Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/3ooXVVLaxpn35kqYTkRMjEWcFK0.roa
File:                     3ooXVVLaxpn35kqYTkRMjEWcFK0.roa (raw, json)
Hash identifier:          iQbFYzdFb8hAZhD2xi+7yfuSub61EWzsoHZAvPrS9YQ=
Subject key identifier:   DE:8A:17:55:52:DA:C6:99:F7:E6:4A:98:4E:44:4C:8C:45:9C:14:AD
Certificate issuer:       /CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
Certificate serial:       018DC706FB73824F00268D5261D2A4C657D5
Authority key identifier: A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/3ooXVVLaxpn35kqYTkRMjEWcFK0.roa
Signing time:             Tue 20 Feb 2024 14:59:00 +0000
ROA not before:           Tue 20 Feb 2024 14:59:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38846
IP address blocks:        2a13:aac4:f020::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:06:fb:73:82:4f:00:26:8d:52:61:d2:a4:c6:57:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
        Validity
            Not Before: Feb 20 14:59:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de8a175552dac699f7e64a984e444c8c459c14ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:54:5b:c6:f4:6f:7d:f5:88:01:c9:c9:39:24:
                    c4:20:f6:9f:1e:d1:e7:a8:11:a0:2e:35:21:85:e6:
                    62:24:1e:af:ad:a6:88:9c:31:d8:b3:1c:f2:74:f7:
                    7d:3d:9c:fd:84:bc:b3:6c:f1:ec:0d:12:69:57:0d:
                    9a:6d:32:59:18:ae:dc:f9:4a:54:a7:a4:ee:7a:23:
                    1d:f2:b6:2f:6a:8d:5e:a1:00:ca:2f:b8:27:7a:42:
                    c4:8e:8e:47:a1:c9:95:af:f0:1c:2a:a1:5d:17:9d:
                    64:f0:d7:1b:b4:ac:b8:07:b9:1f:03:c8:16:6f:dd:
                    f8:b6:e2:63:45:e1:28:38:29:a3:b2:8b:37:0c:d2:
                    c5:bf:45:43:b2:6f:16:95:a5:53:0a:2e:19:f0:43:
                    23:86:aa:d6:0f:80:c9:36:e4:0d:09:24:e8:e7:6b:
                    ad:76:e8:64:67:92:94:c7:bb:e3:8e:94:c3:5f:cb:
                    b1:59:e2:c5:f2:b9:2d:ed:89:e8:8e:0d:f5:4d:68:
                    83:31:3d:d4:f0:00:66:06:9f:0a:a2:6d:d3:e0:e6:
                    83:c7:0b:a6:50:30:a1:8e:30:8b:24:6a:09:3d:b1:
                    2f:1c:44:12:f1:53:94:c2:6d:44:44:95:ad:56:29:
                    b2:0e:6f:62:e3:12:8f:8e:b3:0c:57:86:12:e4:63:
                    9f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:8A:17:55:52:DA:C6:99:F7:E6:4A:98:4E:44:4C:8C:45:9C:14:AD
            X509v3 Authority Key Identifier:
                keyid:A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/3ooXVVLaxpn35kqYTkRMjEWcFK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:aac4:f020::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:3b:fe:fb:eb:d3:24:61:18:3e:5c:11:9c:ab:dc:22:37:74:
         e9:26:96:2c:cf:f6:0f:fa:be:74:6e:6d:36:bd:09:64:8d:22:
         04:20:a7:e4:b8:70:bb:7c:d0:c2:ed:cd:cb:84:d7:df:c8:e3:
         b0:3b:7c:e4:18:1d:52:45:0c:2b:5c:8d:2b:d4:f5:1a:c9:f4:
         79:86:bf:18:68:dc:9c:76:f3:bf:24:28:34:23:e9:3a:cb:f0:
         c2:78:b4:96:75:cb:91:09:6f:ec:14:35:8e:22:65:43:80:d2:
         d4:77:82:1c:54:6a:74:32:9f:72:88:2b:ba:b6:b6:ee:b2:35:
         95:aa:04:4c:8f:ea:5e:bc:37:76:05:cf:07:f5:77:df:6f:78:
         87:04:ca:96:70:52:88:bb:11:ad:4e:19:c0:1e:be:a2:11:c1:
         56:ac:eb:72:00:26:72:60:89:1c:36:2a:35:4e:48:f9:f4:8d:
         63:e9:9f:7a:14:2a:be:3d:f2:b2:cd:e2:a1:ca:d2:46:c1:06:
         d2:c7:a8:da:81:f0:2f:36:f9:35:78:e3:f1:84:38:7a:9a:50:
         a8:f8:2b:bb:19:98:5b:af:3f:f0:83:28:19:eb:33:e5:05:b4:
         4d:22:7f:b7:90:14:ba:c9:3b:80:73:cb:ba:3c:24:e9:88:fe:
         e9:69:f1:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3HBvtzgk8AJo1SYdKkxlfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjRjY2RkNzBmM2VjNzYyY2JkNjVlMDRkZDZmNzZiZTIz
NmE4YTcwHhcNMjQwMjIwMTQ1OTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThhMTc1NTUyZGFjNjk5ZjdlNjRhOTg0ZTQ0NGM4YzQ1OWMxNGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlRbxvRvffWIAcnJOSTEIPafHtHn
qBGgLjUhheZiJB6vraaInDHYsxzydPd9PZz9hLyzbPHsDRJpVw2abTJZGK7c+UpU
p6TueiMd8rYvao1eoQDKL7gnekLEjo5HocmVr/AcKqFdF51k8NcbtKy4B7kfA8gW
b934tuJjReEoOCmjsos3DNLFv0VDsm8WlaVTCi4Z8EMjhqrWD4DJNuQNCSTo52ut
duhkZ5KUx7vjjpTDX8uxWeLF8rkt7Ynojg31TWiDMT3U8ABmBp8Kom3T4OaDxwum
UDChjjCLJGoJPbEvHEQS8VOUwm1ERJWtVimyDm9i4xKPjrMMV4YS5GOfUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN6KF1VS2saZ9+ZKmE5ETIxFnBStMB8GA1UdIwQY
MBaAFKEkzN1w8+x2LL1l4E3W92viNqinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEt
N2IzNTM5N2FmMmY3LzEvM29vWFZWTGF4cG4zNWtxWVRrUk1qRVdjRkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEtN2IzNTM5N2FmMmY3
LzEvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhOqxPAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAlO/7769MkYRg+XBGcq9wiN3TpJpYsz/YP+r50
bm02vQlkjSIEIKfkuHC7fNDC7c3LhNffyOOwO3zkGB1SRQwrXI0r1PUayfR5hr8Y
aNycdvO/JCg0I+k6y/DCeLSWdcuRCW/sFDWOImVDgNLUd4IcVGp0Mp9yiCu6trbu
sjWVqgRMj+pevDd2Bc8H9Xffb3iHBMqWcFKIuxGtThnAHr6iEcFWrOtyACZyYIkc
Nio1Tkj59I1j6Z96FCq+PfKyzeKhytJGwQbSx6jagfAvNvk1eOPxhDh6mlCo+Cu7
GZhbrz/wgygZ6zPlBbRNIn+3kBS6yTuAc8u6PCTpiP7pafEa
-----END CERTIFICATE-----