Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/somf2MEdk4WC7d2Lke415mkyIog.roa
File:                     somf2MEdk4WC7d2Lke415mkyIog.roa (raw, json)
Hash identifier:          eXCtaed9S0OHHEeDrs0crR1KqAF3HD7TCyy4cWsSCFk=
Subject key identifier:   B2:89:9F:D8:C1:1D:93:85:82:ED:DD:8B:91:EE:35:E6:69:32:22:88
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       018CC2DB07CD1355423865EFFF1C4BF75D3F
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/somf2MEdk4WC7d2Lke415mkyIog.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209485
IP address blocks:        2a00:8860:900::/40 maxlen: 64
                          2a00:8861:900::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:cd:13:55:42:38:65:ef:ff:1c:4b:f7:5d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2899fd8c11d938582eddd8b91ee35e669322288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:db:5c:d9:39:92:c4:65:63:81:d2:19:23:bc:
                    40:ae:76:00:e7:3e:21:68:10:5b:94:80:5d:f4:e8:
                    e7:60:1b:23:77:3a:d9:0f:02:4d:46:48:04:e6:96:
                    d0:41:68:e2:b6:6f:fe:2e:63:88:5b:8d:c8:c9:8a:
                    92:ce:ab:95:47:2f:7f:fb:73:e1:88:82:19:7f:fe:
                    73:d4:df:91:95:c0:61:2a:de:2b:97:a8:0f:16:5c:
                    d1:4d:5a:fa:04:97:54:64:74:19:8b:31:0f:ea:5a:
                    d5:c3:38:17:77:3d:fe:5e:b9:c0:f5:3e:be:54:83:
                    ed:29:a5:26:ab:35:f9:f4:fa:aa:50:b0:76:b8:d6:
                    da:43:26:51:db:f3:e8:ae:45:3f:63:6b:e1:f1:cb:
                    83:99:5f:fd:2c:7f:92:b1:0e:bd:2e:97:6c:ee:65:
                    c7:1d:77:c6:71:8b:a6:8d:5e:87:70:5e:87:3c:79:
                    f1:f9:f1:e6:2b:42:da:4e:07:91:26:81:27:5a:6d:
                    ec:6c:ef:7f:bf:d5:ba:8a:f9:6f:4c:ac:50:f1:cc:
                    21:71:ec:02:c0:f7:1f:55:87:42:54:0f:b3:a2:d6:
                    82:df:04:55:21:bb:8e:cd:46:dc:3e:26:1a:88:b6:
                    f4:b8:3d:58:90:93:b7:30:b1:f2:5e:4a:38:b5:4d:
                    a6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:89:9F:D8:C1:1D:93:85:82:ED:DD:8B:91:EE:35:E6:69:32:22:88
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/somf2MEdk4WC7d2Lke415mkyIog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860:900::/40
                  2a00:8861:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         08:9c:64:a4:dc:65:2a:24:d6:5b:9f:ce:3d:fb:ab:36:ce:9d:
         ef:65:a6:f7:0d:85:e3:c6:1a:39:89:ad:61:07:a1:70:73:ca:
         df:20:f3:5a:fc:6f:e6:f4:de:69:04:25:33:9b:6c:86:7e:11:
         d2:e3:09:0d:36:a4:c9:cc:0d:38:a5:db:d3:49:46:b5:79:37:
         ab:b8:0a:58:bc:e7:02:75:89:8c:a1:dc:2d:d0:a7:18:25:bc:
         bf:ce:a4:b2:ca:f1:7b:aa:81:a8:9c:47:ef:17:11:14:5e:84:
         f4:4c:ea:fb:aa:49:95:fe:94:5e:1b:e6:4d:53:bf:3b:50:10:
         57:51:9a:1d:45:b7:04:d4:2c:ca:46:df:cd:e2:09:bd:a2:12:
         5f:2e:49:d7:7f:03:0c:6f:ac:64:eb:02:2d:b3:70:17:e6:d6:
         60:bc:41:74:b1:21:5c:85:1a:fa:23:43:4f:a4:22:e8:46:a9:
         12:39:a6:22:04:35:a4:4f:58:09:8b:2e:73:54:ba:68:f8:c5:
         1f:0e:80:68:e1:f0:e1:55:6b:2a:d4:70:91:fa:a6:23:bc:4c:
         2d:ca:da:a9:60:ed:49:76:bc:a1:70:5d:e1:2e:09:ae:8a:d5:
         07:f9:ec:04:06:86:95:9f:6b:22:66:09:36:f7:39:5c:d7:67:
         da:06:a5:80
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzC2wfNE1VCOGXv/xxL910/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjg5OWZkOGMxMWQ5Mzg1ODJlZGRkOGI5MWVlMzVlNjY5MzIyMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ttc2TmSxGVjgdIZI7xArnYA5z4h
aBBblIBd9OjnYBsjdzrZDwJNRkgE5pbQQWjitm/+LmOIW43IyYqSzquVRy9/+3Ph
iIIZf/5z1N+RlcBhKt4rl6gPFlzRTVr6BJdUZHQZizEP6lrVwzgXdz3+XrnA9T6+
VIPtKaUmqzX59PqqULB2uNbaQyZR2/PorkU/Y2vh8cuDmV/9LH+SsQ69Lpds7mXH
HXfGcYumjV6HcF6HPHnx+fHmK0LaTgeRJoEnWm3sbO9/v9W6ivlvTKxQ8cwhcewC
wPcfVYdCVA+zotaC3wRVIbuOzUbcPiYaiLb0uD1YkJO3MLHyXko4tU2mewIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFLKJn9jBHZOFgu3di5HuNeZpMiKIMB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvc29tZjJNRWRrNFdDN2QyTGtlNDE1bWt5SW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgCIYAkD
BgAqAIhhCTANBgkqhkiG9w0BAQsFAAOCAQEACJxkpNxlKiTWW5/OPfurNs6d72Wm
9w2F48YaOYmtYQehcHPK3yDzWvxv5vTeaQQlM5tshn4R0uMJDTakycwNOKXb00lG
tXk3q7gKWLznAnWJjKHcLdCnGCW8v86kssrxe6qBqJxH7xcRFF6E9Ezq+6pJlf6U
XhvmTVO/O1AQV1GaHUW3BNQsykbfzeIJvaISXy5J138DDG+sZOsCLbNwF+bWYLxB
dLEhXIUa+iNDT6Qi6EapEjmmIgQ1pE9YCYsuc1S6aPjFHw6AaOHw4VVrKtRwkfqm
I7xMLcraqWDtSXa8oXBd4S4JrorVB/nsBAaGlZ9rImYJNvc5XNdn2galgA==
-----END CERTIFICATE-----