPGghWY/X++7glpQXhLj8Y5/FrYtRNr5zpn3WNqaiQ
FMHhIwe1cusnXz+bN7dCPRJfXPy8S2jrikDMelgkSDJ63mJYg4vKxHg=
-----END CERTIFICATE-----