Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/oUhAyQXdWZ7D9_p9hq-4cqI26Sc.roa
File:                     oUhAyQXdWZ7D9_p9hq-4cqI26Sc.roa (raw, json)
Hash identifier:          rVLDKqNppxdNcMwIb08rNKEWqNXmiCDEweR1VVU1nlY=
Subject key identifier:   A1:48:40:C9:05:DD:59:9E:C3:F7:FA:7D:86:AF:B8:72:A2:36:E9:27
Certificate issuer:       /CN=8ecc229e5699105828564b78509f3b72f3090a21
Certificate serial:       0192D3351CDE756F4566F06EC1C295343C3A
Authority key identifier: 8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/oUhAyQXdWZ7D9_p9hq-4cqI26Sc.roa
Signing time:             Mon 28 Oct 2024 12:58:46 +0000
ROA not before:           Mon 28 Oct 2024 12:58:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48024
IP address blocks:        2a02:7080:3000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:35:1c:de:75:6f:45:66:f0:6e:c1:c2:95:34:3c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ecc229e5699105828564b78509f3b72f3090a21
        Validity
            Not Before: Oct 28 12:58:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a14840c905dd599ec3f7fa7d86afb872a236e927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:07:08:35:64:98:f5:bb:b4:6c:92:d5:5c:07:
                    2a:fb:63:36:71:b9:80:14:d3:93:f4:20:7e:83:06:
                    96:70:46:81:98:86:a6:7b:de:8b:47:97:76:e2:91:
                    44:ea:c8:be:62:26:79:8a:a5:f1:95:21:98:41:77:
                    5e:04:df:59:0d:6c:e9:85:3c:b5:21:cb:7c:1e:55:
                    01:d5:11:b6:ce:e0:f0:83:8f:e7:45:83:68:84:80:
                    94:ce:ee:cb:ea:38:8d:89:18:46:40:13:ee:73:17:
                    a3:5f:b4:a5:ae:af:bc:4b:28:28:69:85:e5:7a:c9:
                    77:3f:16:c7:d6:e8:ce:19:8f:fa:bd:d6:8d:ea:b3:
                    3d:5b:9b:af:a8:25:be:23:e7:03:e1:7c:1d:0a:50:
                    fe:a9:40:35:d7:28:c6:8b:4f:42:41:d6:02:a7:3c:
                    6f:e1:f5:b8:10:05:50:2d:e2:b1:12:9d:31:e5:92:
                    ca:05:28:dd:90:13:b4:4c:6b:ea:e0:df:67:9d:34:
                    6b:49:86:3f:7e:e2:50:ab:2e:a0:34:c4:f6:c2:08:
                    96:e8:99:dd:6d:f8:f9:56:b4:ee:c1:1c:46:3e:84:
                    ba:19:62:31:3e:92:35:f3:ae:5e:6b:32:43:23:a6:
                    6f:62:0f:21:a3:58:51:da:dc:04:08:fc:b6:e4:f1:
                    83:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:48:40:C9:05:DD:59:9E:C3:F7:FA:7D:86:AF:B8:72:A2:36:E9:27
            X509v3 Authority Key Identifier:
                keyid:8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/oUhAyQXdWZ7D9_p9hq-4cqI26Sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7080:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         71:3e:48:c9:c6:4e:5d:e2:7b:a0:9b:c7:c8:9f:e3:83:25:4c:
