Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2e881a-8141-44a0-8f3c-cb7c9ecc7798/1/OIUfDG33D8zRNsiHKg0maRtB7go.roa
File:                     OIUfDG33D8zRNsiHKg0maRtB7go.roa (raw, json)
Hash identifier:          y0WK9qJf7BycZeTFiSE3Yl2WWbWVxGkLJ1+lnzkijAk=
Subject key identifier:   38:85:1F:0C:6D:F7:0F:CC:D1:36:C8:87:2A:0D:26:69:1B:41:EE:0A
Certificate issuer:       /CN=d6f2e142c44d5d51bc7e42ca0710f6b64ef11091
Certificate serial:       018CC2DB4B6C884EFD22D1B890060A3ED876
Authority key identifier: D6:F2:E1:42:C4:4D:5D:51:BC:7E:42:CA:07:10:F6:B6:4E:F1:10:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vLhQsRNXVG8fkLKBxD2tk7xEJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2e881a-8141-44a0-8f3c-cb7c9ecc7798/1/OIUfDG33D8zRNsiHKg0maRtB7go.roa
Signing time:             Mon 01 Jan 2024 02:30:00 +0000
ROA not before:           Mon 01 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33988
IP address blocks:        2a04:f500::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2e881a-8141-44a0-8f3c-cb7c9ecc7798/1/1vLhQsRNXVG8fkLKBxD2tk7xEJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2e881a-8141-44a0-8f3c-cb7c9ecc7798/1/1vLhQsRNXVG8fkLKBxD2tk7xEJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vLhQsRNXVG8fkLKBxD2tk7xEJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4b:6c:88:4e:fd:22:d1:b8:90:06:0a:3e:d8:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6f2e142c44d5d51bc7e42ca0710f6b64ef11091
        Validity
            Not Before: Jan  1 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38851f0c6df70fccd136c8872a0d26691b41ee0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8a:06:12:4b:3c:ac:1d:8b:34:04:02:f2:c4:
                    19:c0:2d:cc:4b:19:37:bc:23:80:58:92:1e:be:e1:
                    63:0a:df:c9:09:24:ee:5d:ab:78:5c:0f:c9:6c:f9:
                    a7:22:e8:79:65:a0:e3:f8:79:44:7d:96:b4:45:16:
                    30:3c:57:95:35:3e:b4:f9:d4:d4:e2:80:96:42:78:
                    c3:83:55:ea:5e:2b:3a:f1:24:68:a6:c5:b5:40:6c:
                    28:df:a9:c9:2b:7f:76:2a:cb:7f:dc:42:32:41:17:
                    bf:05:26:59:33:d0:72:a1:a5:c9:26:1a:8c:1a:b8:
                    43:c0:b0:3c:99:e3:c5:1f:e4:4a:3b:67:a0:96:7d:
                    c4:83:dc:ac:fc:82:44:eb:47:b5:23:63:0c:48:64:
                    cf:30:04:9d:a8:b9:02:d5:91:3e:b9:40:ab:97:b9:
                    2e:91:bf:b1:da:dc:81:89:71:f7:be:dc:a4:54:23:
                    bf:f5:c9:87:a5:13:a5:4e:2d:b1:37:d3:76:6e:ac:
                    fe:10:71:4d:cb:0c:db:fc:a6:29:e2:12:75:b0:84:
                    f2:e2:0d:86:12:4c:24:8e:b0:90:70:c6:06:45:f8:
                    62:42:cb:85:06:b6:2d:db:0d:65:df:06:f1:7a:f3:
                    73:da:34:e2:76:6d:c5:d6:a4:15:c0:43:59:f8:e4:
                    f3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:85:1F:0C:6D:F7:0F:CC:D1:36:C8:87:2A:0D:26:69:1B:41:EE:0A
            X509v3 Authority Key Identifier:
