Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/OjWHkO9Fp8HNvgGOFjzb8fbBDvQ.roa
File:                     OjWHkO9Fp8HNvgGOFjzb8fbBDvQ.roa (raw, json)
Hash identifier:          s4Jir+A11EG1cAY25HRmV6/tdu9hHRSFBL68394KABA=
Subject key identifier:   3A:35:87:90:EF:45:A7:C1:CD:BE:01:8E:16:3C:DB:F1:F6:C1:0E:F4
Certificate issuer:       /CN=e12f64f7f697aa9b6e9982c0b76bb7842133876a
Certificate serial:       018CC501369B3FB839B2FDB86D47BCD21236
Authority key identifier: E1:2F:64:F7:F6:97:AA:9B:6E:99:82:C0:B7:6B:B7:84:21:33:87:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4S9k9_aXqptumYLAt2u3hCEzh2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/OjWHkO9Fp8HNvgGOFjzb8fbBDvQ.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61298
IP address blocks:        2001:67c:2aa0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/4S9k9_aXqptumYLAt2u3hCEzh2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/4S9k9_aXqptumYLAt2u3hCEzh2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4S9k9_aXqptumYLAt2u3hCEzh2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:36:9b:3f:b8:39:b2:fd:b8:6d:47:bc:d2:12:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e12f64f7f697aa9b6e9982c0b76bb7842133876a
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a358790ef45a7c1cdbe018e163cdbf1f6c10ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a8:c2:ae:83:d8:34:91:ae:82:c4:00:6b:16:
                    74:1e:8f:3c:d8:df:af:f9:9b:84:6f:fe:03:33:be:
                    56:6b:ee:d3:5d:b1:ba:63:8d:13:78:b8:52:b9:95:
                    e8:3b:f8:2d:4c:be:4c:57:e8:e0:5e:33:67:7b:fb:
                    96:95:7b:32:05:c5:db:2e:b8:aa:35:00:5f:b8:7b:
                    e5:b1:bf:a3:c5:28:48:f0:7a:1d:43:1c:b3:1e:1e:
                    38:7e:d6:fb:10:9a:da:b1:2d:f6:47:28:2c:ef:71:
                    cf:2a:73:22:99:ed:1b:1c:16:c6:71:1a:7f:9e:bb:
                    22:ea:32:18:23:7e:09:88:e9:ba:bc:94:6f:98:f5:
                    be:69:6c:40:b9:13:e2:11:f4:dd:a2:c7:6b:1a:34:
                    dc:a3:c6:f8:bc:6b:31:e1:95:33:af:d5:e2:c0:45:
                    a6:39:f3:ad:96:49:9d:57:ed:e4:2d:bf:8f:13:8e:
                    e6:ad:ec:fe:4f:be:09:5b:26:c6:5a:43:a9:6e:14:
                    2c:71:ae:8e:84:17:8c:4f:fe:33:94:bf:5b:98:e0:
                    80:a2:de:4c:3b:37:ed:8a:ae:d1:da:a4:25:dd:36:
                    45:6d:63:99:48:2c:6e:1d:42:ea:4e:58:36:26:84:
                    99:a0:ca:53:03:6d:cd:ca:35:84:f3:20:14:6a:a7:
                    a1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:35:87:90:EF:45:A7:C1:CD:BE:01:8E:16:3C:DB:F1:F6:C1:0E:F4
            X509v3 Authority Key Identifier:
