Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/oSQl-ulBiLFGFGkOYK9mxmuk4r8.roa
File:                     oSQl-ulBiLFGFGkOYK9mxmuk4r8.roa (raw, json)
Hash identifier:          5KoMzs9NOXMqMQdNJGucf0NWyvVGcR5F20AWKQzxZwA=
Subject key identifier:   A1:24:25:FA:E9:41:88:B1:46:14:69:0E:60:AF:66:C6:6B:A4:E2:BF
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018CC6B8163224F143A5EC11E4F26A990490
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/oSQl-ulBiLFGFGkOYK9mxmuk4r8.roa
Signing time:             Mon 01 Jan 2024 20:30:02 +0000
ROA not before:           Mon 01 Jan 2024 20:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42087
IP address blocks:        2a00:1fa2:80c0::/48 maxlen: 48
                          2a00:1fa2:ba00::/40 maxlen: 40
                          2a00:1fa2:baf0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:16:32:24:f1:43:a5:ec:11:e4:f2:6a:99:04:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  1 20:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a12425fae94188b14614690e60af66c66ba4e2bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:b8:94:3c:95:49:d6:4a:d8:86:96:45:92:fa:
                    9b:60:97:36:fb:24:c4:77:73:a4:be:61:98:75:7d:
                    53:2b:a0:4b:23:fb:a0:5f:30:d4:f7:45:cc:7a:45:
                    d8:be:08:c0:c7:10:73:ac:28:22:c6:39:14:c6:79:
                    ee:da:29:d9:32:e3:fe:9c:c1:41:4d:91:e4:0b:4f:
                    a1:15:e1:08:41:fe:ec:c7:23:a9:2a:d0:60:fe:ca:
                    c6:2f:c6:ce:f4:c2:c4:46:7f:52:70:93:92:88:40:
                    b5:1e:41:30:12:18:cc:67:51:5b:6d:b6:5d:16:45:
                    61:2e:a3:20:27:76:e8:5e:15:cd:aa:0a:6a:0c:5a:
                    7d:69:8c:ae:13:db:a1:e0:85:85:10:9a:c4:92:2f:
                    ca:1c:4d:17:7d:87:8b:1f:40:e2:e3:d6:be:c4:b1:
                    4f:e8:82:0c:78:5c:af:0c:40:63:90:8b:8f:5f:41:
                    4c:8a:16:a7:74:ef:30:e7:b2:cf:69:a3:5e:c5:61:
                    fd:f1:b7:b1:fa:6f:b4:df:f0:6a:ea:86:ff:25:4f:
                    4e:99:bb:9e:d3:56:21:13:7f:1f:6d:c1:29:a0:9f:
                    23:f0:ec:b2:90:d7:7c:01:a6:fc:df:16:dc:7c:cc:
                    ec:e3:c2:68:8c:d6:2e:ba:cb:d5:02:5c:0a:1f:c6:
                    cc:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:24:25:FA:E9:41:88:B1:46:14:69:0E:60:AF:66:C6:6B:A4:E2:BF
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/oSQl-ulBiLFGFGkOYK9mxmuk4r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1fa2:80c0::/48
                  2a00:1fa2:ba00::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:98:27:f7:5e:01:b8:9b:73:57:cd:cc:aa:92:12:f6:01:2a:
         cc:cd:87:20:5d:c8:b7:90:55:23:b3:dc:d9:6f:e3:7b:54:c7:
         b8:b6:42:73:b9:73:9b:7f:27:49:15:bb:3d:31:6f:6a:00:06:
         1e:85:95:7c:ba:e7:12:77:1c:10:2f:93:57:22:5d:4d:6e:a5:
         a3:b3:b3:a6:09:77:e8:51:f6:b2:ec:66:41:20:da:4e:2b:30:
         69:cc:7e:96:e1:1e:09:20:be:c5:7a:fa:bf:06:2d:4d:8a:04:
         a3:a6:87:9f:8f:fa:f9:0f:38:6c:d9:6c:cf:a3:0f:85:9d:cd:
         8e:78:ef:64:be:d3:e9:f4:b2:18:ab:49:10:e4:f6:1e:0e:9e:
         ea:b0:7f:8b:9f:6b:3c:34:fc:92:4f:52:74:72:0b:7b:75:25:
         f1:a1:cf:57:52:66:d3:02:dd:89:c1:f7:35:3f:46:13:53:01:
         75:28:6b:f2:f2:a4:1e:52:f9:75:ae:de:6b:94:a3:2a:00:54:
         6e:b0:fe:e8:81:97:e7:2e:db:a5:5a:89:a3:18:2d:6b:e4:fa:
         c6:87:30:a8:79:95:3e:8f:ef:54:68:20:ef:d4:e7:31:ce:66:
         5a:ee:2d:10:5e:71:d1:cd:33:31:c3:c6:68:c3:c1:7b:16:14:
         85:4c:1e:2a
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzGuBYyJPFDpewR5PJqmQSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMTAxMjAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTI0MjVmYWU5NDE4OGIxNDYxNDY5MGU2MGFmNjZjNjZiYTRlMmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbiUPJVJ1krYhpZFkvqbYJc2+yTE
d3OkvmGYdX1TK6BLI/ugXzDU90XMekXYvgjAxxBzrCgixjkUxnnu2inZMuP+nMFB
TZHkC0+hFeEIQf7sxyOpKtBg/srGL8bO9MLERn9ScJOSiEC1HkEwEhjMZ1FbbbZd
FkVhLqMgJ3boXhXNqgpqDFp9aYyuE9uh4IWFEJrEki/KHE0XfYeLH0Di49a+xLFP
6IIMeFyvDEBjkIuPX0FMihandO8w57LPaaNexWH98bex+m+03/Bq6ob/JU9Ombue
01YhE38fbcEpoJ8j8OyykNd8Aab83xbcfMzs48JojNYuusvVAlwKH8bMywIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFKEkJfrpQYixRhRpDmCvZsZrpOK/MB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvb1NRbC11bEJpTEZHRkdrT1lLOW14bXVrNHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgAfooDA
AwYAKgAforowDQYJKoZIhvcNAQELBQADggEBACyYJ/deAbibc1fNzKqSEvYBKszN
hyBdyLeQVSOz3Nlv43tUx7i2QnO5c5t/J0kVuz0xb2oABh6FlXy65xJ3HBAvk1ci
XU1upaOzs6YJd+hR9rLsZkEg2k4rMGnMfpbhHgkgvsV6+r8GLU2KBKOmh5+P+vkP
OGzZbM+jD4WdzY5472S+0+n0shirSRDk9h4Onuqwf4ufazw0/JJPUnRyC3t1JfGh
z1dSZtMC3YnB9zU/RhNTAXUoa/LypB5S+XWu3muUoyoAVG6w/uiBl+cu26VaiaMY
LWvk+saHMKh5lT6P71RoIO/U5zHOZlruLRBecdHNMzHDxmjDwXsWFIVMHio=
-----END CERTIFICATE-----