Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/o8RPxWux3cpipeQdFwLl2yNZX_k.roa
File:                     o8RPxWux3cpipeQdFwLl2yNZX_k.roa (raw, json)
Hash identifier:          clnQqQdgxVcQ///RYqkW7wQaNCxrG1ozEoY2cexakoc=
Subject key identifier:   A3:C4:4F:C5:6B:B1:DD:CA:62:A5:E4:1D:17:02:E5:DB:23:59:5F:F9
Certificate issuer:       /CN=76f311ef1581a00e437cd704b6281ac8621afc56
Certificate serial:       018CC4931D82859587AE801FCF04E64FC01C
Authority key identifier: 76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/o8RPxWux3cpipeQdFwLl2yNZX_k.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22634
IP address blocks:        2a04:7141::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1d:82:85:95:87:ae:80:1f:cf:04:e6:4f:c0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76f311ef1581a00e437cd704b6281ac8621afc56
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3c44fc56bb1ddca62a5e41d1702e5db23595ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:bf:aa:70:4d:34:1b:b1:59:7f:fb:9d:8b:05:
                    31:36:22:93:80:40:f8:d9:09:6a:19:c3:4f:46:5b:
                    45:62:da:c8:da:6f:39:d1:6e:4e:26:69:c7:ae:7c:
                    12:6e:25:35:aa:6e:e5:83:46:bc:e6:26:8e:d6:a8:
                    b2:84:e2:93:1f:f4:ac:26:03:53:83:a8:72:ef:a4:
                    b7:9a:0b:e4:eb:5b:f2:54:17:0f:b3:b7:1d:2d:71:
                    60:2d:7f:68:40:12:0a:e6:cf:35:1d:d2:db:3b:64:
                    2a:bb:ca:4d:bd:d4:1b:d8:0b:d3:de:29:d3:d5:ce:
                    18:93:6f:a0:e4:fb:90:a0:ce:4d:3f:55:81:64:68:
                    a7:93:25:03:fa:c1:3b:57:84:b2:1d:97:8b:14:45:
                    c9:7d:76:45:54:84:07:f7:a3:17:e2:bd:b3:03:ab:
                    03:41:fb:1f:8f:25:dd:98:24:97:4c:31:ce:04:ec:
                    db:d0:9e:33:fe:28:bb:80:05:b0:01:63:31:5f:4a:
                    fa:70:49:89:21:09:80:96:8f:5f:e0:e7:2f:58:19:
                    6c:72:4a:ac:51:9b:74:76:55:0e:91:f2:0e:57:d6:
                    1a:3d:b5:36:a8:a2:f6:57:5b:c1:35:a5:cf:e3:bf:
                    4e:65:13:ff:40:ab:d6:87:25:91:80:12:94:2f:0d:
                    3b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C4:4F:C5:6B:B1:DD:CA:62:A5:E4:1D:17:02:E5:DB:23:59:5F:F9
            X509v3 Authority Key Identifier:
                keyid:76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/o8RPxWux3cpipeQdFwLl2yNZX_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:7141::/36

    Signature Algorithm: sha256WithRSAEncryption
         8c:bd:e3:81:f5:4f:fa:9a:81:24:ca:c7:f5:57:4f:09:ba:45:
         a0:4c:7a:73:2b:36:80:7b:82:19:10:16:eb:40:4f:2a:c4:f4:
         3e:b3:5f:2c:cd:08:94:af:10:85:59:05:df:7b:72:2a:a7:5a:
         6a:67:ae:52:d4:21:55:52:88:02:f7:6b:b5:88:03:58:96:57:
         6d:4a:89:5b:47:3e:b4:5c:dc:2c:57:82:6a:cd:ff:0e:24:4c:
         70:ee:46:41:95:2f:89:3d:d3:6a:e5:db:cc:6f:9f:59:25:66:
         e3:54:36:13:61:61:da:6e:db:18:93:43:af:4d:e8:5c:a3:de:
         ab:cc:93:57:89:c7:e8:e6:07:de:77:1f:83:11:c8:a2:24:2a:
         de:9f:bb:fe:89:e8:d3:84:b9:11:f6:f7:24:5e:88:a0:65:cd:
         44:8c:2f:58:19:18:d2:e4:43:8b:3c:84:4b:c5:28:d7:7f:ee:
         1f:4d:43:7b:3d:76:a1:c3:eb:97:c1:ec:63:92:f2:94:8a:94:
         30:87:a7:bc:66:e9:89:43:57:d2:67:06:89:df:18:31:c8:26:
         11:10:ac:46:d6:22:a2:38:8d:c3:81:ba:fa:29:26:36:5d:3b:
         fe:d7:a6:08:c7:6f:c6:59:a1:d1:e3:91:bf:60:47:ad:d2:ce:
         5c:f4:c4:86
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEkx2ChZWHroAfzwTmT8AcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZjMxMWVmMTU4MWEwMGU0MzdjZDcwNGI2MjgxYWM4NjIx
YWZjNTYwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2M0NGZjNTZiYjFkZGNhNjJhNWU0MWQxNzAyZTVkYjIzNTk1ZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlr+qcE00G7FZf/udiwUxNiKTgED4
2QlqGcNPRltFYtrI2m850W5OJmnHrnwSbiU1qm7lg0a85iaO1qiyhOKTH/SsJgNT
g6hy76S3mgvk61vyVBcPs7cdLXFgLX9oQBIK5s81HdLbO2Qqu8pNvdQb2AvT3inT
1c4Yk2+g5PuQoM5NP1WBZGinkyUD+sE7V4SyHZeLFEXJfXZFVIQH96MX4r2zA6sD
QfsfjyXdmCSXTDHOBOzb0J4z/ii7gAWwAWMxX0r6cEmJIQmAlo9f4OcvWBlsckqs
UZt0dlUOkfIOV9YaPbU2qKL2V1vBNaXP479OZRP/QKvWhyWRgBKULw07dQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKPET8Vrsd3KYqXkHRcC5dsjWV/5MB8GA1UdIwQY
MBaAFHbzEe8VgaAOQ3zXBLYoGshiGvxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDkt
MTY5NDMxMjk2YzU5LzEvbzhSUHhXdXgzY3BpcGVRZEZ3TGwyeU5aWF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDktMTY5NDMxMjk2YzU5
LzEvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgRxQQAw
DQYJKoZIhvcNAQELBQADggEBAIy944H1T/qagSTKx/VXTwm6RaBMenMrNoB7ghkQ
FutATyrE9D6zXyzNCJSvEIVZBd97ciqnWmpnrlLUIVVSiAL3a7WIA1iWV21KiVtH
PrRc3CxXgmrN/w4kTHDuRkGVL4k902rl28xvn1klZuNUNhNhYdpu2xiTQ69N6Fyj
3qvMk1eJx+jmB953H4MRyKIkKt6fu/6J6NOEuRH29yReiKBlzUSML1gZGNLkQ4s8
hEvFKNd/7h9NQ3s9dqHD65fB7GOS8pSKlDCHp7xm6YlDV9JnBonfGDHIJhEQrEbW
IqI4jcOBuvopJjZdO/7XpgjHb8ZZodHjkb9gR63Szlz0xIY=
-----END CERTIFICATE-----