Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/oA8a-oXx9pow9BUhHBz5Gj2ey20.roa
File:                     oA8a-oXx9pow9BUhHBz5Gj2ey20.roa (raw, json)
Hash identifier:          P8aucoPK4I7VKHqG892ZvmCWsbqYjRLXnCADjuBvAnE=
Subject key identifier:   A0:0F:1A:FA:85:F1:F6:9A:30:F4:15:21:1C:1C:F9:1A:3D:9E:CB:6D
Certificate issuer:       /CN=65a665b90069bd71850602e7400c529793269e39
Certificate serial:       018E4858391B1ED51EA7831492CE42AF4ACE
Authority key identifier: 65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/oA8a-oXx9pow9BUhHBz5Gj2ey20.roa
Signing time:             Sat 16 Mar 2024 17:38:45 +0000
ROA not before:           Sat 16 Mar 2024 17:38:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57027
IP address blocks:        2a09:2b80:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:48:58:39:1b:1e:d5:1e:a7:83:14:92:ce:42:af:4a:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65a665b90069bd71850602e7400c529793269e39
        Validity
            Not Before: Mar 16 17:38:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a00f1afa85f1f69a30f415211c1cf91a3d9ecb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d3:7a:88:ba:e6:5b:13:c3:bb:48:4f:43:c8:
                    8a:b5:8b:d4:42:74:50:d0:57:0a:8d:2e:94:ab:67:
                    78:6d:bf:40:da:18:6b:94:f3:f5:61:68:ca:b0:6c:
                    4c:5c:b5:18:b4:2a:d4:53:e8:f1:8c:c1:aa:57:b5:
                    8b:c2:ab:76:ec:97:a2:e8:59:52:02:5c:5f:c3:d5:
                    dd:34:e6:c2:5e:bd:4c:e0:e7:d3:d7:0f:d9:bd:13:
                    06:b0:17:90:04:76:f2:b9:30:b6:70:95:bf:e4:40:
                    07:20:a2:ca:38:be:12:39:4e:26:a8:15:13:ff:4f:
                    f2:2f:df:2f:aa:1e:79:58:2d:51:e0:ef:1a:50:bc:
                    30:58:81:ea:98:1d:8f:79:a2:3a:87:80:56:19:25:
                    89:b0:7e:0a:41:eb:88:be:ee:a7:2e:20:35:eb:19:
                    04:0e:2a:8e:0e:32:58:d1:47:55:0d:8b:1a:f8:81:
                    73:ef:16:43:2e:5b:5b:69:fe:e9:90:74:36:3f:db:
                    75:e5:ac:c8:43:4e:9c:17:6a:df:26:c9:cd:12:4a:
                    c0:5c:28:22:ef:e7:73:56:50:f4:8d:7c:39:19:c0:
                    f7:01:cf:39:f6:e1:a9:c7:af:84:c6:5f:7d:72:5a:
                    91:0d:5c:8d:79:87:37:bc:0f:79:46:7d:e2:f7:d4:
                    de:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:0F:1A:FA:85:F1:F6:9A:30:F4:15:21:1C:1C:F9:1A:3D:9E:CB:6D
            X509v3 Authority Key Identifier:
                keyid:65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/oA8a-oXx9pow9BUhHBz5Gj2ey20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:2b80:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:ee:f0:fa:11:55:cf:3d:b4:2c:27:dc:48:9c:93:65:18:49:
         05:0b:81:b1:cb:01:c6:9b:88:a2:6b:7f:d6:fc:78:02:9c:97:
         3c:08:4d:64:5b:ac:13:71:67:e9:aa:37:8e:95:2c:a8:4a:f5:
         68:06:b3:ff:b0:b1:9c:0f:b1:6c:4c:18:d8:ec:0a:3f:05:6b:
         5d:5f:9f:96:43:73:b7:c0:61:b0:fe:a9:6f:e9:a9:9a:8b:64:
         6b:a9:72:0e:3e:77:73:02:21:f3:15:2a:e6:36:5d:51:fc:e0:
         35:6e:76:d8:a6:a1:11:25:e5:e3:8c:34:99:97:d3:0f:98:23:
         47:a0:2b:ea:ec:d7:c2:d7:ad:fd:b5:7b:be:f7:a3:91:0f:e1:
         2f:0b:6b:f3:60:db:22:b2:1e:dc:63:ab:d9:25:49:86:16:1f:
         95:d1:fd:da:96:af:dc:33:87:df:99:ce:2b:e9:74:34:e0:ef:
         30:45:1b:92:10:23:f9:82:f3:48:e7:f3:a4:0c:99:31:85:5e:
         1c:be:6b:66:1b:cb:71:f1:77:73:85:19:08:da:a5:f5:e6:3d:
         ee:d9:f6:ef:e8:48:2f:bf:fc:c8:f9:cc:b0:40:96:ae:37:9b:
         91:37:58:89:17:46:c7:be:cb:44:2a:07:be:40:d5:63:5f:15:
         06:ab:d2:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5IWDkbHtUep4MUks5Cr0rOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTY2NWI5MDA2OWJkNzE4NTA2MDJlNzQwMGM1Mjk3OTMy
NjllMzkwHhcNMjQwMzE2MTczODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDBmMWFmYTg1ZjFmNjlhMzBmNDE1MjExYzFjZjkxYTNkOWVjYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotN6iLrmWxPDu0hPQ8iKtYvUQnRQ
0FcKjS6Uq2d4bb9A2hhrlPP1YWjKsGxMXLUYtCrUU+jxjMGqV7WLwqt27Jei6FlS
Alxfw9XdNObCXr1M4OfT1w/ZvRMGsBeQBHbyuTC2cJW/5EAHIKLKOL4SOU4mqBUT
/0/yL98vqh55WC1R4O8aULwwWIHqmB2PeaI6h4BWGSWJsH4KQeuIvu6nLiA16xkE
DiqODjJY0UdVDYsa+IFz7xZDLltbaf7pkHQ2P9t15azIQ06cF2rfJsnNEkrAXCgi
7+dzVlD0jXw5GcD3Ac859uGpx6+Exl99clqRDVyNeYc3vA95Rn3i99Te9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKAPGvqF8faaMPQVIRwc+Ro9nsttMB8GA1UdIwQY
MBaAFGWmZbkAab1xhQYC50AMUpeTJp45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjct
Yzk0NTdlYzgxMTUxLzEvb0E4YS1vWHg5cG93OUJVaEhCejVHajJleTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjctYzk0NTdlYzgxMTUx
LzEvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkrgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCb7vD6EVXPPbQsJ9xInJNlGEkFC4GxywHGm4ii
a3/W/HgCnJc8CE1kW6wTcWfpqjeOlSyoSvVoBrP/sLGcD7FsTBjY7Ao/BWtdX5+W
Q3O3wGGw/qlv6amai2RrqXIOPndzAiHzFSrmNl1R/OA1bnbYpqERJeXjjDSZl9MP
mCNHoCvq7NfC1639tXu+96ORD+EvC2vzYNsish7cY6vZJUmGFh+V0f3alq/cM4ff
mc4r6XQ04O8wRRuSECP5gvNI5/OkDJkxhV4cvmtmG8tx8XdzhRkI2qX15j3u2fbv
6Egvv/zI+cywQJauN5uRN1iJF0bHvstEKge+QNVjXxUGq9J/
-----END CERTIFICATE-----