Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Oj4XcVku_Ff7oD0kZJrjmLqqM5I.roa
File:                     Oj4XcVku_Ff7oD0kZJrjmLqqM5I.roa (raw, json)
Hash identifier:          PP398bMTuF6X4DZHk/ah0x9pcnNqKfSlr2ssfgHD6oU=
Subject key identifier:   3A:3E:17:71:59:2E:FC:57:FB:A0:3D:24:64:9A:E3:98:BA:AA:33:92
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       018CC726FB3FEE15B8E92096981022BFD059
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Oj4XcVku_Ff7oD0kZJrjmLqqM5I.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204318
IP address blocks:        2a13:4c00::/34 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fb:3f:ee:15:b8:e9:20:96:98:10:22:bf:d0:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a3e1771592efc57fba03d24649ae398baaa3392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:19:ea:38:f5:a7:5d:64:d0:f3:26:cf:51:c8:
                    36:d3:21:d9:39:ee:63:76:9c:a0:c0:d1:50:3e:25:
                    4f:ec:c9:07:f3:34:6f:04:c7:c4:96:48:40:bc:d9:
                    f4:c1:e3:60:46:29:6c:75:47:8d:45:b5:b2:72:93:
                    24:7e:15:61:f0:fd:ae:21:ba:e2:c1:c2:6f:7e:5c:
                    08:4c:30:00:3b:47:51:05:8e:7c:f3:74:69:09:20:
                    67:27:6f:a8:40:25:4a:42:a2:fa:97:2f:59:0d:f4:
                    a6:54:3a:59:ba:31:c2:65:a5:2f:5f:fe:66:ca:5b:
                    22:d6:e4:37:66:38:cb:43:fc:d2:d9:d1:8d:6e:8f:
                    5c:87:4b:20:e8:6c:fb:a5:a5:11:08:05:f3:d2:52:
                    6b:d3:66:5d:11:a6:1e:35:1f:a8:15:fb:1a:76:a5:
                    f0:95:b2:99:0d:ce:87:aa:84:2b:f7:6f:be:bd:a8:
                    3e:3d:9d:75:d5:29:58:78:1c:f0:68:e9:b8:00:c9:
                    d9:e7:80:56:28:62:2a:58:ee:8f:ac:eb:2b:01:0d:
                    1b:8a:36:9b:b8:b9:cb:2a:c7:81:53:28:f9:3e:18:
                    b4:d6:62:82:c1:63:72:c9:20:fb:d9:70:6a:51:3a:
                    bf:9d:08:c8:a1:88:55:87:2f:12:3b:1d:95:d3:bf:
                    14:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:3E:17:71:59:2E:FC:57:FB:A0:3D:24:64:9A:E3:98:BA:AA:33:92
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Oj4XcVku_Ff7oD0kZJrjmLqqM5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4c00::/34

    Signature Algorithm: sha256WithRSAEncryption
         11:b8:24:88:41:36:8b:8e:17:c8:1d:57:96:22:44:cd:a1:7c:
         33:b8:95:43:98:80:8e:8c:7f:17:09:44:b1:8a:84:d6:d3:6a:
         2c:ec:35:1f:a2:03:1c:64:fd:dd:9a:b5:84:c7:d7:27:e1:87:
         67:41:3b:7d:90:b3:ec:b4:6e:ed:4c:ac:7a:f9:47:bd:26:86:
         de:90:64:b2:e3:bf:24:61:f1:6b:55:12:1a:08:f4:bf:60:65:
         a9:74:a6:6e:87:53:81:5f:cb:7a:f8:14:5a:42:ab:5f:c2:64:
         41:6a:38:32:a7:63:f0:fd:3e:83:d8:f8:00:df:1e:e2:a2:82:
         f4:13:71:6f:cf:87:93:c2:b6:cf:a2:cc:bc:da:c6:f1:2e:9a:
         2a:5e:bf:71:94:18:d5:6d:1f:94:a0:a9:75:b9:17:89:bc:3f:
         a0:45:78:b0:4f:e4:87:d0:16:39:52:81:6b:85:6b:dd:08:d1:
         80:93:aa:80:00:0a:a1:06:33:73:43:83:96:c4:25:9f:5b:2f:
         1f:d7:94:36:64:da:69:e0:b8:5f:21:78:96:21:c7:69:a5:cc:
         83:ed:8a:62:db:bb:19:b3:14:b0:70:b0:8e:11:ef:3f:36:fb:
         db:c0:88:ec:d8:4a:73:6c:e6:ae:f8:1d:45:a5:8e:c4:64:32:
         86:43:22:db
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJvs/7hW46SCWmBAiv9BZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTNlMTc3MTU5MmVmYzU3ZmJhMDNkMjQ2NDlhZTM5OGJhYWEzMzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxnqOPWnXWTQ8ybPUcg20yHZOe5j
dpygwNFQPiVP7MkH8zRvBMfElkhAvNn0weNgRilsdUeNRbWycpMkfhVh8P2uIbri
wcJvflwITDAAO0dRBY5883RpCSBnJ2+oQCVKQqL6ly9ZDfSmVDpZujHCZaUvX/5m
ylsi1uQ3ZjjLQ/zS2dGNbo9ch0sg6Gz7paURCAXz0lJr02ZdEaYeNR+oFfsadqXw
lbKZDc6HqoQr92++vag+PZ111SlYeBzwaOm4AMnZ54BWKGIqWO6PrOsrAQ0bijab
uLnLKseBUyj5Phi01mKCwWNyySD72XBqUTq/nQjIoYhVhy8SOx2V078UgwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDo+F3FZLvxX+6A9JGSa45i6qjOSMB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvT2o0WGNWa3VfRmY3b0Qwa1pKcmptTHFxTTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKhNMAAAw
DQYJKoZIhvcNAQELBQADggEBABG4JIhBNouOF8gdV5YiRM2hfDO4lUOYgI6MfxcJ
RLGKhNbTaizsNR+iAxxk/d2atYTH1yfhh2dBO32Qs+y0bu1MrHr5R70mht6QZLLj
vyRh8WtVEhoI9L9gZal0pm6HU4Ffy3r4FFpCq1/CZEFqODKnY/D9PoPY+ADfHuKi
gvQTcW/Ph5PCts+izLzaxvEumipev3GUGNVtH5SgqXW5F4m8P6BFeLBP5IfQFjlS
gWuFa90I0YCTqoAACqEGM3NDg5bEJZ9bLx/XlDZk2mnguF8heJYhx2mlzIPtimLb
uxmzFLBwsI4R7z82+9vAiOzYSnNs5q74HUWljsRkMoZDIts=
-----END CERTIFICATE-----