Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/OTqAO26bWOJs8Cg9Nu8zOxcD6jw.roa
File:                     OTqAO26bWOJs8Cg9Nu8zOxcD6jw.roa (raw, json)
Hash identifier:          BxLpkZ5lsORgMm3qmZZ8xttlI+npxtF7o/xMQBCCGHA=
Subject key identifier:   39:3A:80:3B:6E:9B:58:E2:6C:F0:28:3D:36:EF:33:3B:17:03:EA:3C
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       018CC56E25E43A57AA8F99A12A901B891C0C
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/OTqAO26bWOJs8Cg9Nu8zOxcD6jw.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206925
IP address blocks:        2a04:2b00:119::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:25:e4:3a:57:aa:8f:99:a1:2a:90:1b:89:1c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=393a803b6e9b58e26cf0283d36ef333b1703ea3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:72:fd:75:60:96:9a:e3:01:0e:2d:03:a4:96:
                    34:20:e4:9f:84:1e:75:d9:8a:c9:02:62:58:e3:2c:
                    01:05:79:c8:3a:c6:bb:10:9a:5c:99:57:a2:77:46:
                    fc:62:6d:33:bd:76:2e:31:8b:77:4c:4c:de:81:f1:
                    49:d4:29:7b:10:f0:66:67:f4:ab:75:f9:8f:0a:a8:
                    e9:8d:e0:10:c8:a4:15:02:94:e6:ea:a7:06:a4:ca:
                    93:63:61:ac:65:2b:ec:1a:5d:14:cf:8c:8f:30:4b:
                    ef:74:79:d8:e8:c0:28:67:15:7e:3f:91:7e:f2:3f:
                    b4:36:aa:97:f3:00:ce:be:89:c7:31:8a:87:69:2a:
                    9b:65:a1:75:af:32:64:7a:16:27:d9:f8:27:58:17:
                    cf:05:e2:c6:4c:3f:6e:fa:3c:3b:ac:ad:5d:84:d2:
                    d3:b1:69:8d:ad:85:d2:4a:05:ec:1f:c2:41:7d:f3:
                    cc:3d:6a:98:5b:e5:d3:e5:6c:57:ca:b4:80:1a:7f:
                    45:49:93:60:ea:f0:dd:9e:b3:fa:22:6c:ae:e4:3f:
                    72:d7:ed:e3:0f:fe:db:d7:be:14:96:a4:44:80:0b:
                    d9:22:5d:41:48:5e:56:9a:15:33:a7:70:81:a8:e1:
                    6e:0b:b1:c3:75:be:f7:06:70:f3:2e:1d:15:a5:6b:
                    4e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:3A:80:3B:6E:9B:58:E2:6C:F0:28:3D:36:EF:33:3B:17:03:EA:3C
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/OTqAO26bWOJs8Cg9Nu8zOxcD6jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:119::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:81:53:e3:0c:c9:76:62:a0:18:42:6d:c7:d4:60:51:43:53:
         ea:df:f6:6f:53:1d:ac:b0:b8:61:2d:4b:46:a6:75:e6:c0:82:
         29:31:04:00:d1:4b:9c:95:d3:28:4a:0e:30:ba:11:ad:25:1f:
         ac:7a:f3:31:ca:6e:4b:7b:e6:d2:f9:86:ed:d0:5d:b9:da:92:
         de:ba:98:0f:51:1d:fb:a2:3d:97:33:3a:2c:d1:41:e1:f1:40:
         1a:55:b0:1a:92:4c:df:8c:a8:42:76:33:b0:19:25:7b:41:af:
         b3:96:c9:0c:f6:8e:ba:32:b5:80:d6:f0:60:08:b9:ee:11:fa:
         bd:8f:d9:52:ae:9f:3e:33:94:38:d4:e9:06:4c:ec:a5:74:b7:
         ee:52:bf:c2:7a:fd:8e:e2:1a:f9:f4:9a:9b:cf:01:1e:bf:e6:
         b8:89:67:f3:84:ce:7d:27:56:22:0f:ba:d4:a6:af:8b:c4:99:
         ae:82:95:03:6a:95:c5:95:7c:56:c5:2a:40:76:5a:d8:3c:ae:
         b0:b7:da:49:26:84:a4:1c:ce:99:0a:a3:ba:3f:23:ef:99:2a:
         81:5d:6f:38:c1:1f:7a:a4:32:14:67:c1:70:f7:b9:bd:fc:11:
         24:d9:dd:08:81:a5:2f:0d:de:26:fc:a8:17:9e:c2:4f:40:7e:
         41:46:f4:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbiXkOleqj5mhKpAbiRwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTNhODAzYjZlOWI1OGUyNmNmMDI4M2QzNmVmMzMzYjE3MDNlYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXL9dWCWmuMBDi0DpJY0IOSfhB51
2YrJAmJY4ywBBXnIOsa7EJpcmVeid0b8Ym0zvXYuMYt3TEzegfFJ1Cl7EPBmZ/Sr
dfmPCqjpjeAQyKQVApTm6qcGpMqTY2GsZSvsGl0Uz4yPMEvvdHnY6MAoZxV+P5F+
8j+0NqqX8wDOvonHMYqHaSqbZaF1rzJkehYn2fgnWBfPBeLGTD9u+jw7rK1dhNLT
sWmNrYXSSgXsH8JBffPMPWqYW+XT5WxXyrSAGn9FSZNg6vDdnrP6Imyu5D9y1+3j
D/7b174UlqREgAvZIl1BSF5WmhUzp3CBqOFuC7HDdb73BnDzLh0VpWtOuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDk6gDtum1jibPAoPTbvMzsXA+o8MB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvT1RxQU8yNmJXT0pzOENnOU51OHpPeGNENmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgQrAAEZ
MA0GCSqGSIb3DQEBCwUAA4IBAQCMgVPjDMl2YqAYQm3H1GBRQ1Pq3/ZvUx2ssLhh
LUtGpnXmwIIpMQQA0UucldMoSg4wuhGtJR+sevMxym5Le+bS+Ybt0F252pLeupgP
UR37oj2XMzos0UHh8UAaVbAakkzfjKhCdjOwGSV7Qa+zlskM9o66MrWA1vBgCLnu
Efq9j9lSrp8+M5Q41OkGTOyldLfuUr/Cev2O4hr59JqbzwEev+a4iWfzhM59J1Yi
D7rUpq+LxJmugpUDapXFlXxWxSpAdlrYPK6wt9pJJoSkHM6ZCqO6PyPvmSqBXW84
wR96pDIUZ8Fw97m9/BEk2d0IgaUvDd4m/KgXnsJPQH5BRvTz
-----END CERTIFICATE-----