Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/sLMQOTgw6SPhburE63WoUY1c5Ew.roa
File:                     sLMQOTgw6SPhburE63WoUY1c5Ew.roa (raw, json)
Hash identifier:          5bMThNgvoPfq7tvfVDiOPkA7In8Zy3dY8BYZ429DBaw=
Subject key identifier:   B0:B3:10:39:38:30:E9:23:E1:6E:EA:C4:EB:75:A8:51:8D:5C:E4:4C
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       018CC2DB078C3007C6A594EC2D5B65A75E5B
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/sLMQOTgw6SPhburE63WoUY1c5Ew.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208136
IP address blocks:        2a00:8860:d00::/40 maxlen: 64
                          2a00:8861:d00::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:8c:30:07:c6:a5:94:ec:2d:5b:65:a7:5e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0b310393830e923e16eeac4eb75a8518d5ce44c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4f:8b:82:3a:a8:60:4e:c7:7a:c6:00:7b:84:
                    42:b7:bb:9d:47:ee:ec:0f:92:b5:8e:30:d2:5e:a7:
                    84:bf:8e:ea:79:f7:0b:43:5e:33:51:0f:9e:d4:a4:
                    3f:71:e3:ff:25:94:d9:32:04:dd:21:c3:e6:46:e6:
                    68:5c:99:1f:7f:33:47:0a:d5:5d:17:96:ab:f1:e2:
                    d8:10:ec:9c:f5:14:7e:82:92:6d:74:3f:2c:90:05:
                    b5:0f:6e:f6:e2:8d:4d:39:0a:ab:96:e5:ff:ea:b6:
                    7e:ce:7c:0f:91:16:ed:6e:1f:61:23:20:c1:31:db:
                    7b:8e:4e:04:74:31:b2:a4:10:53:18:1a:ef:ee:ea:
                    6e:fd:93:66:48:b6:ea:19:97:ca:1b:4d:1e:ea:60:
                    3d:7c:03:61:4e:d5:c8:b5:fc:8c:4b:6b:6b:a4:8a:
                    99:96:5e:d3:97:2e:76:7d:62:9f:4b:5a:e7:2c:94:
                    0a:ef:d0:66:54:30:ec:23:b5:51:fd:72:93:10:53:
                    17:d7:3f:02:0f:53:89:19:d5:20:a4:75:5b:d2:71:
                    db:32:19:1a:89:2a:4d:d0:8d:c1:bf:7f:ef:51:77:
                    1b:dd:11:35:70:47:86:c8:e1:bd:72:7c:25:cf:f6:
                    19:11:17:0c:de:df:85:e2:2b:8a:78:87:6e:30:d1:
                    94:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B3:10:39:38:30:E9:23:E1:6E:EA:C4:EB:75:A8:51:8D:5C:E4:4C
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/sLMQOTgw6SPhburE63WoUY1c5Ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860:d00::/40
                  2a00:8861:d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:2a:53:04:28:09:00:ea:12:72:82:52:ec:bd:0b:18:df:a2:
         2e:08:15:a8:4d:f7:76:8b:77:4d:3f:55:32:b0:7b:fa:94:e4:
         ce:ea:d2:7c:ef:f7:e7:6c:17:8b:1d:10:46:cb:98:29:49:80:
         5e:8a:87:14:d3:35:2e:f1:e7:17:22:5e:3c:5f:62:84:fe:60:
         c5:85:69:ed:5b:a4:10:c9:00:0a:24:a4:37:3c:3f:3c:60:1e:
         fb:f1:32:de:1d:cc:f3:cb:65:e3:b1:b9:2f:0f:f3:61:87:2a:
         b7:28:ba:cf:e8:f8:84:29:c9:6b:bb:ac:75:93:42:16:04:8f:
         2b:79:e1:60:d6:ee:5e:82:e3:48:24:14:b0:51:3b:c7:ec:e2:
         34:8c:c0:cf:f8:db:73:3d:ad:39:31:c6:65:56:7c:95:8d:ea:
         8e:a6:48:18:bf:01:75:7e:73:6c:46:05:20:85:68:a8:ec:fe:
         05:5a:29:5f:66:39:ed:ca:a1:99:46:d6:2f:c3:0b:2b:ab:c4:
         87:49:da:e0:c1:81:47:45:ff:fc:e7:12:8d:e0:47:59:19:2e:
         17:65:6e:15:f7:07:ee:f4:ac:65:b8:9d:6d:9a:2c:1e:81:0f:
         52:67:26:a2:90:40:b9:80:3a:c2:f9:5d:fb:45:00:7f:2e:8c:
         0b:bf:91:14
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzC2weMMAfGpZTsLVtlp15bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGIzMTAzOTM4MzBlOTIzZTE2ZWVhYzRlYjc1YTg1MThkNWNlNDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlk+LgjqoYE7HesYAe4RCt7udR+7s
D5K1jjDSXqeEv47qefcLQ14zUQ+e1KQ/ceP/JZTZMgTdIcPmRuZoXJkffzNHCtVd
F5ar8eLYEOyc9RR+gpJtdD8skAW1D2724o1NOQqrluX/6rZ+znwPkRbtbh9hIyDB
Mdt7jk4EdDGypBBTGBrv7upu/ZNmSLbqGZfKG00e6mA9fANhTtXItfyMS2trpIqZ
ll7Tly52fWKfS1rnLJQK79BmVDDsI7VR/XKTEFMX1z8CD1OJGdUgpHVb0nHbMhka
iSpN0I3Bv3/vUXcb3RE1cEeGyOG9cnwlz/YZERcM3t+F4iuKeIduMNGUnwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFLCzEDk4MOkj4W7qxOt1qFGNXORMMB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvc0xNUU9UZ3c2U1BoYnVyRTYzV29VWTFjNUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgCIYA0D
BgAqAIhhDTANBgkqhkiG9w0BAQsFAAOCAQEAaCpTBCgJAOoScoJS7L0LGN+iLggV
qE33dot3TT9VMrB7+pTkzurSfO/352wXix0QRsuYKUmAXoqHFNM1LvHnFyJePF9i
hP5gxYVp7VukEMkACiSkNzw/PGAe+/Ey3h3M88tl47G5Lw/zYYcqtyi6z+j4hCnJ
a7usdZNCFgSPK3nhYNbuXoLjSCQUsFE7x+ziNIzAz/jbcz2tOTHGZVZ8lY3qjqZI
GL8BdX5zbEYFIIVoqOz+BVopX2Y57cqhmUbWL8MLK6vEh0na4MGBR0X//OcSjeBH
WRkuF2VuFfcH7vSsZbidbZosHoEPUmcmopBAuYA6wvld+0UAfy6MC7+RFA==
-----END CERTIFICATE-----