Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c97fcf-1a8d-4ac9-bfea-b234dd6ed637/1/oProo_5e6IRWdeysuLLP0xx2_sw.roa
File:                     oProo_5e6IRWdeysuLLP0xx2_sw.roa (raw, json)
Hash identifier:          oXT79SyE08tyNUmsE392QhVO39RuzLrd05M+oaIMl9M=
Subject key identifier:   A0:FA:E8:A3:FE:5E:E8:84:56:75:EC:AC:B8:B2:CF:D3:1C:76:FE:CC
Certificate issuer:       /CN=16497d8453c5ee3ebbb388e1a47a195ff30fe009
Certificate serial:       018CC6B8EC628DA5D7D3162837A932BF6C45
Authority key identifier: 16:49:7D:84:53:C5:EE:3E:BB:B3:88:E1:A4:7A:19:5F:F3:0F:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fkl9hFPF7j67s4jhpHoZX_MP4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c97fcf-1a8d-4ac9-bfea-b234dd6ed637/1/oProo_5e6IRWdeysuLLP0xx2_sw.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201086
IP address blocks:        2a0f:641::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/c97fcf-1a8d-4ac9-bfea-b234dd6ed637/1/Fkl9hFPF7j67s4jhpHoZX_MP4Ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/c97fcf-1a8d-4ac9-bfea-b234dd6ed637/1/Fkl9hFPF7j67s4jhpHoZX_MP4Ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fkl9hFPF7j67s4jhpHoZX_MP4Ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ec:62:8d:a5:d7:d3:16:28:37:a9:32:bf:6c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16497d8453c5ee3ebbb388e1a47a195ff30fe009
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0fae8a3fe5ee8845675ecacb8b2cfd31c76fecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e0:18:a3:2e:92:94:52:ca:e9:bd:68:c3:ca:
                    2f:9a:e3:79:da:5e:fb:10:54:d3:ab:d5:d0:fb:a2:
                    f4:f6:94:c1:b0:18:dc:0e:64:08:c8:b3:78:8f:8d:
                    d1:fd:48:0a:d8:ed:5f:89:10:bc:f9:d2:5f:fd:51:
                    d3:25:fe:2e:62:7a:73:3f:63:17:0c:6d:7e:41:f4:
                    fa:6f:5d:11:dc:99:f2:aa:06:18:c5:11:b1:d9:ed:
                    fa:b8:3c:8f:d5:7c:c6:ca:71:71:3b:f5:b8:01:e0:
                    7f:92:a5:a1:9e:f9:76:cc:e5:76:79:99:94:8a:7f:
                    93:8c:c3:79:a9:1a:bb:bc:86:b7:38:8d:fb:39:48:
                    90:7c:04:59:c9:58:5f:21:b8:89:be:ed:1f:00:b9:
                    d0:18:1d:ae:67:d4:36:bc:54:af:5c:83:6a:ea:e6:
                    ef:4b:81:ff:00:33:2d:ca:dd:b2:23:06:49:30:28:
                    12:82:4a:d1:b4:c6:ea:55:09:ca:f5:da:76:1e:49:
                    64:1d:92:ef:2e:09:9d:48:d0:2f:6c:2c:ff:8a:96:
                    b7:34:82:64:f4:f3:41:1b:2d:06:06:67:af:73:df:
                    a6:39:98:a3:6d:33:7a:bb:83:60:81:96:10:55:a5:
                    49:68:d6:f9:49:33:15:24:68:f8:52:d0:fa:39:28:
                    aa:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:FA:E8:A3:FE:5E:E8:84:56:75:EC:AC:B8:B2:CF:D3:1C:76:FE:CC
