Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/8oa6DRcWr716TgCPoCc8293vwVY.roa
File:                     8oa6DRcWr716TgCPoCc8293vwVY.roa (raw, json)
Hash identifier:          xNJRA8j2Zl2UdoHsF3zJkryMDjT4S2pqafwfYDyMtb0=
Subject key identifier:   F2:86:BA:0D:17:16:AF:BD:7A:4E:00:8F:A0:27:3C:DB:DD:EF:C1:56
Certificate issuer:       /CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Certificate serial:       018CC94D72584DFD410F4EFB321E501F733E
Authority key identifier: E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/8oa6DRcWr716TgCPoCc8293vwVY.roa
Signing time:             Tue 02 Jan 2024 08:32:25 +0000
ROA not before:           Tue 02 Jan 2024 08:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3261
IP address blocks:        2a02:300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:72:58:4d:fd:41:0f:4e:fb:32:1e:50:1f:73:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
        Validity
            Not Before: Jan  2 08:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f286ba0d1716afbd7a4e008fa0273cdbddefc156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:24:85:dc:87:0d:26:99:ed:cb:7f:5c:99:ea:
                    e5:ce:a8:85:d2:d7:53:f9:8e:1f:31:85:51:a1:c4:
                    92:3b:21:19:2a:7b:eb:25:01:89:df:d3:c9:f5:5b:
                    d4:c7:3b:d8:74:4c:ba:25:52:49:95:69:81:6a:f0:
                    3a:94:8d:fd:f8:8e:42:59:91:08:33:d9:27:95:21:
                    45:73:6b:1d:0f:ec:35:8a:b2:a8:d3:07:95:42:e6:
                    9f:a3:0f:13:8e:73:6f:63:21:4a:9b:7e:39:1c:41:
                    6c:97:c7:5f:32:07:74:ce:4a:5b:2d:76:be:33:d0:
                    40:29:ee:5e:96:36:f5:f0:a3:f1:4b:d6:80:15:5c:
                    34:40:f8:b6:da:69:11:9f:26:81:11:75:9b:81:ad:
                    a0:e7:f0:63:05:63:64:2b:f8:70:9a:c5:25:79:e7:
                    bd:8a:5a:4c:5f:41:57:8a:4c:08:2b:10:a7:f0:3b:
                    89:a0:74:ef:82:bc:78:70:83:40:82:c0:8e:46:38:
                    41:8d:68:ad:6b:2c:31:00:53:62:b3:04:6c:72:4f:
                    79:9b:49:6c:b4:40:7d:24:97:59:90:89:1e:88:9e:
                    6d:7e:69:d5:11:db:a3:fc:d9:5e:83:77:8e:ff:a1:
                    c0:64:da:1c:37:37:d4:65:62:c0:d1:66:49:61:d2:
                    77:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:86:BA:0D:17:16:AF:BD:7A:4E:00:8F:A0:27:3C:DB:DD:EF:C1:56
            X509v3 Authority Key Identifier:
                keyid:E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/8oa6DRcWr716TgCPoCc8293vwVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:300::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:2e:6c:ad:76:af:b2:31:0b:e0:34:06:bf:4e:89:5c:a8:b9:
         81:fa:c0:50:a6:5b:b8:7a:ed:fa:6d:7e:99:96:3f:1b:ca:78:
         cb:25:b0:c9:e4:46:38:c7:57:b7:84:00:5a:50:e0:f8:19:e8:
         cd:3f:26:3f:0d:c7:d1:92:34:1e:8b:68:83:d8:df:07:a8:77:
         8c:ab:c4:41:d5:d9:84:c3:1b:a8:b2:8b:4b:df:68:ec:bb:a6:
         3d:6f:26:86:44:a9:f0:db:5a:9c:23:55:bd:89:f4:83:88:5e:
         60:ce:b0:ef:0a:f6:27:f7:22:3d:e5:8d:cf:f2:e5:a3:62:32:
         85:0a:c0:f3:07:3f:3b:6a:d7:c2:91:e4:81:9d:b7:5a:4e:b7:
         3a:26:f3:db:c3:53:00:2a:16:c0:d6:55:21:b1:bd:0b:aa:08:
         4a:a3:3a:88:0d:2a:d0:bb:67:d3:c0:99:dc:c3:a4:2e:17:4b:
         6e:ed:3e:05:3e:05:44:f7:15:e3:26:eb:7e:39:7e:86:17:e1:
         df:2d:ae:36:d2:9a:6e:07:d0:6f:75:82:39:dd:c7:5c:15:42:
         04:9f:f6:80:4f:14:2f:25:30:3b:d6:eb:95:35:f7:c3:49:a2:
         32:74:00:74:22:2a:62:5d:0e:c9:cb:0a:e6:88:47:93:23:0f:
         77:98:db:7b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTXJYTf1BD077Mh5QH3M+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDc5OWFlMGVmZGQ5ODZkZGU3N2ZiMzVhZDBhMTA4MjNj
Yjk3MmYwHhcNMjQwMTAyMDgzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjg2YmEwZDE3MTZhZmJkN2E0ZTAwOGZhMDI3M2NkYmRkZWZjMTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiSF3IcNJpnty39cmerlzqiF0tdT
+Y4fMYVRocSSOyEZKnvrJQGJ39PJ9VvUxzvYdEy6JVJJlWmBavA6lI39+I5CWZEI
M9knlSFFc2sdD+w1irKo0weVQuafow8TjnNvYyFKm345HEFsl8dfMgd0zkpbLXa+
M9BAKe5eljb18KPxS9aAFVw0QPi22mkRnyaBEXWbga2g5/BjBWNkK/hwmsUleee9
ilpMX0FXikwIKxCn8DuJoHTvgrx4cINAgsCORjhBjWitaywxAFNiswRsck95m0ls
tEB9JJdZkIkeiJ5tfmnVEduj/Nleg3eO/6HAZNocNzfUZWLA0WZJYdJ3dQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPKGug0XFq+9ek4Aj6AnPNvd78FWMB8GA1UdIwQY
MBaAFOfXma4O/dmG3ed/s1rQoQgjy5cvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMt
Mjg3OTM3OTQwZDdiLzEvOG9hNkRSY1dyNzE2VGdDUG9DYzgyOTN2d1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMtMjg3OTM3OTQwZDdi
LzEvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIDADAN
BgkqhkiG9w0BAQsFAAOCAQEAdi5srXavsjEL4DQGv06JXKi5gfrAUKZbuHrt+m1+
mZY/G8p4yyWwyeRGOMdXt4QAWlDg+BnozT8mPw3H0ZI0Hotog9jfB6h3jKvEQdXZ
hMMbqLKLS99o7LumPW8mhkSp8NtanCNVvYn0g4heYM6w7wr2J/ciPeWNz/Llo2Iy
hQrA8wc/O2rXwpHkgZ23Wk63Oibz28NTACoWwNZVIbG9C6oISqM6iA0q0Ltn08CZ
3MOkLhdLbu0+BT4FRPcV4ybrfjl+hhfh3y2uNtKabgfQb3WCOd3HXBVCBJ/2gE8U
LyUwO9brlTX3w0miMnQAdCIqYl0OycsK5ohHkyMPd5jbew==
-----END CERTIFICATE-----