Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/oOfz3O2a4eX_VnVh-QujXxasDH0.roa
File:                     oOfz3O2a4eX_VnVh-QujXxasDH0.roa (raw, json)
Hash identifier:          FBWhfPRul6ot2twUqbxjtES3U+GP9zSB6wqrXTJH4wo=
Subject key identifier:   A0:E7:F3:DC:ED:9A:E1:E5:FF:56:75:61:F9:0B:A3:5F:16:AC:0C:7D
Certificate issuer:       /CN=cfc7ef2b766594892d78928cbe781779fdce67d0
Certificate serial:       018CC2DABC8BEF44883F5708E77D73CBBE5C
Authority key identifier: CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/oOfz3O2a4eX_VnVh-QujXxasDH0.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4410
IP address blocks:        2a02:6a0:4ffe::/48 maxlen: 48
                          2a02:6a0:4fff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 13:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bc:8b:ef:44:88:3f:57:08:e7:7d:73:cb:be:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7ef2b766594892d78928cbe781779fdce67d0
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0e7f3dced9ae1e5ff567561f90ba35f16ac0c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:37:3f:98:e9:eb:1f:a2:80:10:8a:74:50:c6:
                    bc:06:03:08:68:25:72:34:5a:b7:70:ef:11:32:47:
                    79:e6:e9:ee:eb:eb:85:e2:c6:c2:cd:44:f3:51:0a:
                    52:9d:70:ae:cf:a6:b0:ec:11:c3:52:3c:fb:80:d4:
                    fe:c6:3a:4f:34:68:16:88:94:a9:3b:73:79:90:08:
                    28:42:d4:76:e3:83:54:77:cd:39:c8:94:de:72:b1:
                    80:25:60:86:97:e3:c3:f0:b6:dc:cc:89:bd:e7:12:
                    7d:f3:80:59:7e:bd:f9:5d:b4:87:2e:85:72:1d:68:
                    45:c9:c9:b3:7e:02:e1:11:9c:e3:15:45:a2:17:1f:
                    69:05:22:5b:0b:53:c9:be:b8:a7:be:3d:1d:4b:2d:
                    e6:4f:90:b3:cd:de:38:49:d4:f9:c2:74:69:e9:7b:
                    d0:91:b6:7a:a1:0a:0c:09:cd:1b:9c:81:b0:72:60:
                    78:76:d6:98:5f:7a:13:20:7f:80:4d:46:ef:e4:3b:
                    25:0b:04:86:99:8d:61:46:d1:d3:5f:6e:e0:12:f4:
                    d2:b9:bd:71:47:d4:96:16:82:7a:f3:e7:35:5d:09:
                    00:e2:ef:61:29:aa:89:88:27:f0:e1:38:7b:1a:7f:
                    9c:39:5f:e8:88:56:37:98:28:f3:b1:1f:91:f3:69:
                    14:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:E7:F3:DC:ED:9A:E1:E5:FF:56:75:61:F9:0B:A3:5F:16:AC:0C:7D
            X509v3 Authority Key Identifier:
                keyid:CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/oOfz3O2a4eX_VnVh-QujXxasDH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6a0:4ffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         83:f2:b5:66:79:b5:1b:6a:0c:d5:bb:49:2e:0a:0a:68:6c:f8:
         9c:22:3a:5e:56:59:c6:61:68:12:86:78:53:a9:b2:ce:83:65:
         db:91:97:f2:3c:3d:a1:c0:dc:a5:7e:33:45:0a:d9:d1:b2:c3:
         45:20:0c:84:6c:b5:a3:8a:8e:11:59:51:34:f5:b3:a1:de:ac:
         c6:aa:e8:8c:a7:b5:88:97:38:37:d0:d5:18:7b:cc:95:0e:5b:
         20:23:5d:48:59:1b:0a:f0:56:cc:9f:6c:4f:f7:2d:73:26:ee:
         61:ba:3a:3d:22:88:94:d4:19:e9:54:97:24:bc:9c:72:ab:79:
         3a:a8:c7:0d:13:85:c9:39:21:8b:8e:1c:28:38:30:5b:b0:cf:
         16:5f:fe:b8:88:da:af:94:6d:9b:72:8c:50:72:46:d1:55:6a:
         51:b2:69:3b:b2:78:fe:f5:55:25:ff:8e:58:b4:85:9b:01:99:
         ee:35:7f:63:4d:d3:af:30:6e:cf:75:9a:be:4d:01:21:5f:1c:
         48:52:9f:e1:7c:8e:e8:33:97:8d:52:a5:d0:89:40:4f:80:c7:
         45:d8:2a:a0:d5:77:a9:ed:4c:e0:a6:75:c0:77:90:b6:c3:8d:
         3f:b6:67:75:eb:4e:c2:d6:88:31:ec:ef:b9:1e:42:26:27:fc:
         76:7a:cb:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2ryL70SIP1cI531zy75cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzdlZjJiNzY2NTk0ODkyZDc4OTI4Y2JlNzgxNzc5ZmRj
ZTY3ZDAwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGU3ZjNkY2VkOWFlMWU1ZmY1Njc1NjFmOTBiYTM1ZjE2YWMwYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzc/mOnrH6KAEIp0UMa8BgMIaCVy
NFq3cO8RMkd55unu6+uF4sbCzUTzUQpSnXCuz6aw7BHDUjz7gNT+xjpPNGgWiJSp
O3N5kAgoQtR244NUd805yJTecrGAJWCGl+PD8LbczIm95xJ984BZfr35XbSHLoVy
HWhFycmzfgLhEZzjFUWiFx9pBSJbC1PJvrinvj0dSy3mT5Czzd44SdT5wnRp6XvQ
kbZ6oQoMCc0bnIGwcmB4dtaYX3oTIH+ATUbv5DslCwSGmY1hRtHTX27gEvTSub1x
R9SWFoJ68+c1XQkA4u9hKaqJiCfw4Th7Gn+cOV/oiFY3mCjzsR+R82kUbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKDn89ztmuHl/1Z1YfkLo18WrAx9MB8GA1UdIwQY
MBaAFM/H7yt2ZZSJLXiSjL54F3n9zmfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjct
OGNkNTViMDNkMjJkLzEvb09mejNPMmE0ZVhfVm5WaC1RdWpYeGFzREgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjctOGNkNTViMDNkMjJk
LzEvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIGoE/+
MA0GCSqGSIb3DQEBCwUAA4IBAQCD8rVmebUbagzVu0kuCgpobPicIjpeVlnGYWgS
hnhTqbLOg2XbkZfyPD2hwNylfjNFCtnRssNFIAyEbLWjio4RWVE09bOh3qzGquiM
p7WIlzg30NUYe8yVDlsgI11IWRsK8FbMn2xP9y1zJu5hujo9IoiU1BnpVJckvJxy
q3k6qMcNE4XJOSGLjhwoODBbsM8WX/64iNqvlG2bcoxQckbRVWpRsmk7snj+9VUl
/45YtIWbAZnuNX9jTdOvMG7PdZq+TQEhXxxIUp/hfI7oM5eNUqXQiUBPgMdF2Cqg
1Xep7UzgpnXAd5C2w40/tmd1607C1ogx7O+5HkImJ/x2est7
-----END CERTIFICATE-----