Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/ojUuoHAFCN5VqQn5OHXFULcSpWU.roa
File:                     ojUuoHAFCN5VqQn5OHXFULcSpWU.roa (raw, json)
Hash identifier:          d1Rs8dqamLj69r20VmQXXjrZqGfYtRPAVR6bIqvrZiY=
Subject key identifier:   A2:35:2E:A0:70:05:08:DE:55:A9:09:F9:38:75:C5:50:B7:12:A5:65
Certificate issuer:       /CN=59f2470c03a0f0bad00846b0f67c7a232d557288
Certificate serial:       018CC2DB08FB66C9C80E416DAC2CC8667C23
Authority key identifier: 59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/ojUuoHAFCN5VqQn5OHXFULcSpWU.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211595
IP address blocks:        2001:678:f10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:08:fb:66:c9:c8:0e:41:6d:ac:2c:c8:66:7c:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59f2470c03a0f0bad00846b0f67c7a232d557288
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2352ea0700508de55a909f93875c550b712a565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:54:9f:71:e3:0a:9c:c4:21:80:f9:3f:11:58:
                    f3:6f:ff:f7:bc:70:2d:9d:90:60:b0:45:f9:7e:54:
                    80:33:69:2e:b6:64:5f:f5:c6:19:8f:2f:18:96:87:
                    8c:94:4b:e6:26:d5:91:47:76:b8:d6:e4:2e:54:92:
                    b5:8f:c0:52:96:39:f2:0c:2a:ac:b0:f2:ab:de:12:
                    75:d3:28:0e:c0:2e:93:ba:51:63:7a:7f:ff:63:63:
                    8f:7c:d4:10:8e:bc:7d:33:36:1b:9b:7e:45:21:b4:
                    54:47:95:92:1f:75:f9:ae:71:96:42:62:77:ea:ad:
                    2e:53:5a:ad:33:f7:ed:3a:ad:e7:b8:19:be:a7:f6:
                    e5:5c:a3:87:5e:b1:c7:de:66:ca:c0:8d:da:0c:d7:
                    36:68:8c:82:f0:b0:77:93:b4:ca:5a:cf:31:2d:4f:
                    cd:d9:13:cb:42:03:e6:df:df:59:28:a6:6c:83:10:
                    f2:56:a4:1c:6d:8e:90:c0:1b:7d:6e:f2:86:0b:5a:
                    60:6f:77:12:1a:0c:f1:eb:df:0a:14:6f:62:1a:48:
                    90:15:5e:fa:fb:de:35:cc:bf:66:50:76:a0:ba:05:
                    6b:26:a9:e8:52:18:ab:14:43:e2:87:ee:a7:57:0a:
                    72:04:f5:59:d3:d8:09:d9:3f:24:a0:6f:5e:29:69:
                    45:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:35:2E:A0:70:05:08:DE:55:A9:09:F9:38:75:C5:50:B7:12:A5:65
            X509v3 Authority Key Identifier:
                keyid:59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/ojUuoHAFCN5VqQn5OHXFULcSpWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f10::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:0d:b5:f7:3c:4a:3f:36:40:49:83:99:d7:b1:3d:94:60:9c:
         4c:9e:dc:67:89:4a:4e:48:27:1e:86:f8:f4:f1:d8:60:86:9c:
         8b:19:77:c1:d3:72:61:84:6c:70:92:a2:75:3a:dc:d7:72:4b:
         ce:1f:2c:fb:bf:10:ec:8a:d1:e4:05:56:83:4f:ad:a4:69:d0:
         5a:3c:cb:06:18:9f:83:4e:03:fe:49:e6:b4:b5:b2:7a:6c:87:
         32:ef:fa:35:22:c1:e3:14:de:95:90:4f:be:0c:7f:b4:1c:6d:
         4d:9e:21:52:c1:59:91:b3:f7:3e:8c:08:93:e6:cb:8a:22:b1:
         86:30:84:dd:a2:9a:94:62:05:1e:57:20:ce:da:38:f7:0c:b0:
         a0:e4:37:9e:00:d0:74:5e:7b:66:28:92:ca:c1:80:15:ae:be:
         22:88:42:05:e0:f1:43:6d:fd:20:3e:af:ca:4e:6d:20:64:c5:
         40:8f:ea:3e:d7:97:7b:91:0d:81:5c:01:d1:a6:84:f8:e9:30:
         a9:7d:8f:de:0b:ac:6a:1f:92:0f:5d:a8:3b:c4:92:e0:54:58:
         cb:1f:1a:a4:3a:fd:e9:8f:93:c9:76:95:96:ad:86:e9:1d:9c:
         47:e7:fa:f3:bf:28:67:58:d5:aa:52:2a:49:ea:a3:b3:7c:4e:
         bf:20:47:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wj7ZsnIDkFtrCzIZnwjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZjI0NzBjMDNhMGYwYmFkMDA4NDZiMGY2N2M3YTIzMmQ1
NTcyODgwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjM1MmVhMDcwMDUwOGRlNTVhOTA5ZjkzODc1YzU1MGI3MTJhNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslSfceMKnMQhgPk/EVjzb//3vHAt
nZBgsEX5flSAM2kutmRf9cYZjy8YloeMlEvmJtWRR3a41uQuVJK1j8BSljnyDCqs
sPKr3hJ10ygOwC6TulFjen//Y2OPfNQQjrx9MzYbm35FIbRUR5WSH3X5rnGWQmJ3
6q0uU1qtM/ftOq3nuBm+p/blXKOHXrHH3mbKwI3aDNc2aIyC8LB3k7TKWs8xLU/N
2RPLQgPm399ZKKZsgxDyVqQcbY6QwBt9bvKGC1pgb3cSGgzx698KFG9iGkiQFV76
+941zL9mUHagugVrJqnoUhirFEPih+6nVwpyBPVZ09gJ2T8koG9eKWlFeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKI1LqBwBQjeVakJ+Th1xVC3EqVlMB8GA1UdIwQY
MBaAFFnyRwwDoPC60AhGsPZ8eiMtVXKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2ZKSERBT2c4THJRQ0VhdzlueDZJeTFWY29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9jZWM2ZDYtNmQzNC00MTA3LWI2NzIt
OTJiZWYzNGU3N2FhLzEvb2pVdW9IQUZDTjVWcVFuNU9IWEZVTGNTcFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9jZWM2ZDYtNmQzNC00MTA3LWI2NzItOTJiZWYzNGU3N2Fh
LzEvV2ZKSERBT2c4THJRQ0VhdzlueDZJeTFWY29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBNDbX3PEo/NkBJg5nXsT2UYJxMntxniUpOSCce
hvj08dhghpyLGXfB03JhhGxwkqJ1OtzXckvOHyz7vxDsitHkBVaDT62kadBaPMsG
GJ+DTgP+Sea0tbJ6bIcy7/o1IsHjFN6VkE++DH+0HG1NniFSwVmRs/c+jAiT5suK
IrGGMITdopqUYgUeVyDO2jj3DLCg5DeeANB0XntmKJLKwYAVrr4iiEIF4PFDbf0g
Pq/KTm0gZMVAj+o+15d7kQ2BXAHRpoT46TCpfY/eC6xqH5IPXag7xJLgVFjLHxqk
Ov3pj5PJdpWWrYbpHZxH5/rzvyhnWNWqUipJ6qOzfE6/IEcR
-----END CERTIFICATE-----