Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/cLjb4IRUoN10gDB3GF-OK_M0R6w.roa
File:                     cLjb4IRUoN10gDB3GF-OK_M0R6w.roa (raw, json)
Hash identifier:          UdcZqKsRX7RY6eJoBcR8IDVtbTPDmGbzU1vUD8uA1bw=
Subject key identifier:   70:B8:DB:E0:84:54:A0:DD:74:80:30:77:18:5F:8E:2B:F3:34:47:AC
Certificate issuer:       /CN=3e7156abee6ba238b907315df9c552865adcdae8
Certificate serial:       018CC4248A79DA41C6B6DBF1E028C3A681D6
Authority key identifier: 3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/cLjb4IRUoN10gDB3GF-OK_M0R6w.roa
Signing time:             Mon 01 Jan 2024 08:29:38 +0000
ROA not before:           Mon 01 Jan 2024 08:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49775
IP address blocks:        2a0c:7d80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:8a:79:da:41:c6:b6:db:f1:e0:28:c3:a6:81:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e7156abee6ba238b907315df9c552865adcdae8
        Validity
            Not Before: Jan  1 08:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70b8dbe08454a0dd74803077185f8e2bf33447ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b8:d3:20:75:a9:8f:e9:fc:64:99:ec:6c:ad:
                    9d:0c:93:27:2f:8a:65:8b:bb:69:72:17:ee:66:b6:
                    41:83:13:f0:5d:74:f4:71:fc:ed:fa:96:5f:ad:67:
                    06:0d:75:fe:29:da:91:60:fc:8e:33:f5:9d:ef:c2:
                    bf:d2:47:c4:46:0f:1d:d1:6c:78:4d:f4:db:fb:c3:
                    66:d4:22:1b:9b:48:97:2c:e5:62:6f:93:7b:f4:11:
                    74:0b:41:26:e4:af:eb:90:1f:ae:e0:77:03:96:32:
                    5a:3d:56:c7:72:0f:25:08:ca:8b:84:ab:02:f6:1d:
                    f0:2b:55:c8:3b:99:8f:4b:8d:fa:d4:70:4e:53:76:
                    c1:0a:d8:4b:d0:4a:fa:5d:49:ea:26:8a:37:90:83:
                    a5:86:db:a2:0b:76:64:a8:1c:ae:83:5c:11:e1:5d:
                    cb:f8:95:0f:b9:43:5d:8d:b4:d6:c8:fc:95:51:4c:
                    84:2f:6e:f1:9e:f3:5d:18:ea:6a:19:21:46:dc:8d:
                    83:b6:32:64:89:41:92:9f:68:70:2a:65:59:d0:d3:
                    44:05:d0:a1:7e:78:65:6f:e5:6e:b6:e2:bc:ba:43:
                    59:65:58:e5:a2:98:94:05:dd:01:11:a6:23:30:51:
                    97:92:02:24:72:8f:05:94:c8:a9:36:b9:36:07:75:
                    be:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B8:DB:E0:84:54:A0:DD:74:80:30:77:18:5F:8E:2B:F3:34:47:AC
            X509v3 Authority Key Identifier:
                keyid:3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/cLjb4IRUoN10gDB3GF-OK_M0R6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:00:75:ab:82:fe:b6:9b:15:a5:6d:5a:3a:82:69:d8:c5:0f:
         a2:75:8a:ef:0b:a3:31:74:75:c0:e4:c0:e3:55:88:b1:a8:72:
         de:c4:2b:27:2e:22:ce:5c:79:48:77:70:f4:0e:da:b4:61:f3:
         63:8f:aa:34:29:69:36:e3:a3:41:ea:a2:ba:24:ba:98:bb:af:
         1c:c5:e5:34:30:25:3f:5d:03:2b:6b:b5:71:8a:f9:76:d6:16:
         c1:94:aa:5d:72:c1:02:d3:2b:89:cd:eb:78:b3:7f:7c:8c:c8:
         50:bf:d7:a8:55:07:5f:80:8f:fb:c4:24:05:24:cd:9b:fd:40:
         38:c7:07:d6:c0:96:78:04:08:87:73:29:4e:fa:b4:e6:1b:ff:
         c1:22:25:8f:4b:1d:38:a5:35:29:05:bb:52:00:5d:d6:e3:12:
         7c:52:14:26:f9:8f:24:eb:16:d8:98:a6:30:46:88:e2:f4:1f:
         9d:b6:ef:6c:c7:bd:52:cc:ea:33:b5:f3:0d:3a:93:e6:af:eb:
         ff:d7:9e:27:10:5f:4c:f6:a7:e2:28:e5:fb:f0:b4:ed:b7:c1:
         a9:2c:99:e5:a1:d4:7f:b2:c9:f0:b7:3f:14:af:0f:05:15:48:
         94:29:1b:41:cb:12:b5:96:b2:f0:25:90:e8:15:ef:32:82:ab:
         69:a0:de:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJIp52kHGttvx4CjDpoHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzE1NmFiZWU2YmEyMzhiOTA3MzE1ZGY5YzU1Mjg2NWFk
Y2RhZTgwHhcNMjQwMTAxMDgyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGI4ZGJlMDg0NTRhMGRkNzQ4MDMwNzcxODVmOGUyYmYzMzQ0N2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLjTIHWpj+n8ZJnsbK2dDJMnL4pl
i7tpchfuZrZBgxPwXXT0cfzt+pZfrWcGDXX+KdqRYPyOM/Wd78K/0kfERg8d0Wx4
TfTb+8Nm1CIbm0iXLOVib5N79BF0C0Em5K/rkB+u4HcDljJaPVbHcg8lCMqLhKsC
9h3wK1XIO5mPS4361HBOU3bBCthL0Er6XUnqJoo3kIOlhtuiC3ZkqByug1wR4V3L
+JUPuUNdjbTWyPyVUUyEL27xnvNdGOpqGSFG3I2DtjJkiUGSn2hwKmVZ0NNEBdCh
fnhlb+VutuK8ukNZZVjlopiUBd0BEaYjMFGXkgIkco8FlMipNrk2B3W+yQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHC42+CEVKDddIAwdxhfjivzNEesMB8GA1UdIwQY
MBaAFD5xVqvua6I4uQcxXfnFUoZa3NroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3Zjkt
NThmMmQ0NGZmMjgxLzEvY0xqYjRJUlVvTjEwZ0RCM0dGLU9LX00wUjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3ZjktNThmMmQ0NGZmMjgx
LzEvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgx9gDAN
BgkqhkiG9w0BAQsFAAOCAQEAjgB1q4L+tpsVpW1aOoJp2MUPonWK7wujMXR1wOTA
41WIsahy3sQrJy4izlx5SHdw9A7atGHzY4+qNClpNuOjQeqiuiS6mLuvHMXlNDAl
P10DK2u1cYr5dtYWwZSqXXLBAtMric3reLN/fIzIUL/XqFUHX4CP+8QkBSTNm/1A
OMcH1sCWeAQIh3MpTvq05hv/wSIlj0sdOKU1KQW7UgBd1uMSfFIUJvmPJOsW2Jim
MEaI4vQfnbbvbMe9UszqM7XzDTqT5q/r/9eeJxBfTPan4ijl+/C07bfBqSyZ5aHU
f7LJ8Lc/FK8PBRVIlCkbQcsStZay8CWQ6BXvMoKraaDeQw==
-----END CERTIFICATE-----