Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/62a01d-feec-40fd-98ed-bc8c6d286f1c/1/oWlr_uW-RDGIMuuobnwEIiCJSgI.roa
File:                     oWlr_uW-RDGIMuuobnwEIiCJSgI.roa (raw, json)
Hash identifier:          MAvaSFeJiDUzlWeeKL9g0PPGZ7/3VwdxNEE0s04/Bfw=
Subject key identifier:   A1:69:6B:FE:E5:BE:44:31:88:32:EB:A8:6E:7C:04:22:20:89:4A:02
Certificate issuer:       /CN=b8155ac34b6ec15f226ae9913d6aecfca7a784d4
Certificate serial:       018CC3B6D22A6213B710FEA47A479EE115BC
Authority key identifier: B8:15:5A:C3:4B:6E:C1:5F:22:6A:E9:91:3D:6A:EC:FC:A7:A7:84:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uBVaw0tuwV8iaumRPWrs_KenhNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/62a01d-feec-40fd-98ed-bc8c6d286f1c/1/oWlr_uW-RDGIMuuobnwEIiCJSgI.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204693
IP address blocks:        2a02:e220:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/62a01d-feec-40fd-98ed-bc8c6d286f1c/1/uBVaw0tuwV8iaumRPWrs_KenhNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/62a01d-feec-40fd-98ed-bc8c6d286f1c/1/uBVaw0tuwV8iaumRPWrs_KenhNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uBVaw0tuwV8iaumRPWrs_KenhNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d2:2a:62:13:b7:10:fe:a4:7a:47:9e:e1:15:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8155ac34b6ec15f226ae9913d6aecfca7a784d4
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1696bfee5be44318832eba86e7c042220894a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:48:61:05:28:5d:0b:fc:1b:92:44:4b:55:60:
                    5f:86:4f:1f:a3:de:99:29:01:38:5c:13:27:6c:d3:
                    41:5d:98:e5:f1:24:e3:92:7e:62:db:8a:e4:87:55:
                    dc:d2:7a:6d:ec:1a:cd:f6:87:20:24:3f:27:97:02:
                    c2:d6:28:db:d3:a7:09:d1:8a:25:b8:44:93:a1:ad:
                    fb:24:53:83:18:0a:b3:f3:35:21:86:7e:ec:fd:d1:
                    82:57:5e:09:af:dd:7e:dc:aa:4f:52:13:6c:f9:f7:
                    30:5a:dd:50:e3:bb:09:bf:c9:d0:c5:c3:1a:67:53:
                    c5:89:c1:a7:d2:33:c8:20:09:0f:de:64:8d:37:60:
                    a6:c7:39:28:ec:d0:22:51:9d:2f:1c:cd:1e:47:6d:
                    5b:4c:f0:18:ee:c8:5b:d5:ec:97:ef:53:e3:fa:a7:
                    da:ed:4d:fa:2a:04:6c:6a:f9:63:63:e3:d9:2c:be:
                    c5:4e:57:03:49:98:4a:34:ee:11:de:a2:2f:d3:7f:
                    be:d7:da:fe:87:f0:2f:03:77:0f:81:26:5b:9d:52:
                    48:25:0e:ca:78:34:3d:74:de:76:c3:c6:46:23:d3:
                    32:23:b6:37:99:66:8e:63:2b:5a:bd:a6:07:aa:5f:
                    7d:92:09:0c:b9:aa:9d:21:3f:87:0b:d9:04:8c:64:
                    92:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:69:6B:FE:E5:BE:44:31:88:32:EB:A8:6E:7C:04:22:20:89:4A:02
            X509v3 Authority Key Identifier:
