Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/0cd2f3-0f6a-4eaa-9845-99eca5651023/1/OBTQy6HIuL_Mm67py0gKjqr6CnU.roa
File:                     OBTQy6HIuL_Mm67py0gKjqr6CnU.roa (raw, json)
Hash identifier:          k3iQsoQEY5wsRy/nNUt6OW0xjnJDVFscEhbozdTlye0=
Subject key identifier:   38:14:D0:CB:A1:C8:B8:BF:CC:9B:AE:E9:CB:48:0A:8E:AA:FA:0A:75
Certificate issuer:       /CN=b9c3633acbf63c2ecb10205b9b92580abb4eb87e
Certificate serial:       018CC4922BFD19E5FF46139CEDA1A26B168F
Authority key identifier: B9:C3:63:3A:CB:F6:3C:2E:CB:10:20:5B:9B:92:58:0A:BB:4E:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ucNjOsv2PC7LECBbm5JYCrtOuH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/0cd2f3-0f6a-4eaa-9845-99eca5651023/1/OBTQy6HIuL_Mm67py0gKjqr6CnU.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1257
IP address blocks:        2a11:cd40:1000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/0cd2f3-0f6a-4eaa-9845-99eca5651023/1/ucNjOsv2PC7LECBbm5JYCrtOuH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/0cd2f3-0f6a-4eaa-9845-99eca5651023/1/ucNjOsv2PC7LECBbm5JYCrtOuH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ucNjOsv2PC7LECBbm5JYCrtOuH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2b:fd:19:e5:ff:46:13:9c:ed:a1:a2:6b:16:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9c3633acbf63c2ecb10205b9b92580abb4eb87e
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3814d0cba1c8b8bfcc9baee9cb480a8eaafa0a75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:75:b5:ef:3c:ed:47:ff:c1:fe:58:c8:66:5a:
                    83:f3:4d:08:0f:95:df:9b:14:25:13:4e:71:eb:09:
                    fe:d1:83:8f:f8:00:d9:73:f4:77:ff:4c:9d:57:54:
                    36:a0:67:25:14:44:b4:af:65:38:8a:fd:50:88:91:
                    74:d3:56:5d:78:2e:80:78:ed:89:3d:2d:ce:e8:24:
                    18:13:a7:f7:ae:81:61:cb:df:52:97:0b:ad:67:fe:
                    bd:ad:c7:1f:dc:cf:a3:cb:11:b9:17:c2:a1:57:9e:
                    10:98:bf:bb:ed:1f:35:18:84:02:dd:35:0f:0c:29:
                    54:46:54:d6:e6:2a:31:bf:d0:25:8d:1b:9f:0e:05:
                    10:01:be:6f:1b:09:99:9e:6e:8d:10:76:e8:e5:2c:
                    66:80:2f:f4:6b:a0:7b:b7:9b:60:3f:1c:4a:28:cf:
                    0f:91:7e:92:5c:2e:97:ed:29:28:78:3b:57:8e:a7:
                    10:a4:ef:d4:74:89:7a:25:f5:b7:a3:79:6b:5b:b4:
                    08:a4:c7:db:6a:8f:ce:c6:1f:0f:76:28:00:bb:9a:
                    8b:ec:83:b2:af:22:ee:fc:be:41:20:dd:84:7b:23:
                    d6:d5:64:c5:91:90:e3:97:23:7b:8a:2c:ed:76:12:
                    18:c5:80:55:b4:92:4b:4c:50:dc:bf:15:b7:ea:89:
                    59:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:14:D0:CB:A1:C8:B8:BF:CC:9B:AE:E9:CB:48:0A:8E:AA:FA:0A:75
            X509v3 Authority Key Identifier:
