Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OkoVXAVvoYZLb4EExkjBLvhlZ5M.roa
File:                     OkoVXAVvoYZLb4EExkjBLvhlZ5M.roa (raw, json)
Hash identifier:          k5oOOh+skM7Z02OPaBuk30OBigK0llFLGvujsAe5PkU=
Subject key identifier:   3A:4A:15:5C:05:6F:A1:86:4B:6F:81:04:C6:48:C1:2E:F8:65:67:93
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D35CAE5851208803D0FB8CF1A4C91
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OkoVXAVvoYZLb4EExkjBLvhlZ5M.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208680
IP address blocks:        2a0e:aa07:f0e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:35:ca:e5:85:12:08:80:3d:0f:b8:cf:1a:4c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a4a155c056fa1864b6f8104c648c12ef8656793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:51:93:46:08:c6:d1:b2:91:15:45:e9:1e:6c:
                    3d:8c:ce:e6:96:d3:5e:37:2e:35:c3:18:e6:22:ee:
                    be:03:de:5f:72:a1:cc:d5:65:1e:bc:2e:ae:12:c1:
                    9c:32:a3:5b:ca:ad:2d:7a:a4:25:54:cd:6d:26:af:
                    81:89:4f:e8:18:e2:1d:cf:79:09:1a:51:74:e9:f6:
                    c3:2e:7b:6d:aa:b8:46:bd:9b:f4:8e:7a:2a:ed:4f:
                    a4:5e:9d:a3:32:f8:c5:68:65:48:e6:c9:8d:48:26:
                    e5:f6:0f:25:e5:fd:4c:73:47:fe:bd:95:db:75:dc:
                    8b:6d:fa:d6:bf:92:f8:d1:80:d3:87:a7:ef:93:dd:
                    54:fd:bc:59:f1:d2:85:8e:7d:10:3a:22:a0:87:94:
                    45:d9:b2:2c:2e:8f:fc:bb:04:b4:02:bd:81:cf:f0:
                    7c:d6:9d:f8:0b:d4:fd:35:61:1b:75:02:03:8f:6d:
                    d9:7b:89:1f:c0:8e:35:b9:e0:fc:20:db:74:f9:63:
                    a0:15:37:04:de:1a:b3:2a:cd:61:5e:e6:4b:6a:3b:
                    75:59:96:f0:37:64:41:d5:84:c9:4d:4d:98:25:94:
                    32:cb:43:91:ff:22:63:49:9a:9d:ff:fb:19:48:92:
                    a0:36:a1:7b:2e:96:93:4b:a3:3b:b9:43:59:f8:ed:
                    83:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:4A:15:5C:05:6F:A1:86:4B:6F:81:04:C6:48:C1:2E:F8:65:67:93
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/OkoVXAVvoYZLb4EExkjBLvhlZ5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f0e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:cb:5c:6e:5a:e9:35:db:54:db:ad:69:ce:2c:13:a9:f9:e5:
         a7:28:c4:35:af:27:7d:1d:b3:65:43:4b:84:00:5d:7e:e6:dd:
         59:fa:6b:f0:66:25:50:64:c6:f5:dc:d0:68:35:80:8f:01:06:
         8e:d7:50:dc:34:61:d4:24:d3:3c:7c:13:7c:61:4d:5d:be:85:
         07:9c:9b:fe:c1:2e:85:0b:00:3f:83:ee:84:8c:eb:42:fa:8c:
         14:67:66:40:40:42:2e:e9:9d:8d:72:65:1a:5b:44:54:69:07:
         52:e9:7d:60:f3:39:8f:4b:5f:9f:14:ca:93:50:41:44:cc:b2:
         62:c8:0f:09:22:71:89:48:c6:2b:19:5a:f7:43:06:ef:76:73:
         7b:cc:3b:26:3a:ae:1b:d3:6c:33:b4:ca:1f:8f:50:93:80:91:
         3b:9d:d4:77:eb:10:53:aa:0a:4f:3f:17:0d:9f:76:48:45:02:
         04:54:28:90:96:92:d4:d1:2a:09:f3:03:dd:d6:4d:69:dc:96:
         3d:af:72:d1:b3:1d:64:d9:20:e3:fd:eb:b1:3e:5e:8c:6a:4c:
         ee:d7:70:35:fa:5c:2a:60:29:1c:1e:2e:fe:a2:55:be:af:a3:
         5d:ba:d4:b6:e0:40:f8:36:81:a0:2c:36:2f:f3:8f:d8:d8:89:
         c3:97:69:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTXK5YUSCIA9D7jPGkyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTRhMTU1YzA1NmZhMTg2NGI2ZjgxMDRjNjQ4YzEyZWY4NjU2NzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VGTRgjG0bKRFUXpHmw9jM7mltNe
Ny41wxjmIu6+A95fcqHM1WUevC6uEsGcMqNbyq0teqQlVM1tJq+BiU/oGOIdz3kJ
GlF06fbDLnttqrhGvZv0jnoq7U+kXp2jMvjFaGVI5smNSCbl9g8l5f1Mc0f+vZXb
ddyLbfrWv5L40YDTh6fvk91U/bxZ8dKFjn0QOiKgh5RF2bIsLo/8uwS0Ar2Bz/B8
1p34C9T9NWEbdQIDj23Ze4kfwI41ueD8INt0+WOgFTcE3hqzKs1hXuZLajt1WZbw
N2RB1YTJTU2YJZQyy0OR/yJjSZqd//sZSJKgNqF7LpaTS6M7uUNZ+O2DMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDpKFVwFb6GGS2+BBMZIwS74ZWeTMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvT2tvVlhBVnZvWVpMYjRFRXhrakJMdmhsWjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB/Dg
MA0GCSqGSIb3DQEBCwUAA4IBAQCUy1xuWuk121TbrWnOLBOp+eWnKMQ1ryd9HbNl
Q0uEAF1+5t1Z+mvwZiVQZMb13NBoNYCPAQaO11DcNGHUJNM8fBN8YU1dvoUHnJv+
wS6FCwA/g+6EjOtC+owUZ2ZAQEIu6Z2NcmUaW0RUaQdS6X1g8zmPS1+fFMqTUEFE
zLJiyA8JInGJSMYrGVr3QwbvdnN7zDsmOq4b02wztMofj1CTgJE7ndR36xBTqgpP
PxcNn3ZIRQIEVCiQlpLU0SoJ8wPd1k1p3JY9r3LRsx1k2SDj/euxPl6Makzu13A1
+lwqYCkcHi7+olW+r6NdutS24ED4NoGgLDYv84/Y2InDl2l5
-----END CERTIFICATE-----