                keyid:D6:F2:E1:42:C4:4D:5D:51:BC:7E:42:CA:07:10:F6:B6:4E:F1:10:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vLhQsRNXVG8fkLKBxD2tk7xEJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2e881a-8141-44a0-8f3c-cb7c9ecc7798/1/OIUfDG33D8zRNsiHKg0maRtB7go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2e881a-8141-44a0-8f3c-cb7c9ecc7798/1/1vLhQsRNXVG8fkLKBxD2tk7xEJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:f500::/29

    Signature Algorithm: sha256WithRSAEncryption
         cb:c0:2f:6a:fb:81:b0:4f:66:3c:1d:8d:ef:f4:be:01:b2:55:
         10:f8:06:a0:f3:83:73:e3:af:b2:ad:04:3b:c1:2e:17:9d:3b:
         d2:5b:0d:bc:7f:97:1c:19:f0:59:bf:15:14:da:9c:17:6a:46:
         90:5c:57:78:90:d3:60:63:b6:5c:c3:13:49:43:ab:de:fc:91:
         36:da:89:64:26:3d:d7:c4:1a:7b:f4:a6:e8:fb:a2:f6:8a:21:
         ea:e7:d6:c0:70:c5:97:04:36:d3:ca:ca:63:9c:35:be:e2:0e:
         63:80:94:55:9e:97:14:86:26:fe:a5:2e:5e:7d:66:b2:6f:94:
         7a:f3:e7:7f:1f:79:bb:7b:d4:76:d7:6c:50:dd:4b:52:11:0d:
         bb:5c:35:b1:c6:b8:a0:d3:19:85:64:84:5c:0a:18:98:3e:0c:
         cf:6e:0a:68:2d:0c:c0:81:35:a7:e6:a2:32:b5:80:85:f8:c1:
         30:73:ba:e9:c8:1d:4b:1c:04:c0:74:06:70:6b:e5:a2:0e:ba:
         26:b9:01:6b:3d:1e:e1:74:43:0c:b5:b7:73:4d:27:12:71:ac:
         8c:34:f4:8b:c5:2d:58:df:fd:c8:43:bc:5e:a3:44:07:61:d1:
         6f:1d:bc:3e:68:f0:85:6c:cc:c6:0c:06:f9:f7:5a:d8:00:c6:
         75:09:b3:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC20tsiE79ItG4kAYKPth2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZjJlMTQyYzQ0ZDVkNTFiYzdlNDJjYTA3MTBmNmI2NGVm
MTEwOTEwHhcNMjQwMTAxMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODg1MWYwYzZkZjcwZmNjZDEzNmM4ODcyYTBkMjY2OTFiNDFlZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgooGEks8rB2LNAQC8sQZwC3MSxk3
vCOAWJIevuFjCt/JCSTuXat4XA/JbPmnIuh5ZaDj+HlEfZa0RRYwPFeVNT60+dTU
4oCWQnjDg1XqXis68SRopsW1QGwo36nJK392Kst/3EIyQRe/BSZZM9ByoaXJJhqM
GrhDwLA8mePFH+RKO2egln3Eg9ys/IJE60e1I2MMSGTPMASdqLkC1ZE+uUCrl7ku
kb+x2tyBiXH3vtykVCO/9cmHpROlTi2xN9N2bqz+EHFNywzb/KYp4hJ1sITy4g2G
EkwkjrCQcMYGRfhiQsuFBrYt2w1l3wbxevNz2jTidm3F1qQVwENZ+OTzZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDiFHwxt9w/M0TbIhyoNJmkbQe4KMB8GA1UdIwQY
MBaAFNby4ULETV1RvH5CygcQ9rZO8RCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZMaFFzUk5YVkc4ZmtMS0J4RDJ0azd4RUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yZTg4MWEtODE0MS00NGEwLThmM2Mt
Y2I3YzllY2M3Nzk4LzEvT0lVZkRHMzNEOHpSTnNpSEtnMG1hUnRCN2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yZTg4MWEtODE0MS00NGEwLThmM2MtY2I3YzllY2M3Nzk4
LzEvMXZMaFFzUk5YVkc4ZmtMS0J4RDJ0azd4RUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgT1ADAN
BgkqhkiG9w0BAQsFAAOCAQEAy8AvavuBsE9mPB2N7/S+AbJVEPgGoPODc+Ovsq0E
O8EuF5070lsNvH+XHBnwWb8VFNqcF2pGkFxXeJDTYGO2XMMTSUOr3vyRNtqJZCY9
18Qae/Sm6Pui9ooh6ufWwHDFlwQ208rKY5w1vuIOY4CUVZ6XFIYm/qUuXn1msm+U
evPnfx95u3vUdtdsUN1LUhENu1w1sca4oNMZhWSEXAoYmD4Mz24KaC0MwIE1p+ai
MrWAhfjBMHO66cgdSxwEwHQGcGvlog66JrkBaz0e4XRDDLW3c00nEnGsjDT0i8Ut
WN/9yEO8XqNEB2HRbx28PmjwhWzMxgwG+fda2ADGdQmzZA==
-----END CERTIFICATE-----