                keyid:B9:C3:63:3A:CB:F6:3C:2E:CB:10:20:5B:9B:92:58:0A:BB:4E:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ucNjOsv2PC7LECBbm5JYCrtOuH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/0cd2f3-0f6a-4eaa-9845-99eca5651023/1/OBTQy6HIuL_Mm67py0gKjqr6CnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/0cd2f3-0f6a-4eaa-9845-99eca5651023/1/ucNjOsv2PC7LECBbm5JYCrtOuH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:cd40:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:f5:71:36:3b:cd:da:1a:2b:90:87:f9:89:a1:d8:f9:5e:b4:
         dc:a1:19:ef:b9:7c:c3:ac:14:8a:62:62:97:9c:25:24:67:93:
         bf:15:17:91:ba:f9:68:d3:21:46:c4:4a:32:10:85:82:c0:db:
         bf:14:99:12:f6:5f:a5:1f:7f:40:34:79:0c:a8:14:0d:cb:72:
         16:06:83:43:fe:47:b7:97:b1:fe:6a:e4:b0:3d:e9:b7:ed:ee:
         77:80:dd:e1:18:ff:ad:e7:81:7a:64:4c:c9:37:08:69:f6:81:
         33:1e:0c:b8:55:c8:51:54:49:fd:34:bc:b2:0c:1d:7c:fb:43:
         0e:89:f1:2e:00:2e:3e:c3:95:1c:4e:13:cb:34:82:d8:54:14:
         50:e7:b8:a1:da:ff:71:17:e6:ae:1d:0c:34:d9:7a:09:86:ff:
         7b:d6:83:e5:dd:f3:08:e7:8b:bc:23:b4:a7:95:6c:0c:c5:93:
         b8:80:6d:13:0f:fb:a1:8a:60:01:98:43:b9:b4:af:68:b5:73:
         8d:30:d9:c4:91:59:0a:b7:d9:c6:55:36:cf:fb:da:dd:77:d8:
         60:74:78:fe:f4:e9:21:aa:8c:66:00:e5:eb:5d:b2:8d:3a:47:
         04:f8:11:d7:f9:40:74:11:fe:33:78:25:38:d6:90:92:82:68:
         82:23:bc:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkiv9GeX/RhOc7aGiaxaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YzM2MzNhY2JmNjNjMmVjYjEwMjA1YjliOTI1ODBhYmI0
ZWI4N2UwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODE0ZDBjYmExYzhiOGJmY2M5YmFlZTljYjQ4MGE4ZWFhZmEwYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3W17zztR//B/ljIZlqD800ID5Xf
mxQlE05x6wn+0YOP+ADZc/R3/0ydV1Q2oGclFES0r2U4iv1QiJF001ZdeC6AeO2J
PS3O6CQYE6f3roFhy99SlwutZ/69rccf3M+jyxG5F8KhV54QmL+77R81GIQC3TUP
DClURlTW5ioxv9AljRufDgUQAb5vGwmZnm6NEHbo5SxmgC/0a6B7t5tgPxxKKM8P
kX6SXC6X7SkoeDtXjqcQpO/UdIl6JfW3o3lrW7QIpMfbao/Oxh8PdigAu5qL7IOy
ryLu/L5BIN2EeyPW1WTFkZDjlyN7iiztdhIYxYBVtJJLTFDcvxW36olZDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDgU0MuhyLi/zJuu6ctICo6q+gp1MB8GA1UdIwQY
MBaAFLnDYzrL9jwuyxAgW5uSWAq7Trh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWNOak9zdjJQQzdMRUNCYm01SllDcnRPdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8wY2QyZjMtMGY2YS00ZWFhLTk4NDUt
OTllY2E1NjUxMDIzLzEvT0JUUXk2SEl1TF9NbTY3cHkwZ0tqcXI2Q25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8wY2QyZjMtMGY2YS00ZWFhLTk4NDUtOTllY2E1NjUxMDIz
LzEvdWNOak9zdjJQQzdMRUNCYm01SllDcnRPdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhHNQBAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAD9XE2O83aGiuQh/mJodj5XrTcoRnvuXzDrBSK
YmKXnCUkZ5O/FReRuvlo0yFGxEoyEIWCwNu/FJkS9l+lH39ANHkMqBQNy3IWBoND
/ke3l7H+auSwPem37e53gN3hGP+t54F6ZEzJNwhp9oEzHgy4VchRVEn9NLyyDB18
+0MOifEuAC4+w5UcThPLNILYVBRQ57ih2v9xF+auHQw02XoJhv971oPl3fMI54u8
I7SnlWwMxZO4gG0TD/uhimABmEO5tK9otXONMNnEkVkKt9nGVTbP+9rdd9hgdHj+
9OkhqoxmAOXrXbKNOkcE+BHX+UB0Ef4zeCU41pCSgmiCI7zR
-----END CERTIFICATE-----