                keyid:E1:2F:64:F7:F6:97:AA:9B:6E:99:82:C0:B7:6B:B7:84:21:33:87:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4S9k9_aXqptumYLAt2u3hCEzh2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/OjWHkO9Fp8HNvgGOFjzb8fbBDvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/4S9k9_aXqptumYLAt2u3hCEzh2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2aa0::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:f8:4b:f0:bd:fd:2f:9c:76:a0:f2:ca:ff:56:4e:e8:7a:2c:
         f2:2b:af:01:d3:6f:d3:30:62:2d:4c:dc:8c:0e:38:73:d2:42:
         bc:b8:81:b9:69:a0:7a:a2:0a:d3:17:83:85:ae:9b:b9:38:42:
         6e:c2:cb:2b:55:62:7b:49:47:a8:27:01:dc:56:ba:c3:a0:1a:
         af:49:42:9c:e8:88:22:83:cb:75:6c:f1:21:b5:08:b3:42:57:
         4a:ad:d1:8e:b9:cd:92:55:42:d4:ec:d5:1e:b7:d7:b8:83:97:
         b4:dd:7a:36:1e:92:31:17:b2:e0:0e:63:0f:e3:ef:4b:f9:7d:
         b8:1f:64:cc:95:fe:d2:2c:d7:6c:93:71:76:b0:0c:db:e2:1e:
         df:da:fa:13:d1:f8:50:f6:dd:ec:42:6e:41:35:ca:3c:cb:cd:
         6d:e7:83:c6:3a:24:b8:53:e3:5f:75:94:77:40:2e:83:ad:18:
         4d:e6:dc:f2:9e:14:1a:a3:6d:c4:31:b9:ad:65:7f:d8:e6:25:
         1c:55:6a:dc:3d:72:5b:7a:66:a3:5f:e3:86:82:c6:92:23:cd:
         0f:ac:e1:59:41:26:5f:c3:13:dd:bb:98:77:50:d8:e5:85:d9:
         4d:7a:9c:09:c8:56:86:f3:1d:cb:26:a5:5e:2a:0e:9e:ca:04:
         2f:a1:9d:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFATabP7g5sv24bUe80hI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMmY2NGY3ZjY5N2FhOWI2ZTk5ODJjMGI3NmJiNzg0MjEz
Mzg3NmEwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTM1ODc5MGVmNDVhN2MxY2RiZTAxOGUxNjNjZGJmMWY2YzEwZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoajCroPYNJGugsQAaxZ0Ho882N+v
+ZuEb/4DM75Wa+7TXbG6Y40TeLhSuZXoO/gtTL5MV+jgXjNne/uWlXsyBcXbLriq
NQBfuHvlsb+jxShI8HodQxyzHh44ftb7EJrasS32Rygs73HPKnMime0bHBbGcRp/
nrsi6jIYI34JiOm6vJRvmPW+aWxAuRPiEfTdosdrGjTco8b4vGsx4ZUzr9XiwEWm
OfOtlkmdV+3kLb+PE47mrez+T74JWybGWkOpbhQsca6OhBeMT/4zlL9bmOCAot5M
Ozftiq7R2qQl3TZFbWOZSCxuHULqTlg2JoSZoMpTA23NyjWE8yAUaqehswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDo1h5DvRafBzb4BjhY82/H2wQ70MB8GA1UdIwQY
MBaAFOEvZPf2l6qbbpmCwLdrt4QhM4dqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFM5azlfYVhxcHR1bVlMQXQydTNoQ0V6aDJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9lN2QxYTktYWM3Ni00YTlmLWIxNzUt
NDdjMTBhNWNlNTM0LzEvT2pXSGtPOUZwOEhOdmdHT0ZqemI4ZmJCRHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9lN2QxYTktYWM3Ni00YTlmLWIxNzUtNDdjMTBhNWNlNTM0
LzEvNFM5azlfYVhxcHR1bVlMQXQydTNoQ0V6aDJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCqg
MA0GCSqGSIb3DQEBCwUAA4IBAQCH+Evwvf0vnHag8sr/Vk7oeizyK68B02/TMGIt
TNyMDjhz0kK8uIG5aaB6ogrTF4OFrpu5OEJuwssrVWJ7SUeoJwHcVrrDoBqvSUKc
6Igig8t1bPEhtQizQldKrdGOuc2SVULU7NUet9e4g5e03Xo2HpIxF7LgDmMP4+9L
+X24H2TMlf7SLNdsk3F2sAzb4h7f2voT0fhQ9t3sQm5BNco8y81t54PGOiS4U+Nf
dZR3QC6DrRhN5tzynhQao23EMbmtZX/Y5iUcVWrcPXJbemajX+OGgsaSI80PrOFZ
QSZfwxPdu5h3UNjlhdlNepwJyFaG8x3LJqVeKg6eygQvoZ12
-----END CERTIFICATE-----