Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/OVtacBhFparFzA-VK57YO0y03m8.roa
File:                     OVtacBhFparFzA-VK57YO0y03m8.roa (raw, json)
Hash identifier:          N6MabMbeLUr71XAZxpIYhW2kQPSVkUOZJml4SO6pE4k=
Subject key identifier:   39:5B:5A:70:18:45:A5:AA:C5:CC:0F:95:2B:9E:D8:3B:4C:B4:DE:6F
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       01942747C2547394FF2686A1B43EA1AE687F
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/OVtacBhFparFzA-VK57YO0y03m8.roa
Signing time:             Thu 02 Jan 2025 13:50:01 +0000
ROA not before:           Thu 02 Jan 2025 13:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197993
IP address blocks:        2a05:b0c7:1800::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c2:54:73:94:ff:26:86:a1:b4:3e:a1:ae:68:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  2 13:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=395b5a701845a5aac5cc0f952b9ed83b4cb4de6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:59:20:98:96:f3:72:61:57:5e:88:bb:ce:21:
                    f6:0f:6c:df:0d:53:97:8a:48:44:8b:5e:58:a3:e9:
                    c0:f8:90:99:6b:be:09:ee:e3:dd:84:03:9d:ea:07:
                    f3:e9:30:c3:db:0a:00:0f:3a:2d:09:d6:48:0d:3b:
                    52:78:8a:4c:a0:78:23:c3:81:fc:cb:14:a0:5d:73:
                    d7:02:3c:fa:51:76:c5:4d:fe:65:30:9a:75:e4:88:
                    f7:20:b7:eb:1a:64:cd:51:98:4b:31:50:16:fc:5a:
                    7a:9d:c6:46:43:25:0a:ea:b5:62:4e:a1:cd:9c:ee:
                    5f:23:3f:65:0b:09:f7:81:00:73:9f:24:14:c2:c1:
                    4b:28:4f:d5:1f:7f:96:40:34:aa:61:b3:01:91:ca:
                    8d:6e:e7:c7:b7:e5:75:92:c0:5e:bb:5e:9b:b1:82:
                    e1:39:aa:a8:a6:c8:1d:cd:54:85:37:69:31:2c:4b:
                    53:d5:6c:bf:8e:66:f6:4c:c6:00:78:b8:e5:1c:5d:
                    31:31:37:93:14:d5:dc:39:98:44:c3:81:03:11:17:
                    9e:5b:37:f3:e6:22:6d:55:b1:0a:36:27:7b:06:66:
                    55:00:d8:69:7f:01:71:61:10:4a:e0:b8:37:fc:e1:
                    b2:ca:5e:11:08:be:69:2e:55:c8:40:b9:f8:11:e9:
                    00:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5B:5A:70:18:45:A5:AA:C5:CC:0F:95:2B:9E:D8:3B:4C:B4:DE:6F
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/OVtacBhFparFzA-VK57YO0y03m8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:1800::/39

    Signature Algorithm: sha256WithRSAEncryption
         00:8a:5c:d0:60:7a:40:d2:c1:21:fb:91:95:4e:db:29:d4:bd:
         d6:f6:1e:cd:4a:57:b0:40:ac:5a:38:68:d5:69:da:d7:18:67:
         e0:47:46:89:e2:19:31:c0:b0:70:f7:ef:aa:d4:e0:7d:db:14:
         af:53:d0:fd:16:e7:4f:6e:cf:a3:a9:96:4c:22:71:ba:a8:e9:
         d6:c8:85:71:54:ff:a6:e2:f8:70:2a:22:23:71:5b:7a:a8:e4:
         02:79:bb:b7:ee:4c:f3:60:35:ba:d3:e4:71:ec:93:41:75:15:
         d8:32:83:11:17:1a:20:67:14:51:71:8c:16:49:7c:b5:6d:cf:
         dc:c9:ec:e0:36:0f:0b:77:df:a8:2f:39:84:18:55:61:85:bf:
         ae:3a:08:b9:e6:ec:b5:3a:f6:ec:7f:a6:a2:b9:5c:2a:ea:43:
         12:69:e6:bb:7e:a7:09:0b:90:c9:cb:a0:51:cc:c6:8e:2c:8c:
         b1:46:fa:e6:cf:e0:9d:c6:5a:fd:a9:53:6f:bc:77:aa:0a:ef:
         75:e5:73:06:c5:3a:8f:ae:e4:e1:32:aa:38:62:00:8a:d7:bd:
         e0:e9:12:a7:65:4c:a4:db:73:65:dc:00:4d:01:6c:2e:15:53:
         54:cd:32:f4:18:d7:19:09:cd:57:0e:5a:ff:79:4e:0b:37:bf:
         7b:31:03:37
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnR8JUc5T/JoahtD6hrmh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjUwMTAyMTM1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTViNWE3MDE4NDVhNWFhYzVjYzBmOTUyYjllZDgzYjRjYjRkZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFkgmJbzcmFXXoi7ziH2D2zfDVOX
ikhEi15Yo+nA+JCZa74J7uPdhAOd6gfz6TDD2woADzotCdZIDTtSeIpMoHgjw4H8
yxSgXXPXAjz6UXbFTf5lMJp15Ij3ILfrGmTNUZhLMVAW/Fp6ncZGQyUK6rViTqHN
nO5fIz9lCwn3gQBznyQUwsFLKE/VH3+WQDSqYbMBkcqNbufHt+V1ksBeu16bsYLh
OaqopsgdzVSFN2kxLEtT1Wy/jmb2TMYAeLjlHF0xMTeTFNXcOZhEw4EDEReeWzfz
5iJtVbEKNid7BmZVANhpfwFxYRBK4Lg3/OGyyl4RCL5pLlXIQLn4EekACwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDlbWnAYRaWqxcwPlSue2DtMtN5vMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvT1Z0YWNCaEZwYXJGekEtVks1N1lPMHkwM204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKgWwxxgw
DQYJKoZIhvcNAQELBQADggEBAACKXNBgekDSwSH7kZVO2ynUvdb2Hs1KV7BArFo4
aNVp2tcYZ+BHRoniGTHAsHD376rU4H3bFK9T0P0W509uz6Oplkwicbqo6dbIhXFU
/6bi+HAqIiNxW3qo5AJ5u7fuTPNgNbrT5HHsk0F1FdgygxEXGiBnFFFxjBZJfLVt
z9zJ7OA2Dwt336gvOYQYVWGFv646CLnm7LU69ux/pqK5XCrqQxJp5rt+pwkLkMnL
oFHMxo4sjLFG+ubP4J3GWv2pU2+8d6oK73XlcwbFOo+u5OEyqjhiAIrXveDpEqdl
TKTbc2XcAE0BbC4VU1TNMvQY1xkJzVcOWv95Tgs3v3sxAzc=
-----END CERTIFICATE-----