         7e:78:b4:c7:a7:d0:00:6a:54:8b:a7:be:e8:89:2b:48:b7:ec:
         d9:0d:df:69:e6:03:98:2f:72:ce:a5:4f:7d:d7:cc:b4:4c:d7:
         d4:cc:a2:48:ac:fd:d9:b2:7c:13:8f:5d:2c:69:cb:9a:23:92:
         b2:98:17:45:b6:ec:4d:1d:16:c1:cf:bc:fa:bd:52:38:22:54:
         d7:fd:0f:31:04:cd:d7:c6:d8:04:a2:bd:71:86:31:54:c3:93:
         5f:bb:3e:13:26:b8:a2:69:1d:ff:ec:b0:d9:06:7c:fa:4c:30:
         7f:74:2c:cc:93:17:ad:a2:30:d5:73:63:88:1f:25:01:33:4e:
         0a:fc:c2:ce:ec:54:dd:81:29:69:8b:00:2f:8c:51:99:73:09:
         d8:35:ec:f2:85:65:53:8c:dd:08:0b:43:00:14:86:8d:ee:7c:
         6f:93:61:48:41:6e:f9:ee:c4:5b:ac:b0:c1:b6:c0:5a:da:f6:
         a2:91:40:89:b3:66:22:5f:d1:dd:94:cd:02:24:e6:67:26:4e:
         62:6f:f1:dd:4c:f8:18:43:56:33:59:56:74:85:68:58:98:98:
         6e:77:c1:e7:3e:6e:d0:58:95:37:f2:08:15:d4:29:25:f7:14:
         a1:8f:2a:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZLTNRzedW9FZvBuwcKVNDw6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlY2MyMjllNTY5OTEwNTgyODU2NGI3ODUwOWYzYjcyZjMw
OTBhMjEwHhcNMjQxMDI4MTI1ODQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ4NDBjOTA1ZGQ1OTllYzNmN2ZhN2Q4NmFmYjg3MmEyMzZlOTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgcINWSY9bu0bJLVXAcq+2M2cbmA
FNOT9CB+gwaWcEaBmIame96LR5d24pFE6si+YiZ5iqXxlSGYQXdeBN9ZDWzphTy1
Ict8HlUB1RG2zuDwg4/nRYNohICUzu7L6jiNiRhGQBPucxejX7Slrq+8SygoaYXl
esl3PxbH1ujOGY/6vdaN6rM9W5uvqCW+I+cD4XwdClD+qUA11yjGi09CQdYCpzxv
4fW4EAVQLeKxEp0x5ZLKBSjdkBO0TGvq4N9nnTRrSYY/fuJQqy6gNMT2wgiW6Jnd
bfj5VrTuwRxGPoS6GWIxPpI1865eazJDI6ZvYg8ho1hR2twECPy25PGDUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKFIQMkF3Vmew/f6fYavuHKiNuknMB8GA1UdIwQY
MBaAFI7MIp5WmRBYKFZLeFCfO3LzCQohMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanN3aW5sYVpFRmdvVmt0NFVKODdjdk1KQ2lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8zMDYwYmQtZmViMi00OTg2LWI5ZTMt
M2M5ZWJjNDU2NjIzLzEvb1VoQXlRWGRXWjdEOV9wOWhxLTRjcUkyNlNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8zMDYwYmQtZmViMi00OTg2LWI5ZTMtM2M5ZWJjNDU2NjIz
LzEvanN3aW5sYVpFRmdvVmt0NFVKODdjdk1KQ2lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgJwgDAw
DQYJKoZIhvcNAQELBQADggEBAHE+SMnGTl3ie6Cbx8if44MlTH54tMen0ABqVIun
vuiJK0i37NkN32nmA5gvcs6lT33XzLRM19TMokis/dmyfBOPXSxpy5ojkrKYF0W2
7E0dFsHPvPq9UjgiVNf9DzEEzdfG2ASivXGGMVTDk1+7PhMmuKJpHf/ssNkGfPpM
MH90LMyTF62iMNVzY4gfJQEzTgr8ws7sVN2BKWmLAC+MUZlzCdg17PKFZVOM3QgL
QwAUho3ufG+TYUhBbvnuxFussMG2wFra9qKRQImzZiJf0d2UzQIk5mcmTmJv8d1M
+BhDVjNZVnSFaFiYmG53wec+btBYlTfyCBXUKSX3FKGPKuA=
-----END CERTIFICATE-----