Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OTEQ2P2MROWs6AxOW4hUmKOckKY.roa
File:                     OTEQ2P2MROWs6AxOW4hUmKOckKY.roa (raw, json)
Hash identifier:          d4O1L+olwqfmOF/tNkzuFgXJZ5zDqOtPqmyzAEOPIK8=
Subject key identifier:   39:31:10:D8:FD:8C:44:E5:AC:E8:0C:4E:5B:88:54:98:A3:9C:90:A6
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DC345A402AE6ECEBC5A702918214
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OTEQ2P2MROWs6AxOW4hUmKOckKY.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57969
IP address blocks:        2a09:7:2002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:dc:34:5a:40:2a:e6:ec:eb:c5:a7:02:91:82:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=393110d8fd8c44e5ace80c4e5b885498a39c90a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:cb:d4:5c:bd:3a:1d:13:de:0f:c9:49:9c:be:
                    e4:57:c6:f6:16:ec:fd:69:1b:a7:07:be:77:08:8d:
                    48:e8:d3:20:b4:e5:ae:f0:62:76:cf:ce:12:20:09:
                    a6:3e:6f:df:ee:f5:51:ea:b3:ab:b8:65:b3:7e:c7:
                    a7:08:77:b0:47:02:c9:e1:f1:69:4a:28:8e:b8:8f:
                    3d:74:c9:d7:f1:1d:07:1d:27:c4:74:c5:e2:5a:ac:
                    3c:3b:59:c1:c5:02:c1:bc:d0:7c:bf:e9:39:6e:ce:
                    45:0b:5b:a4:54:2c:c5:bf:db:a8:93:ed:ee:c6:29:
                    c6:8a:ef:bd:81:72:b3:97:d4:df:91:4c:8f:0b:78:
                    cc:1c:e7:6a:da:c3:43:04:ed:ac:fb:c3:1b:f7:f3:
                    08:7e:35:54:4e:c4:33:d6:d2:26:3b:cc:15:5d:c6:
                    ae:0c:6b:3d:93:07:13:61:f2:04:56:08:d5:e3:b8:
                    34:0c:0f:27:91:b3:7c:23:ec:cb:d5:48:0a:90:c4:
                    7e:31:bd:b3:f1:0b:95:f8:a0:84:45:4b:fa:93:82:
                    4e:75:6f:8a:bb:d1:18:20:93:99:a7:5c:14:6d:9e:
                    f5:22:ca:e6:4b:9d:e3:52:b8:45:1e:64:71:e2:bf:
                    0e:59:a9:e9:77:22:c8:68:06:ea:21:e5:3c:83:e6:
                    15:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:31:10:D8:FD:8C:44:E5:AC:E8:0C:4E:5B:88:54:98:A3:9C:90:A6
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OTEQ2P2MROWs6AxOW4hUmKOckKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7:2002::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:72:92:a4:72:09:30:c9:06:90:66:87:d9:a5:4a:9a:ce:04:
         85:1b:03:6f:1f:ff:86:66:a6:e0:e0:57:82:a0:02:f4:71:f8:
         da:62:4a:49:b8:f6:14:27:8f:88:ec:a3:07:0c:e5:a2:57:72:
         7b:41:37:e1:b1:8c:40:71:e6:54:64:eb:bf:fc:5d:06:fc:56:
         a1:5f:8b:3f:45:cc:96:d3:69:6e:8e:99:7b:32:cc:36:f9:6e:
         d4:12:ca:16:d5:d3:2f:65:a4:dc:a6:f9:a8:01:cc:ed:dc:ad:
         f9:18:ef:52:9e:68:14:e6:09:16:ba:80:fd:a0:cb:12:d1:95:
         a6:06:20:b6:2b:c9:d9:9b:74:b5:eb:a0:34:4f:3f:3f:f3:24:
         01:81:4e:fd:53:57:4c:e6:25:4d:76:d1:9c:fe:8d:55:df:f8:
         92:42:4e:eb:64:76:8b:ca:d7:10:49:60:ee:bd:3b:96:6e:c8:
         8e:71:86:72:db:65:b9:39:34:8f:74:35:11:b6:00:f7:57:73:
         33:74:45:13:8d:af:b0:20:b6:7d:78:e5:7a:85:0d:39:2b:ff:
         60:b0:bd:cc:2f:53:58:db:59:3c:dd:15:27:51:2c:a6:7f:74:
         3f:cb:28:f8:e3:25:5c:f3:89:05:f1:fc:9e:21:0a:96:2f:d8:
         1f:fd:12:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAdw0WkAq5uzrxacCkYIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTMxMTBkOGZkOGM0NGU1YWNlODBjNGU1Yjg4NTQ5OGEzOWM5MGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8vUXL06HRPeD8lJnL7kV8b2Fuz9
aRunB753CI1I6NMgtOWu8GJ2z84SIAmmPm/f7vVR6rOruGWzfsenCHewRwLJ4fFp
SiiOuI89dMnX8R0HHSfEdMXiWqw8O1nBxQLBvNB8v+k5bs5FC1ukVCzFv9uok+3u
xinGiu+9gXKzl9TfkUyPC3jMHOdq2sNDBO2s+8Mb9/MIfjVUTsQz1tImO8wVXcau
DGs9kwcTYfIEVgjV47g0DA8nkbN8I+zL1UgKkMR+Mb2z8QuV+KCERUv6k4JOdW+K
u9EYIJOZp1wUbZ71IsrmS53jUrhFHmRx4r8OWanpdyLIaAbqIeU8g+YV2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDkxENj9jETlrOgMTluIVJijnJCmMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvT1RFUTJQMk1ST1dzNkF4T1c0aFVtS09ja0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkAByAC
MA0GCSqGSIb3DQEBCwUAA4IBAQB8cpKkcgkwyQaQZofZpUqazgSFGwNvH/+GZqbg
4FeCoAL0cfjaYkpJuPYUJ4+I7KMHDOWiV3J7QTfhsYxAceZUZOu//F0G/FahX4s/
RcyW02lujpl7Msw2+W7UEsoW1dMvZaTcpvmoAczt3K35GO9SnmgU5gkWuoD9oMsS
0ZWmBiC2K8nZm3S166A0Tz8/8yQBgU79U1dM5iVNdtGc/o1V3/iSQk7rZHaLytcQ
SWDuvTuWbsiOcYZy22W5OTSPdDURtgD3V3MzdEUTja+wILZ9eOV6hQ05K/9gsL3M
L1NY21k83RUnUSymf3Q/yyj44yVc84kF8fyeIQqWL9gf/RKY
-----END CERTIFICATE-----