Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Oo-ia2DcJ-5-97CkOHWnzzBlNO8.roa
File:                     Oo-ia2DcJ-5-97CkOHWnzzBlNO8.roa (raw, json)
Hash identifier:          wNbjX2/w8DIXe4JJ0zdUZJeqdAuDLnH7LhKs7Qk7pls=
Subject key identifier:   3A:8F:A2:6B:60:DC:27:EE:7E:F7:B0:A4:38:75:A7:CF:30:65:34:EF
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       018CC7261BBC7B8D6F23A9C9B8D8859E0B18
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Oo-ia2DcJ-5-97CkOHWnzzBlNO8.roa
Signing time:             Mon 01 Jan 2024 22:30:12 +0000
ROA not before:           Mon 01 Jan 2024 22:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198149
IP address blocks:        2a13:1c47:caf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:1b:bc:7b:8d:6f:23:a9:c9:b8:d8:85:9e:0b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Jan  1 22:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a8fa26b60dc27ee7ef7b0a43875a7cf306534ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:61:e2:6f:2c:09:d2:28:68:7b:46:5c:22:33:
                    af:38:b9:98:4f:6a:1f:34:83:b0:a3:c5:91:98:2c:
                    d1:fa:0d:a8:88:52:d8:2c:95:9a:40:45:ef:d0:97:
                    cb:15:7e:49:3a:a3:d9:bc:ee:8f:6f:8c:b4:ba:c6:
                    c3:10:bc:29:16:08:76:ad:2f:5a:23:2c:e4:b8:99:
                    fa:3d:ec:ce:06:30:a0:e4:bc:b1:ae:f8:55:e4:2e:
                    9e:04:b9:b6:fb:86:6b:16:49:ed:1b:7e:ab:c5:5a:
                    c2:4b:08:a0:c3:41:86:49:a6:31:b0:86:71:f8:1a:
                    be:b3:8f:53:6a:b3:79:99:9a:c9:4c:12:49:8b:dc:
                    5c:8c:1e:78:19:87:3b:6f:94:b5:d5:54:f6:0a:c0:
                    d7:50:3e:38:e1:a6:ca:60:55:83:ae:86:7a:20:ee:
                    b9:bd:8f:17:a5:a7:7b:4b:d3:3a:4b:e8:21:32:6e:
                    b9:de:c3:80:2a:72:b6:38:33:5b:64:a6:18:09:0f:
                    71:00:e8:aa:94:65:fc:22:62:6b:ca:6d:c8:72:bd:
                    e1:b3:b2:f0:5c:81:58:e6:5d:fd:71:26:2a:13:ca:
                    cd:c1:2e:13:1e:59:61:19:d7:76:58:be:9b:cd:63:
                    f5:72:17:f6:30:8a:06:fd:c6:d0:08:e7:0c:8a:cf:
                    c0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:8F:A2:6B:60:DC:27:EE:7E:F7:B0:A4:38:75:A7:CF:30:65:34:EF
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Oo-ia2DcJ-5-97CkOHWnzzBlNO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c47:caf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:90:57:51:64:48:92:6c:ca:ce:93:1f:47:9c:8a:87:0c:07:
         1c:ae:a2:e2:9e:98:08:4b:4a:d4:d9:00:a9:eb:56:1b:f4:81:
         b0:0b:99:ec:19:90:ab:65:f3:f7:30:c3:5e:48:c5:46:30:db:
         9d:5c:09:07:c6:68:39:8c:96:8a:57:77:4b:d4:d5:24:f5:b0:
         2a:69:7d:9c:d4:7a:e1:16:4c:23:a4:20:f5:4f:3d:29:01:b4:
         43:07:e3:60:86:27:83:09:94:2a:0f:72:c6:00:83:73:e3:f2:
         8e:65:fd:73:6a:cc:ec:80:1d:34:74:d1:9f:1e:6a:fe:c0:30:
         75:b6:c6:d8:00:b9:0a:32:6f:af:34:86:88:9e:eb:84:a0:a5:
         39:5f:30:a3:b4:5b:e6:22:b6:46:45:ec:e9:65:78:81:af:d5:
         12:3c:0c:ee:6b:94:50:82:3d:b1:1c:eb:5a:7f:a2:78:ed:b0:
         de:35:3b:95:34:47:bd:91:b5:27:01:b2:71:a1:f8:ae:5e:77:
         6c:5b:00:ee:de:ca:fd:c5:5a:7f:c5:80:dc:8f:3d:ce:9f:f0:
         28:88:0c:25:35:ea:8d:c2:2f:70:4f:18:1e:86:2a:fd:a6:9b:
         b4:a9:ec:28:dc:7d:28:c1:b5:10:7b:5e:8c:23:fb:46:4d:f3:
         0c:d1:69:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJhu8e41vI6nJuNiFngsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjQwMTAxMjIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYThmYTI2YjYwZGMyN2VlN2VmN2IwYTQzODc1YTdjZjMwNjUzNGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2HibywJ0ihoe0ZcIjOvOLmYT2of
NIOwo8WRmCzR+g2oiFLYLJWaQEXv0JfLFX5JOqPZvO6Pb4y0usbDELwpFgh2rS9a
IyzkuJn6PezOBjCg5LyxrvhV5C6eBLm2+4ZrFkntG36rxVrCSwigw0GGSaYxsIZx
+Bq+s49TarN5mZrJTBJJi9xcjB54GYc7b5S11VT2CsDXUD444abKYFWDroZ6IO65
vY8Xpad7S9M6S+ghMm653sOAKnK2ODNbZKYYCQ9xAOiqlGX8ImJrym3Icr3hs7Lw
XIFY5l39cSYqE8rNwS4THllhGdd2WL6bzWP1chf2MIoG/cbQCOcMis/A9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDqPomtg3CfufvewpDh1p88wZTTvMB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvT28taWEyRGNKLTUtOTdDa09IV256ekJsTk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMcR8rw
MA0GCSqGSIb3DQEBCwUAA4IBAQBdkFdRZEiSbMrOkx9HnIqHDAccrqLinpgIS0rU
2QCp61Yb9IGwC5nsGZCrZfP3MMNeSMVGMNudXAkHxmg5jJaKV3dL1NUk9bAqaX2c
1HrhFkwjpCD1Tz0pAbRDB+NghieDCZQqD3LGAINz4/KOZf1zaszsgB00dNGfHmr+
wDB1tsbYALkKMm+vNIaInuuEoKU5XzCjtFvmIrZGRezpZXiBr9USPAzua5RQgj2x
HOtaf6J47bDeNTuVNEe9kbUnAbJxofiuXndsWwDu3sr9xVp/xYDcjz3On/AoiAwl
NeqNwi9wTxgehir9ppu0qewo3H0owbUQe16MI/tGTfMM0WkJ
-----END CERTIFICATE-----