Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/b2b2c6-35ee-42f5-a268-cdbebbc652de/1/O_tzx8et4gDYhbRJGkOLjkEb4bk.roa
File:                     O_tzx8et4gDYhbRJGkOLjkEb4bk.roa (raw, json)
Hash identifier:          jmjSqGnThn8RhujVaJ4q4JZ921O02ED3SDcMdWacIA4=
Subject key identifier:   3B:FB:73:C7:C7:AD:E2:00:D8:85:B4:49:1A:43:8B:8E:41:1B:E1:B9
Certificate issuer:       /CN=92319bcd9b09a984b070e2ef588ffcfa8b73c8a2
Certificate serial:       018CC56EDC8BC2181B9D3F0F7398DF6EEA59
Authority key identifier: 92:31:9B:CD:9B:09:A9:84:B0:70:E2:EF:58:8F:FC:FA:8B:73:C8:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kjGbzZsJqYSwcOLvWI_8-otzyKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/b2b2c6-35ee-42f5-a268-cdbebbc652de/1/O_tzx8et4gDYhbRJGkOLjkEb4bk.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136468
IP address blocks:        2a00:edc0:136::/48 maxlen: 48
                          2a00:edc0:137::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/b2b2c6-35ee-42f5-a268-cdbebbc652de/1/kjGbzZsJqYSwcOLvWI_8-otzyKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/b2b2c6-35ee-42f5-a268-cdbebbc652de/1/kjGbzZsJqYSwcOLvWI_8-otzyKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kjGbzZsJqYSwcOLvWI_8-otzyKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:dc:8b:c2:18:1b:9d:3f:0f:73:98:df:6e:ea:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92319bcd9b09a984b070e2ef588ffcfa8b73c8a2
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bfb73c7c7ade200d885b4491a438b8e411be1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b7:28:cf:a1:f4:97:9b:18:7b:b6:12:16:62:
                    4e:ef:be:e5:de:f5:e2:cd:ca:27:79:ae:53:02:6e:
                    09:56:d2:99:3b:4b:f5:f3:ed:b5:d7:8c:83:05:14:
                    8b:21:7c:81:02:86:4d:17:ca:33:48:8f:c2:0b:b3:
                    65:d9:fc:85:e4:1e:78:88:71:66:21:68:8b:54:57:
                    bb:27:9e:4e:9a:25:31:c0:b6:ed:1d:26:36:de:b5:
                    6f:11:b8:b2:33:fc:5d:52:84:78:fb:73:c5:47:e2:
                    1a:0d:3e:26:af:6b:7a:4c:05:55:2f:dc:5e:ea:3b:
                    fc:98:29:94:4f:00:94:53:f7:6b:ee:67:b6:f9:36:
                    ad:9b:58:f8:3d:7e:0b:9e:ab:8a:be:fd:9c:03:24:
                    e7:80:2a:14:6e:70:f9:1b:3c:89:8c:df:c3:1d:78:
                    11:5e:73:88:e8:33:04:90:6c:55:50:10:41:83:33:
                    95:97:8e:b3:c2:63:93:db:1b:18:fb:00:70:80:90:
                    83:7a:66:40:d5:93:0d:ff:b9:e0:6a:e2:99:b1:08:
                    56:05:e5:fc:32:d6:d0:77:d5:b2:4b:6b:cd:47:4d:
                    74:cd:b7:d4:34:61:f8:4f:2b:a1:78:fa:f7:ac:47:
                    be:62:07:b6:17:7b:18:95:03:3a:49:ea:eb:3c:4b:
                    8b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FB:73:C7:C7:AD:E2:00:D8:85:B4:49:1A:43:8B:8E:41:1B:E1:B9
            X509v3 Authority Key Identifier:
                keyid:92:31:9B:CD:9B:09:A9:84:B0:70:E2:EF:58:8F:FC:FA:8B:73:C8:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kjGbzZsJqYSwcOLvWI_8-otzyKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/b2b2c6-35ee-42f5-a268-cdbebbc652de/1/O_tzx8et4gDYhbRJGkOLjkEb4bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/b2b2c6-35ee-42f5-a268-cdbebbc652de/1/kjGbzZsJqYSwcOLvWI_8-otzyKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:edc0:136::/47

    Signature Algorithm: sha256WithRSAEncryption
         50:47:88:70:07:b1:11:4a:f7:d6:21:7e:4e:b0:b3:98:5b:d1:
         0e:27:8b:0a:e6:42:6f:3e:b1:31:f9:2e:a0:df:20:5c:ac:74:
         43:c2:55:8c:14:84:51:07:76:e7:92:05:a0:48:83:d9:05:bd:
         05:df:83:5f:42:0c:73:92:47:b5:8c:14:9a:42:43:2a:95:f6:
         cf:36:5d:3f:e9:93:c9:bc:3c:40:61:c6:30:81:a4:1e:53:b1:
         74:f9:28:1b:04:5c:a1:02:96:8c:71:a0:f2:9f:0f:15:4c:12:
         78:f6:2c:ef:bf:7d:b1:64:82:74:d6:c4:57:73:c0:74:4d:32:
         b2:20:b3:8a:fd:e8:40:ae:ee:91:52:4f:df:c8:06:89:92:6f:
         01:c2:6c:f9:c3:7e:df:b3:ab:e6:ac:4f:aa:43:1c:39:29:7c:
         cf:ca:b5:52:2b:e4:45:8c:31:2f:1c:90:af:60:6f:85:e5:58:
         1a:63:55:bc:11:e8:a5:b2:fb:76:35:70:0c:dd:eb:cc:62:3e:
         15:74:63:cb:b4:ee:fc:af:cd:e6:56:c5:8d:bc:04:78:9b:5e:
         d1:4e:62:68:5e:cb:db:a0:1a:02:39:32:7e:7e:84:0d:bf:30:
         e2:15:5f:93:c9:ef:79:fd:99:19:29:d0:1b:a9:bf:c3:3d:5d:
         1a:be:c4:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbtyLwhgbnT8Pc5jfbupZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMzE5YmNkOWIwOWE5ODRiMDcwZTJlZjU4OGZmY2ZhOGI3
M2M4YTIwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmZiNzNjN2M3YWRlMjAwZDg4NWI0NDkxYTQzOGI4ZTQxMWJlMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrcoz6H0l5sYe7YSFmJO777l3vXi
zconea5TAm4JVtKZO0v18+2114yDBRSLIXyBAoZNF8ozSI/CC7Nl2fyF5B54iHFm
IWiLVFe7J55OmiUxwLbtHSY23rVvEbiyM/xdUoR4+3PFR+IaDT4mr2t6TAVVL9xe
6jv8mCmUTwCUU/dr7me2+Tatm1j4PX4LnquKvv2cAyTngCoUbnD5GzyJjN/DHXgR
XnOI6DMEkGxVUBBBgzOVl46zwmOT2xsY+wBwgJCDemZA1ZMN/7ngauKZsQhWBeX8
MtbQd9WyS2vNR010zbfUNGH4TyuhePr3rEe+Yge2F3sYlQM6SerrPEuLSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDv7c8fHreIA2IW0SRpDi45BG+G5MB8GA1UdIwQY
MBaAFJIxm82bCamEsHDi71iP/PqLc8iiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2pHYnpac0pxWVN3Y09MdldJXzgtb3R6eUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9iMmIyYzYtMzVlZS00MmY1LWEyNjgt
Y2RiZWJiYzY1MmRlLzEvT190eng4ZXQ0Z0RZaGJSSkdrT0xqa0ViNGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9iMmIyYzYtMzVlZS00MmY1LWEyNjgtY2RiZWJiYzY1MmRl
LzEva2pHYnpac0pxWVN3Y09MdldJXzgtb3R6eUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgDtwAE2
MA0GCSqGSIb3DQEBCwUAA4IBAQBQR4hwB7ERSvfWIX5OsLOYW9EOJ4sK5kJvPrEx
+S6g3yBcrHRDwlWMFIRRB3bnkgWgSIPZBb0F34NfQgxzkke1jBSaQkMqlfbPNl0/
6ZPJvDxAYcYwgaQeU7F0+SgbBFyhApaMcaDynw8VTBJ49izvv32xZIJ01sRXc8B0
TTKyILOK/ehAru6RUk/fyAaJkm8Bwmz5w37fs6vmrE+qQxw5KXzPyrVSK+RFjDEv
HJCvYG+F5VgaY1W8Eeilsvt2NXAM3evMYj4VdGPLtO78r83mVsWNvAR4m17RTmJo
XsvboBoCOTJ+foQNvzDiFV+Tye95/ZkZKdAbqb/DPV0avsT8
-----END CERTIFICATE-----