Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/OK6c6QaepeNGoOGafZTPA-qwMfk.roa
File:                     OK6c6QaepeNGoOGafZTPA-qwMfk.roa (raw, json)
Hash identifier:          6lP8xsrXaWDut+dHBr333teIOV2mx6u5gcvbkyrhI+M=
Subject key identifier:   38:AE:9C:E9:06:9E:A5:E3:46:A0:E1:9A:7D:94:CF:03:EA:B0:31:F9
Certificate issuer:       /CN=4777da157768423fcba9217392ec7f483b3b9442
Certificate serial:       018DE585E6C9F3DF25D97C49DD647ABC9E8F
Authority key identifier: 47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/OK6c6QaepeNGoOGafZTPA-qwMfk.roa
Signing time:             Mon 26 Feb 2024 13:06:14 +0000
ROA not before:           Mon 26 Feb 2024 13:06:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8832
IP address blocks:        2a00:1498::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:85:e6:c9:f3:df:25:d9:7c:49:dd:64:7a:bc:9e:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4777da157768423fcba9217392ec7f483b3b9442
        Validity
            Not Before: Feb 26 13:06:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38ae9ce9069ea5e346a0e19a7d94cf03eab031f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:60:8a:c7:a0:24:a8:44:4f:9b:a9:3e:77:6f:
                    b1:be:32:ae:b7:dd:e7:1c:a3:4c:6f:56:5a:45:e6:
                    5c:22:d9:fc:d0:8a:73:5d:30:06:76:24:17:d8:a0:
                    68:1e:45:88:60:7e:f6:49:5f:e8:bb:3a:78:7e:e9:
                    48:30:9f:11:95:d7:f0:9b:af:d2:c6:00:9f:ba:bb:
                    65:46:f2:15:78:0f:b2:a9:6e:d5:6a:39:7f:4e:cc:
                    b4:3d:74:88:96:3c:2b:02:3f:2b:52:ec:9e:a7:94:
                    b0:92:a5:f0:e3:09:c9:4b:9e:05:5b:d2:d8:5f:11:
                    b9:6c:4e:1f:55:39:3d:2b:6e:79:37:aa:5d:a5:37:
                    c7:b5:64:d0:7f:da:e3:75:16:20:85:e1:12:b7:16:
                    0c:f0:a2:ce:f1:87:05:41:08:2a:e5:83:43:5b:fc:
                    1f:1a:63:80:90:4d:ba:96:fa:32:98:ac:71:45:53:
                    21:75:36:62:8b:ed:e0:09:5d:c4:59:a5:b9:d1:c8:
                    8f:a5:26:be:8a:8d:17:e1:ea:9d:9a:d5:f4:6f:90:
                    dd:c7:4b:d1:59:b4:27:d0:88:24:75:b0:57:f3:b9:
                    27:69:3a:4e:55:c1:5f:dd:98:57:e5:8b:90:b3:94:
                    a7:a8:b8:65:9a:9c:02:ed:27:31:e8:d0:e4:ae:17:
                    e1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:AE:9C:E9:06:9E:A5:E3:46:A0:E1:9A:7D:94:CF:03:EA:B0:31:F9
            X509v3 Authority Key Identifier:
                keyid:47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/OK6c6QaepeNGoOGafZTPA-qwMfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1498::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:5b:a7:12:e3:c3:27:40:d3:bf:88:99:ef:6d:26:aa:e8:9e:
         78:66:ef:4b:06:11:aa:f6:e8:58:0e:b7:8f:44:0e:76:69:ef:
         57:58:fd:37:31:f0:03:04:9e:8d:2a:c1:5a:47:6a:a4:ff:bc:
         a7:dd:48:67:dd:1b:d5:79:c7:1e:47:6e:43:58:8c:6b:fa:5b:
         d3:8a:7c:00:ec:db:2d:9d:52:29:1f:b6:63:3b:40:33:91:f1:
         ce:c8:30:b6:99:bf:23:55:76:a1:a3:d6:ec:71:e2:5c:df:6e:
         2f:a1:32:12:c4:62:fe:7c:cf:c5:20:dc:d6:a2:81:27:d7:bf:
         b0:a5:f6:7d:b3:92:9d:2d:0b:77:3e:05:24:b2:0f:dc:d7:04:
         c9:6e:80:b9:45:02:1e:bb:05:3d:94:15:23:34:0c:6f:08:17:
         01:e1:36:71:e9:59:31:12:48:ae:1e:17:b9:ff:f8:c8:cc:f8:
         ca:2b:99:b6:46:0f:94:d3:4a:3b:70:ff:40:3d:e6:43:70:88:
         f0:fd:8d:bf:31:00:c6:ad:81:85:8e:54:82:ad:c6:1f:fa:ad:
         2a:f9:b3:33:28:1e:22:db:6b:18:e7:35:87:16:d4:89:19:4c:
         81:a3:02:99:35:c3:0d:41:1a:10:e8:0c:03:97:ea:8c:3e:9d:
         36:a0:61:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3lhebJ898l2XxJ3WR6vJ6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzdkYTE1Nzc2ODQyM2ZjYmE5MjE3MzkyZWM3ZjQ4M2Iz
Yjk0NDIwHhcNMjQwMjI2MTMwNjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGFlOWNlOTA2OWVhNWUzNDZhMGUxOWE3ZDk0Y2YwM2VhYjAzMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWCKx6AkqERPm6k+d2+xvjKut93n
HKNMb1ZaReZcItn80IpzXTAGdiQX2KBoHkWIYH72SV/ouzp4fulIMJ8Rldfwm6/S
xgCfurtlRvIVeA+yqW7Vajl/Tsy0PXSIljwrAj8rUuyep5SwkqXw4wnJS54FW9LY
XxG5bE4fVTk9K255N6pdpTfHtWTQf9rjdRYgheEStxYM8KLO8YcFQQgq5YNDW/wf
GmOAkE26lvoymKxxRVMhdTZii+3gCV3EWaW50ciPpSa+io0X4eqdmtX0b5Ddx0vR
WbQn0IgkdbBX87knaTpOVcFf3ZhX5YuQs5SnqLhlmpwC7Scx6NDkrhfhAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDiunOkGnqXjRqDhmn2UzwPqsDH5MB8GA1UdIwQY
MBaAFEd32hV3aEI/y6khc5Lsf0g7O5RCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMt
ZjU3Zjg2ZGY0ZjE2LzEvT0s2YzZRYWVwZU5Hb09HYWZaVFBBLXF3TWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMtZjU3Zjg2ZGY0ZjE2
LzEvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgAUmDAN
BgkqhkiG9w0BAQsFAAOCAQEAflunEuPDJ0DTv4iZ720mquieeGbvSwYRqvboWA63
j0QOdmnvV1j9NzHwAwSejSrBWkdqpP+8p91IZ90b1XnHHkduQ1iMa/pb04p8AOzb
LZ1SKR+2YztAM5Hxzsgwtpm/I1V2oaPW7HHiXN9uL6EyEsRi/nzPxSDc1qKBJ9e/
sKX2fbOSnS0Ldz4FJLIP3NcEyW6AuUUCHrsFPZQVIzQMbwgXAeE2celZMRJIrh4X
uf/4yMz4yiuZtkYPlNNKO3D/QD3mQ3CI8P2NvzEAxq2BhY5Ugq3GH/qtKvmzMyge
IttrGOc1hxbUiRlMgaMCmTXDDUEaEOgMA5fqjD6dNqBhfw==
-----END CERTIFICATE-----