Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/0OgcExP-7lEsqp39CfNMTIzZ3SI.roa
File:                     0OgcExP-7lEsqp39CfNMTIzZ3SI.roa (raw, json)
Hash identifier:          Wx3mc3a6sKL7BVMUtqh+yVPQSNuTxU0/zIZfxyvkQKY=
Subject key identifier:   D0:E8:1C:13:13:FE:EE:51:2C:AA:9D:FD:09:F3:4C:4C:8C:D9:DD:22
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018F4C89985BAAD2A40C5F3C7A307742452E
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/0OgcExP-7lEsqp39CfNMTIzZ3SI.roa
Signing time:             Mon 06 May 2024 06:13:56 +0000
ROA not before:           Mon 06 May 2024 06:13:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214999
IP address blocks:        2a0e:8f02:f06d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:89:98:5b:aa:d2:a4:0c:5f:3c:7a:30:77:42:45:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: May  6 06:13:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e81c1313feee512caa9dfd09f34c4c8cd9dd22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1d:f0:b9:57:ed:f6:ff:4e:54:60:9d:90:e5:
                    6a:cb:05:91:ba:10:30:77:b9:36:2a:8a:4a:7e:b9:
                    7e:bc:9b:1a:ed:e5:82:c4:44:90:87:e3:2b:16:64:
                    0a:b7:ad:5e:ee:c8:d8:19:91:50:97:89:0f:f2:16:
                    c9:71:7a:8a:19:da:2a:32:dd:66:d6:58:0c:ec:a2:
                    91:66:5b:94:be:36:f7:e7:c5:17:ac:96:e8:68:3e:
                    c1:3c:c9:5c:7d:59:63:07:ad:bf:61:b6:dd:5e:b1:
                    fc:ad:17:7c:48:fa:22:75:af:ce:1e:94:96:47:34:
                    9c:9a:b8:a3:36:9d:b9:ef:ea:69:21:ab:f8:d7:80:
                    db:2e:be:4f:0d:da:61:c6:f9:1f:67:14:05:e8:55:
                    41:56:c5:40:8f:1d:b1:28:f5:95:05:89:9b:73:82:
                    bc:89:fc:eb:b3:74:7b:96:6c:d9:c0:a3:9b:89:14:
                    32:b3:90:c8:9e:b0:ba:0b:18:ab:bf:c2:b9:06:c6:
                    79:28:05:40:cc:fc:74:47:16:61:7e:01:57:4a:00:
                    28:5b:9a:2f:d1:77:e3:02:f2:00:74:5d:19:d8:a7:
                    6a:46:61:4f:60:42:e0:ab:aa:c1:41:71:a4:b0:29:
                    7f:0c:42:3e:dc:2f:66:33:af:c2:09:16:8e:0d:4c:
                    cf:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E8:1C:13:13:FE:EE:51:2C:AA:9D:FD:09:F3:4C:4C:8C:D9:DD:22
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/0OgcExP-7lEsqp39CfNMTIzZ3SI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f06d::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:90:fd:b3:10:c6:73:54:0b:58:16:82:89:dc:a6:5f:d7:9b:
         bb:be:37:4a:36:7d:33:a3:c2:e3:c0:77:57:c6:d5:ca:e7:87:
         8c:20:cb:ab:5f:37:19:ee:08:8d:a6:2c:01:81:da:10:a3:bc:
         f9:70:54:80:dd:e1:cd:31:ea:2d:45:11:82:b8:67:c8:c4:ca:
         88:35:a0:c1:c7:42:61:34:0c:84:7d:82:2e:d0:9c:ec:7a:4b:
         44:cd:f4:e1:88:19:1e:24:a0:0d:bd:71:74:a5:88:32:0b:6a:
         54:31:73:7b:2e:22:fd:94:8d:76:a1:17:28:14:97:1f:fa:18:
         22:c7:24:e8:a4:18:df:34:1b:db:ca:56:9e:33:90:b9:99:05:
         d7:fe:c6:4e:19:c9:2b:93:54:19:c4:cd:3f:33:f8:7b:ef:cf:
         c7:51:27:35:41:7e:68:8a:99:98:60:28:50:81:b4:ca:01:40:
         55:ce:28:f8:1b:7a:4e:1e:1a:7f:a2:70:b0:93:a3:3f:13:0e:
         25:21:8a:da:cd:3a:a8:36:3b:97:bd:65:dc:01:97:59:36:cc:
         63:d0:07:90:f5:38:db:73:5c:5a:2e:fe:82:e4:38:8f:ba:0a:
         b0:e1:a5:a8:34:09:e8:e0:30:d7:94:ad:69:c3:21:41:05:20:
         b4:45:84:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY9MiZhbqtKkDF88ejB3QkUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwNTA2MDYxMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU4MWMxMzEzZmVlZTUxMmNhYTlkZmQwOWYzNGM0YzhjZDlkZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnR3wuVft9v9OVGCdkOVqywWRuhAw
d7k2KopKfrl+vJsa7eWCxESQh+MrFmQKt61e7sjYGZFQl4kP8hbJcXqKGdoqMt1m
1lgM7KKRZluUvjb358UXrJboaD7BPMlcfVljB62/YbbdXrH8rRd8SPoida/OHpSW
RzScmrijNp257+ppIav414DbLr5PDdphxvkfZxQF6FVBVsVAjx2xKPWVBYmbc4K8
ifzrs3R7lmzZwKObiRQys5DInrC6Cxirv8K5BsZ5KAVAzPx0RxZhfgFXSgAoW5ov
0XfjAvIAdF0Z2KdqRmFPYELgq6rBQXGksCl/DEI+3C9mM6/CCRaODUzPUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNDoHBMT/u5RLKqd/QnzTEyM2d0iMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvME9nY0V4UC03bEVzcXAzOUNmTk1USXpaM1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBt
MA0GCSqGSIb3DQEBCwUAA4IBAQAmkP2zEMZzVAtYFoKJ3KZf15u7vjdKNn0zo8Lj
wHdXxtXK54eMIMurXzcZ7giNpiwBgdoQo7z5cFSA3eHNMeotRRGCuGfIxMqINaDB
x0JhNAyEfYIu0JzsektEzfThiBkeJKANvXF0pYgyC2pUMXN7LiL9lI12oRcoFJcf
+hgixyTopBjfNBvbylaeM5C5mQXX/sZOGckrk1QZxM0/M/h778/HUSc1QX5oipmY
YChQgbTKAUBVzij4G3pOHhp/onCwk6M/Ew4lIYrazTqoNjuXvWXcAZdZNsxj0AeQ
9Tjbc1xaLv6C5DiPugqw4aWoNAno4DDXlK1pwyFBBSC0RYQC
-----END CERTIFICATE-----