Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/oxq5JE_JlwXkk33QRqycKv0gDGg.roa
File:                     oxq5JE_JlwXkk33QRqycKv0gDGg.roa (raw, json)
Hash identifier:          8gp2rSbveUHysQuRqkPFVKkldEkwNTt+48EpRjbH/6w=
Subject key identifier:   A3:1A:B9:24:4F:C9:97:05:E4:93:7D:D0:46:AC:9C:2A:FD:20:0C:68
Certificate issuer:       /CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
Certificate serial:       018CC801C620F67EE45C1D21B1C746A69C7B
Authority key identifier: A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/oxq5JE_JlwXkk33QRqycKv0gDGg.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216320
IP address blocks:        2a13:1500:3b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c6:20:f6:7e:e4:5c:1d:21:b1:c7:46:a6:9c:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a31ab9244fc99705e4937dd046ac9c2afd200c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:39:0c:be:00:80:c3:40:01:f4:4e:d7:f6:b8:
                    62:ac:67:ba:8f:98:ec:6f:1e:12:8b:dc:49:6f:be:
                    c6:81:1f:e4:82:f1:87:34:7b:24:16:cd:52:6f:fc:
                    ac:a0:e3:4a:d8:06:bf:81:d6:f3:ea:90:2d:13:a6:
                    4e:5e:8c:b9:0c:b1:30:6f:b9:83:db:a2:27:dc:fd:
                    21:c5:c5:75:b5:34:f6:42:51:13:c6:c0:b9:45:31:
                    ed:3e:a0:8e:42:3a:f8:e5:2d:ae:80:ef:e6:96:59:
                    e1:1a:fd:0e:f6:b6:35:74:00:3e:59:13:95:7b:bd:
                    d6:b4:d8:05:25:78:b4:bb:36:b6:95:eb:ee:1c:78:
                    0d:db:48:8a:8d:df:ca:f4:e4:cb:37:ba:3b:f5:b2:
                    1f:9e:4b:96:f1:7c:65:b9:7c:82:b4:d0:97:81:5d:
                    7a:6b:b2:4e:19:ac:6a:b8:2e:94:7f:a8:b0:22:9d:
                    3b:92:62:84:8b:aa:77:de:26:8b:86:e4:b6:ee:e5:
                    3f:0e:58:37:49:bf:ae:a4:d7:4d:70:60:cf:25:4e:
                    d6:5e:cf:f4:b0:f0:75:3f:98:b2:e5:9f:0a:e0:fc:
                    49:06:cf:e8:d1:9e:b9:92:59:be:a9:95:c4:b4:a8:
                    21:c0:a1:4f:e1:bf:8a:6f:89:87:03:a1:3a:91:c4:
                    c5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:1A:B9:24:4F:C9:97:05:E4:93:7D:D0:46:AC:9C:2A:FD:20:0C:68
            X509v3 Authority Key Identifier:
                keyid:A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/oxq5JE_JlwXkk33QRqycKv0gDGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1500:3b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:81:ba:53:bc:1f:bb:eb:ed:44:e5:0d:8c:d8:1f:36:77:c9:
         bb:3f:c4:1b:7d:68:76:de:c1:79:48:21:03:ed:45:8b:d0:16:
         57:ab:44:fa:f7:36:72:62:e2:0a:7c:0e:a1:f5:5e:00:75:1d:
         c9:f8:b4:88:45:d7:03:45:50:12:8e:0c:2b:c9:72:b3:b3:4b:
         2c:94:84:20:10:08:fe:cf:33:54:b5:bd:b8:7f:67:de:36:d7:
         5f:54:96:4c:90:c3:30:bb:9b:fa:5f:c6:95:fe:f4:48:43:7e:
         55:a9:55:76:36:96:53:e1:c3:72:28:7e:f2:e1:2a:c0:4c:10:
         18:63:20:93:b6:55:de:13:93:c1:78:82:39:4b:f1:ed:90:8d:
         c3:39:a7:29:c2:43:96:9a:66:fc:ab:dc:4d:a0:17:00:fe:15:
         0a:c0:1f:d3:f2:54:4a:b7:6d:7b:f4:ca:8f:bf:8b:90:ed:64:
         7b:ad:eb:50:0c:4d:b6:5e:92:a9:6c:d8:d8:5a:2f:9e:05:19:
         74:58:fd:f9:d7:63:a5:db:12:9c:aa:8a:38:6b:64:b0:db:1b:
         29:13:a4:e5:0b:a5:dd:93:81:95:9b:d5:f1:25:0a:29:90:36:
         d1:9d:ca:80:c8:e5:35:a3:71:c0:13:4b:e5:b2:cf:c9:08:bd:
         15:65:27:d0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAcYg9n7kXB0hscdGppx7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOGIxNzZhN2Q5MmU1MDFlZWRhZWY2YzYwZThjZTNhNjhk
NzUyMjQwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzFhYjkyNDRmYzk5NzA1ZTQ5MzdkZDA0NmFjOWMyYWZkMjAwYzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTkMvgCAw0AB9E7X9rhirGe6j5js
bx4Si9xJb77GgR/kgvGHNHskFs1Sb/ysoONK2Aa/gdbz6pAtE6ZOXoy5DLEwb7mD
26In3P0hxcV1tTT2QlETxsC5RTHtPqCOQjr45S2ugO/mllnhGv0O9rY1dAA+WROV
e73WtNgFJXi0uza2levuHHgN20iKjd/K9OTLN7o79bIfnkuW8XxluXyCtNCXgV16
a7JOGaxquC6Uf6iwIp07kmKEi6p33iaLhuS27uU/Dlg3Sb+upNdNcGDPJU7WXs/0
sPB1P5iy5Z8K4PxJBs/o0Z65klm+qZXEtKghwKFP4b+Kb4mHA6E6kcTFcQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKMauSRPyZcF5JN90EasnCr9IAxoMB8GA1UdIwQY
MBaAFKOLF2p9kuUB7trvbGDozjpo11IkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTIt
ZWZlNzljMjU0ZTI1LzEvb3hxNUpFX0psd1hrazMzUVJxeWNLdjBnREdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTItZWZlNzljMjU0ZTI1
LzEvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhMVADsw
DQYJKoZIhvcNAQELBQADggEBAHuBulO8H7vr7UTlDYzYHzZ3ybs/xBt9aHbewXlI
IQPtRYvQFlerRPr3NnJi4gp8DqH1XgB1Hcn4tIhF1wNFUBKODCvJcrOzSyyUhCAQ
CP7PM1S1vbh/Z942119UlkyQwzC7m/pfxpX+9EhDflWpVXY2llPhw3IofvLhKsBM
EBhjIJO2Vd4Tk8F4gjlL8e2QjcM5pynCQ5aaZvyr3E2gFwD+FQrAH9PyVEq3bXv0
yo+/i5DtZHut61AMTbZekqls2NhaL54FGXRY/fnXY6XbEpyqijhrZLDbGykTpOUL
pd2TgZWb1fElCimQNtGdyoDI5TWjccATS+Wyz8kIvRVlJ9A=
-----END CERTIFICATE-----