Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/OCcbVEWwELcChcTjXhchJLSkjrE.roa
File:                     OCcbVEWwELcChcTjXhchJLSkjrE.roa (raw, json)
Hash identifier:          RYcNgNo1inPX60Gvc6Jjhf4b2dD4knG9oEEqVFgjmi4=
Subject key identifier:   38:27:1B:54:45:B0:10:B7:02:85:C4:E3:5E:17:21:24:B4:A4:8E:B1
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       019291C13738979636DF0DE15AC0BD42098C
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/OCcbVEWwELcChcTjXhchJLSkjrE.roa
Signing time:             Tue 15 Oct 2024 19:56:51 +0000
ROA not before:           Tue 15 Oct 2024 19:56:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212128
IP address blocks:        2a0e:5904::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:91:c1:37:38:97:96:36:df:0d:e1:5a:c0:bd:42:09:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Oct 15 19:56:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38271b5445b010b70285c4e35e172124b4a48eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ec:78:73:f8:cc:21:69:38:50:e5:3b:7c:6f:
                    27:43:2f:d2:fd:de:8a:45:05:75:de:76:bb:f6:62:
                    3b:0f:ef:00:2d:0e:46:a0:b8:c2:2a:f2:f7:78:36:
                    7b:cd:cb:c7:c8:22:4e:f9:4f:1d:ca:f4:72:1f:e0:
                    a5:86:1d:ed:56:6c:88:9d:5a:76:f9:3c:65:1a:8d:
                    f1:3e:06:b1:09:0a:90:b6:d1:77:3d:34:fc:cf:fe:
                    c5:01:24:7d:ca:14:17:4c:72:33:90:92:f3:ab:ba:
                    1c:0f:02:b5:f3:14:0a:9c:2e:96:46:bb:c2:2d:f4:
                    61:25:d7:06:af:be:9b:17:b4:d4:77:02:78:7a:93:
                    9c:c8:ec:1f:df:a3:55:72:91:5c:e7:9f:4b:0c:3f:
                    bb:53:ab:e7:8f:7b:4f:db:27:98:54:1b:fb:da:cb:
                    8e:91:b5:86:07:c7:f4:ff:1d:bb:1c:cc:98:a1:7e:
                    a1:e8:58:0c:7f:db:2d:35:53:34:40:85:99:5e:37:
                    78:1c:ae:0f:19:0d:d3:a5:8c:6b:7b:f8:8b:9a:2e:
                    32:a0:9d:d2:af:c9:60:41:8f:39:ee:27:b0:46:21:
                    8b:4c:e4:bd:a0:c3:19:89:05:95:7a:dc:b0:c2:77:
                    a6:45:73:44:3e:d2:50:a7:bd:4e:8e:6e:3f:8f:c1:
                    72:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:27:1B:54:45:B0:10:B7:02:85:C4:E3:5E:17:21:24:B4:A4:8E:B1
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/OCcbVEWwELcChcTjXhchJLSkjrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5904::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:5c:c1:0d:c6:19:86:95:c9:82:64:47:37:4d:ca:4b:93:90:
         8d:b1:8e:5f:f3:9a:82:49:3c:da:bd:5a:69:d4:3a:9b:79:3f:
         c3:21:21:dd:32:5e:3e:4d:cf:97:b1:33:2a:22:0b:76:f9:be:
         61:a0:5c:8c:26:5d:8a:da:0b:ba:93:c5:10:d2:ce:6e:0c:e4:
         ab:7a:74:72:db:52:3b:22:81:56:62:cd:1f:6f:fd:77:ee:a1:
         9c:88:8b:3b:4d:b1:bf:4a:e8:af:28:d7:39:b0:c4:34:74:36:
         de:c2:d6:74:69:19:b6:f1:92:0a:ae:e7:e0:80:e6:d6:74:8c:
         bb:5c:aa:48:e7:53:0a:5b:1c:c7:c0:a9:a0:3d:b2:db:87:75:
         d7:7e:7f:96:85:e7:30:ab:01:71:b6:99:12:a0:d2:b5:12:11:
         4f:39:5e:22:34:41:b5:f2:81:0e:9d:f3:91:14:d1:6b:d1:d9:
         b7:61:2f:d5:ae:38:80:fa:3a:5c:50:60:04:d7:17:3f:f7:2d:
         71:d7:dc:53:9f:22:6a:a3:58:db:41:7c:00:ab:20:8c:cb:44:
         23:4c:94:01:17:00:cc:f0:00:f7:46:c4:6e:6e:15:36:6a:83:
         d2:01:01:b0:66:74:7d:0d:8f:35:73:ff:77:d5:74:0e:7e:06:
         81:13:30:c5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKRwTc4l5Y23w3hWsC9QgmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQxMDE1MTk1NjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI3MWI1NDQ1YjAxMGI3MDI4NWM0ZTM1ZTE3MjEyNGI0YTQ4ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOx4c/jMIWk4UOU7fG8nQy/S/d6K
RQV13na79mI7D+8ALQ5GoLjCKvL3eDZ7zcvHyCJO+U8dyvRyH+Clhh3tVmyInVp2
+TxlGo3xPgaxCQqQttF3PTT8z/7FASR9yhQXTHIzkJLzq7ocDwK18xQKnC6WRrvC
LfRhJdcGr76bF7TUdwJ4epOcyOwf36NVcpFc559LDD+7U6vnj3tP2yeYVBv72suO
kbWGB8f0/x27HMyYoX6h6FgMf9stNVM0QIWZXjd4HK4PGQ3TpYxre/iLmi4yoJ3S
r8lgQY857iewRiGLTOS9oMMZiQWVetywwnemRXNEPtJQp71Ojm4/j8Fy4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDgnG1RFsBC3AoXE414XISS0pI6xMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvT0NjYlZFV3dFTGNDaGNUalhoY2hKTFNranJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5ZBDAN
BgkqhkiG9w0BAQsFAAOCAQEABlzBDcYZhpXJgmRHN03KS5OQjbGOX/Oagkk82r1a
adQ6m3k/wyEh3TJePk3Pl7EzKiILdvm+YaBcjCZditoLupPFENLObgzkq3p0cttS
OyKBVmLNH2/9d+6hnIiLO02xv0roryjXObDENHQ23sLWdGkZtvGSCq7n4IDm1nSM
u1yqSOdTClscx8CpoD2y24d1135/loXnMKsBcbaZEqDStRIRTzleIjRBtfKBDp3z
kRTRa9HZt2Ev1a44gPo6XFBgBNcXP/ctcdfcU58iaqNY20F8AKsgjMtEI0yUARcA
zPAA90bEbm4VNmqD0gEBsGZ0fQ2PNXP/d9V0Dn4GgRMwxQ==
-----END CERTIFICATE-----