Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/r3Gy4wn92iIuLWmFRST98ph4FBQ.roa
File:                     r3Gy4wn92iIuLWmFRST98ph4FBQ.roa (raw, json)
Hash identifier:          XPtgB2bTCBVH2+NgaKPj81KKkDUwMcuVeUBBDW+9YYc=
Subject key identifier:   AF:71:B2:E3:09:FD:DA:22:2E:2D:69:85:45:24:FD:F2:98:78:14:14
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       018CC2DB046A94B1363379DD7B4F6779C0CB
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/r3Gy4wn92iIuLWmFRST98ph4FBQ.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39239
IP address blocks:        2a00:8860:b00::/40 maxlen: 64
                          2a00:8861:b00::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:04:6a:94:b1:36:33:79:dd:7b:4f:67:79:c0:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af71b2e309fdda222e2d69854524fdf298781414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8e:58:5c:04:c1:44:cf:4a:82:b7:0e:a2:01:
                    35:90:b3:0d:c0:12:a3:66:20:f1:b4:3a:58:28:27:
                    92:df:f1:b1:17:b8:31:d0:dd:c4:23:1a:4e:96:ab:
                    c1:91:1a:18:a9:64:2d:0e:84:d0:9e:fc:ac:88:6c:
                    2b:01:0c:4b:cd:c9:ce:3e:98:b9:df:7d:ea:9e:ce:
                    11:cf:3a:f8:b4:5c:95:a8:32:68:29:0a:1e:24:ac:
                    16:11:38:66:99:a8:c4:fd:19:69:97:03:19:ac:48:
                    cc:75:01:47:fc:09:ec:63:0b:b1:60:f2:bc:45:36:
                    a4:a4:7c:d5:83:b8:b1:12:f5:2f:f0:ea:75:da:c5:
                    d3:18:da:76:28:f3:d2:28:5d:c2:b5:94:68:1c:37:
                    b9:03:1c:d4:bf:cc:c4:eb:c0:7c:11:5a:ae:28:86:
                    ec:07:f2:6b:8c:d1:aa:42:2b:a6:96:5e:d0:79:c6:
                    8f:57:84:e5:86:ba:7b:26:b0:a6:53:5a:43:18:31:
                    36:f5:86:0e:37:76:d5:1a:f0:ba:0f:6b:a3:ac:88:
                    9e:c8:16:dd:21:ea:b1:fe:73:c5:2e:a7:f2:a4:67:
                    be:22:80:3b:58:81:19:ff:6f:75:ac:ec:04:bc:7e:
                    db:c3:bc:93:24:e4:af:f7:a5:46:85:dc:95:a7:cc:
                    95:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:71:B2:E3:09:FD:DA:22:2E:2D:69:85:45:24:FD:F2:98:78:14:14
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/r3Gy4wn92iIuLWmFRST98ph4FBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860:b00::/40
                  2a00:8861:b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:e1:de:af:98:23:e1:a2:74:98:e7:1b:95:d4:86:22:a1:7b:
         34:35:7f:7a:f0:dc:0f:e3:41:c1:71:ff:bc:1d:a1:21:05:77:
         f5:eb:ca:ca:1e:89:da:df:b2:29:37:90:83:34:5b:25:18:5c:
         59:d8:f9:e8:72:96:08:1e:5a:39:7e:ff:f6:bf:1f:f6:9c:9b:
         bf:d1:83:e1:9b:2e:29:b0:b6:02:b5:8e:05:01:a8:bc:b5:44:
         35:77:a2:94:72:a5:b1:5b:82:89:4e:e3:e2:3c:23:e1:c1:74:
         63:d3:9c:fe:53:a5:de:63:5a:e0:32:b0:8f:1b:6c:2f:3b:56:
         62:8c:b9:b6:19:49:73:87:b5:fc:3c:d2:20:07:e0:21:95:cf:
         e5:1e:47:ee:02:d9:9f:a8:3d:dd:83:40:f4:cd:c9:84:27:af:
         dc:e3:a0:ad:65:3a:26:f0:68:7a:5d:07:43:6f:82:5a:9b:28:
         e6:c8:83:c4:26:b7:c4:e3:4f:2f:e3:81:8a:86:f7:bf:cf:a8:
         a5:dc:c2:63:be:49:01:00:b6:e3:55:cf:6d:09:91:e1:08:d2:
         e7:c8:99:79:4e:3d:fa:b1:49:bd:19:5f:16:28:ce:4d:58:b6:
         00:92:55:ae:cc:2f:5b:2f:71:b3:2a:e3:41:1b:26:b6:ab:22:
         5c:9c:39:90
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzC2wRqlLE2M3nde09necDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjcxYjJlMzA5ZmRkYTIyMmUyZDY5ODU0NTI0ZmRmMjk4NzgxNDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo5YXATBRM9KgrcOogE1kLMNwBKj
ZiDxtDpYKCeS3/GxF7gx0N3EIxpOlqvBkRoYqWQtDoTQnvysiGwrAQxLzcnOPpi5
333qns4Rzzr4tFyVqDJoKQoeJKwWEThmmajE/RlplwMZrEjMdQFH/AnsYwuxYPK8
RTakpHzVg7ixEvUv8Op12sXTGNp2KPPSKF3CtZRoHDe5AxzUv8zE68B8EVquKIbs
B/JrjNGqQiumll7QecaPV4Tlhrp7JrCmU1pDGDE29YYON3bVGvC6D2ujrIieyBbd
Ieqx/nPFLqfypGe+IoA7WIEZ/291rOwEvH7bw7yTJOSv96VGhdyVp8yVGwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFK9xsuMJ/doiLi1phUUk/fKYeBQUMB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvcjNHeTR3bjkyaUl1TFdtRlJTVDk4cGg0RkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgCIYAsD
BgAqAIhhCzANBgkqhkiG9w0BAQsFAAOCAQEAhOHer5gj4aJ0mOcbldSGIqF7NDV/
evDcD+NBwXH/vB2hIQV39evKyh6J2t+yKTeQgzRbJRhcWdj56HKWCB5aOX7/9r8f
9pybv9GD4ZsuKbC2ArWOBQGovLVENXeilHKlsVuCiU7j4jwj4cF0Y9Oc/lOl3mNa
4DKwjxtsLztWYoy5thlJc4e1/DzSIAfgIZXP5R5H7gLZn6g93YNA9M3JhCev3OOg
rWU6JvBoel0HQ2+CWpso5siDxCa3xONPL+OBiob3v8+opdzCY75JAQC241XPbQmR
4QjS58iZeU49+rFJvRlfFijOTVi2AJJVrswvWy9xsyrjQRsmtqsiXJw5kA==
-----END CERTIFICATE-----