                keyid:B8:15:5A:C3:4B:6E:C1:5F:22:6A:E9:91:3D:6A:EC:FC:A7:A7:84:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uBVaw0tuwV8iaumRPWrs_KenhNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/62a01d-feec-40fd-98ed-bc8c6d286f1c/1/oWlr_uW-RDGIMuuobnwEIiCJSgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/62a01d-feec-40fd-98ed-bc8c6d286f1c/1/uBVaw0tuwV8iaumRPWrs_KenhNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e220:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:a6:0a:f9:82:a1:dd:df:45:50:82:d8:5d:75:2a:7d:95:33:
         3e:35:7f:1b:79:d4:e4:fa:df:20:76:44:5b:b2:e8:f6:be:4c:
         fd:9d:f9:a6:1d:1a:76:58:bb:bd:4d:1b:5e:bc:72:11:e9:bc:
         bb:1f:5a:50:0f:a0:5e:c2:96:8b:57:6a:22:c8:f0:d9:43:56:
         56:d7:9a:42:34:a7:5a:cb:f9:bc:96:10:96:42:05:1b:76:cd:
         94:5f:32:b0:b5:77:86:59:3a:e9:a4:30:f1:67:8a:25:7f:ec:
         53:39:3a:e9:62:00:fd:7c:17:e9:f1:ee:40:ae:98:21:d6:e4:
         75:9f:3e:a0:46:ea:3c:5a:29:bd:63:f8:ae:bf:58:3d:cb:b2:
         3b:18:8f:5f:44:c2:47:59:90:92:8c:9b:f7:c9:c4:f5:1b:79:
         ac:02:e4:c9:25:69:98:e5:8d:6e:54:5f:f4:c4:0c:de:ce:b0:
         c7:7d:47:6a:21:dd:1e:47:02:bb:11:d9:b7:d2:02:b7:1c:51:
         de:38:a3:8b:9a:51:54:7e:1c:47:1f:6e:7a:47:c8:97:f4:70:
         49:d2:56:57:89:be:cb:cf:2c:3e:67:fc:a2:8b:6c:c2:96:1f:
         e1:76:33:b6:f8:a3:36:d4:38:35:4e:02:33:d1:0d:50:ac:a8:
         b3:79:c9:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDttIqYhO3EP6kekee4RW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MTU1YWMzNGI2ZWMxNWYyMjZhZTk5MTNkNmFlY2ZjYTdh
Nzg0ZDQwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTY5NmJmZWU1YmU0NDMxODgzMmViYTg2ZTdjMDQyMjIwODk0YTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0khhBShdC/wbkkRLVWBfhk8fo96Z
KQE4XBMnbNNBXZjl8STjkn5i24rkh1Xc0npt7BrN9ocgJD8nlwLC1ijb06cJ0Yol
uESToa37JFODGAqz8zUhhn7s/dGCV14Jr91+3KpPUhNs+fcwWt1Q47sJv8nQxcMa
Z1PFicGn0jPIIAkP3mSNN2Cmxzko7NAiUZ0vHM0eR21bTPAY7shb1eyX71Pj+qfa
7U36KgRsavljY+PZLL7FTlcDSZhKNO4R3qIv03++19r+h/AvA3cPgSZbnVJIJQ7K
eDQ9dN52w8ZGI9MyI7Y3mWaOYytavaYHql99kgkMuaqdIT+HC9kEjGSSHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKFpa/7lvkQxiDLrqG58BCIgiUoCMB8GA1UdIwQY
MBaAFLgVWsNLbsFfImrpkT1q7Pynp4TUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUJWYXcwdHV3VjhpYXVtUlBXcnNfS2VuaE5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC82MmEwMWQtZmVlYy00MGZkLTk4ZWQt
YmM4YzZkMjg2ZjFjLzEvb1dscl91Vy1SREdJTXV1b2Jud0VJaUNKU2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC82MmEwMWQtZmVlYy00MGZkLTk4ZWQtYmM4YzZkMjg2ZjFj
LzEvdUJWYXcwdHV3VjhpYXVtUlBXcnNfS2VuaE5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLiIAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQAJpgr5gqHd30VQgthddSp9lTM+NX8bedTk+t8g
dkRbsuj2vkz9nfmmHRp2WLu9TRtevHIR6by7H1pQD6BewpaLV2oiyPDZQ1ZW15pC
NKday/m8lhCWQgUbds2UXzKwtXeGWTrppDDxZ4olf+xTOTrpYgD9fBfp8e5Arpgh
1uR1nz6gRuo8Wim9Y/iuv1g9y7I7GI9fRMJHWZCSjJv3ycT1G3msAuTJJWmY5Y1u
VF/0xAzezrDHfUdqId0eRwK7Edm30gK3HFHeOKOLmlFUfhxHH256R8iX9HBJ0lZX
ib7Lzyw+Z/yii2zClh/hdjO2+KM21Dg1TgIz0Q1QrKizecmD
-----END CERTIFICATE-----