Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/OTXe3UmWUyp6Bk5o3MN2FPqOw2k.roa
File:                     OTXe3UmWUyp6Bk5o3MN2FPqOw2k.roa (raw, json)
Hash identifier:          396qgtTxTYA0F8zuUVzvoRPNe+XJT8U8jP4awZVlk+4=
Subject key identifier:   39:35:DE:DD:49:96:53:2A:7A:06:4E:68:DC:C3:76:14:FA:8E:C3:69
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       018CC86F597001FC92D3828329D541C6657F
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/OTXe3UmWUyp6Bk5o3MN2FPqOw2k.roa
Signing time:             Tue 02 Jan 2024 04:29:49 +0000
ROA not before:           Tue 02 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48105
IP address blocks:        2a0b:b600:3c06::/48 maxlen: 48
                          2a0b:b600:1000::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:59:70:01:fc:92:d3:82:83:29:d5:41:c6:65:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3935dedd4996532a7a064e68dcc37614fa8ec369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ba:e8:de:bc:22:a8:a3:ff:27:f8:1b:7b:d9:
                    22:dc:7a:4d:49:07:05:89:ff:f4:e3:74:8b:64:40:
                    8f:a2:a3:c7:f0:75:19:ca:b1:44:c1:ed:3d:2b:26:
                    c5:ec:10:72:58:bb:09:3a:33:03:34:9e:09:cc:ee:
                    ad:67:96:df:6e:6e:73:34:d4:e5:76:4e:64:c2:e7:
                    c5:8c:b2:ce:99:3b:00:ba:37:db:20:c4:63:73:42:
                    65:43:1c:5e:31:4f:22:32:6a:a8:72:02:bb:4a:01:
                    f1:43:3b:77:2f:13:4c:df:39:1f:28:3a:a5:be:5e:
                    df:df:87:09:8e:c6:cf:cd:ea:9c:81:ae:f3:21:b2:
                    79:a5:e9:5b:6c:9e:09:ef:45:bd:f0:54:8d:50:a1:
                    c6:9b:9d:70:69:b2:56:b5:51:0e:aa:db:0b:14:8f:
                    d2:d8:46:9a:e3:5b:e3:cf:8c:b1:12:de:fb:75:4a:
                    c2:c9:05:ae:6c:82:41:30:b7:54:c3:8d:f2:19:aa:
                    ad:5d:24:85:24:31:26:ac:05:e2:84:0f:33:44:11:
                    81:1f:92:39:16:6b:bc:81:23:d8:70:95:23:a2:f4:
                    47:4c:92:63:15:3c:ac:6f:7f:c9:75:79:ed:2c:7f:
                    55:76:1e:47:a0:71:3b:70:3b:e2:6a:e8:da:1a:9a:
                    a0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:35:DE:DD:49:96:53:2A:7A:06:4E:68:DC:C3:76:14:FA:8E:C3:69
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/OTXe3UmWUyp6Bk5o3MN2FPqOw2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:1000::/38
                  2a0b:b600:3c06::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:92:06:79:fa:4c:60:2c:f6:ea:75:23:12:15:c6:1e:0d:f8:
         f4:82:73:de:1a:89:91:60:ac:96:bc:52:a5:7b:76:ee:24:36:
         c4:29:d9:cf:35:fc:2b:6c:7c:03:cf:10:c1:e3:40:eb:4f:d3:
         bf:56:3d:e6:52:3a:9b:8a:d0:bc:ca:fd:be:96:18:22:87:91:
         e9:63:2e:c6:4b:f2:18:9e:f2:f4:88:79:02:e2:0a:e2:25:f5:
         78:c3:c4:1d:65:59:1c:26:44:6c:76:14:39:d1:78:48:8b:84:
         9d:14:c8:5c:ce:ad:8d:96:13:05:6a:3a:28:48:ca:55:18:7d:
         05:7a:58:df:4b:32:f2:09:a8:23:7b:06:d4:90:f6:79:fe:d3:
         c6:e4:7f:8a:6a:4a:8c:49:81:21:9b:a4:34:08:4e:6b:c7:08:
         ba:f1:94:68:6b:3f:0b:5f:4e:92:fd:13:91:a7:0f:e1:b3:1d:
         65:09:b5:fc:2d:b1:29:52:6f:76:03:a7:a1:20:9b:53:b8:01:
         53:a0:cf:7e:8a:9d:74:16:98:b8:1f:be:f4:52:38:9f:93:51:
         a6:81:10:0a:1c:9c:c8:4d:c8:49:7f:0f:54:50:be:81:a6:7d:
         86:e0:78:c5:73:6b:fe:fb:a6:cf:e3:f2:4e:fc:93:7b:2d:2e:
         75:02:ce:b4
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzIb1lwAfyS04KDKdVBxmV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjQwMTAyMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTM1ZGVkZDQ5OTY1MzJhN2EwNjRlNjhkY2MzNzYxNGZhOGVjMzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLro3rwiqKP/J/gbe9ki3HpNSQcF
if/043SLZECPoqPH8HUZyrFEwe09KybF7BByWLsJOjMDNJ4JzO6tZ5bfbm5zNNTl
dk5kwufFjLLOmTsAujfbIMRjc0JlQxxeMU8iMmqocgK7SgHxQzt3LxNM3zkfKDql
vl7f34cJjsbPzeqcga7zIbJ5pelbbJ4J70W98FSNUKHGm51wabJWtVEOqtsLFI/S
2Eaa41vjz4yxEt77dUrCyQWubIJBMLdUw43yGaqtXSSFJDEmrAXihA8zRBGBH5I5
Fmu8gSPYcJUjovRHTJJjFTysb3/JdXntLH9Vdh5HoHE7cDviaujaGpqgkwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDk13t1JllMqegZOaNzDdhT6jsNpMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvT1RYZTNVbVdVeXA2Qms1bzNNTjJGUHFPdzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYCKgu2ABAD
BwAqC7YAPAYwDQYJKoZIhvcNAQELBQADggEBACuSBnn6TGAs9up1IxIVxh4N+PSC
c94aiZFgrJa8UqV7du4kNsQp2c81/CtsfAPPEMHjQOtP079WPeZSOpuK0LzK/b6W
GCKHkeljLsZL8hie8vSIeQLiCuIl9XjDxB1lWRwmRGx2FDnReEiLhJ0UyFzOrY2W
EwVqOihIylUYfQV6WN9LMvIJqCN7BtSQ9nn+08bkf4pqSoxJgSGbpDQITmvHCLrx
lGhrPwtfTpL9E5GnD+GzHWUJtfwtsSlSb3YDp6Egm1O4AVOgz36KnXQWmLgfvvRS
OJ+TUaaBEAocnMhNyEl/D1RQvoGmfYbgeMVza/77ps/j8k78k3stLnUCzrQ=
-----END CERTIFICATE-----