            X509v3 Authority Key Identifier:
                keyid:16:49:7D:84:53:C5:EE:3E:BB:B3:88:E1:A4:7A:19:5F:F3:0F:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fkl9hFPF7j67s4jhpHoZX_MP4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c97fcf-1a8d-4ac9-bfea-b234dd6ed637/1/oProo_5e6IRWdeysuLLP0xx2_sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c97fcf-1a8d-4ac9-bfea-b234dd6ed637/1/Fkl9hFPF7j67s4jhpHoZX_MP4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:641::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:4f:13:28:f0:64:7e:f1:9a:13:9d:e5:3d:49:08:69:09:07:
         31:23:a6:6e:36:f6:db:f0:7b:b6:ef:4f:69:20:06:82:b6:8a:
         b9:35:07:bd:bd:8f:d4:3f:cb:80:3a:95:5e:c1:f7:60:23:a6:
         86:f5:b0:4c:ae:43:37:96:07:14:f6:91:f0:22:72:62:42:fc:
         57:2a:1f:29:26:ec:ea:72:0a:97:65:ac:66:2b:a3:05:a0:45:
         72:84:39:73:64:76:af:77:55:0f:a5:08:58:25:6a:7c:89:41:
         7f:9c:ae:8f:e6:d8:69:e4:07:06:fc:ef:68:80:df:be:26:e2:
         8f:40:ae:01:52:04:bc:34:b2:5a:4e:fd:c3:37:50:07:e3:73:
         e3:3a:77:55:29:a2:ed:0c:a3:14:c9:fb:c3:e2:f7:f3:1c:e0:
         af:c4:db:1f:44:1e:18:c8:9d:0f:3c:49:4a:33:ce:50:36:22:
         5f:ee:ba:b7:14:59:7c:fc:5e:c5:f3:6c:ab:ca:f2:23:8f:fd:
         7a:fb:c7:a7:5e:7c:3a:13:cb:d4:b4:d0:c5:78:ff:dc:fe:47:
         c7:cd:20:24:53:62:54:9c:54:ab:45:83:4f:61:c0:a8:9f:a6:
         bf:05:70:11:a0:3d:6b:1e:6b:e1:b5:16:22:1b:d7:95:a0:1a:
         e8:5c:95:ba
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuOxijaXX0xYoN6kyv2xFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NDk3ZDg0NTNjNWVlM2ViYmIzODhlMWE0N2ExOTVmZjMw
ZmUwMDkwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGZhZThhM2ZlNWVlODg0NTY3NWVjYWNiOGIyY2ZkMzFjNzZmZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOAYoy6SlFLK6b1ow8ovmuN52l77
EFTTq9XQ+6L09pTBsBjcDmQIyLN4j43R/UgK2O1fiRC8+dJf/VHTJf4uYnpzP2MX
DG1+QfT6b10R3JnyqgYYxRGx2e36uDyP1XzGynFxO/W4AeB/kqWhnvl2zOV2eZmU
in+TjMN5qRq7vIa3OI37OUiQfARZyVhfIbiJvu0fALnQGB2uZ9Q2vFSvXINq6ubv
S4H/ADMtyt2yIwZJMCgSgkrRtMbqVQnK9dp2HklkHZLvLgmdSNAvbCz/ipa3NIJk
9PNBGy0GBmevc9+mOZijbTN6u4NggZYQVaVJaNb5STMVJGj4UtD6OSiq3QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKD66KP+XuiEVnXsrLiyz9Mcdv7MMB8GA1UdIwQY
MBaAFBZJfYRTxe4+u7OI4aR6GV/zD+AJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmtsOWhGUEY3ajY3czRqaHBIb1pYX01QNEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jOTdmY2YtMWE4ZC00YWM5LWJmZWEt
YjIzNGRkNmVkNjM3LzEvb1Byb29fNWU2SVJXZGV5c3VMTFAweHgyX3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jOTdmY2YtMWE4ZC00YWM5LWJmZWEtYjIzNGRkNmVkNjM3
LzEvRmtsOWhGUEY3ajY3czRqaHBIb1pYX01QNEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg8GQTAN
BgkqhkiG9w0BAQsFAAOCAQEAFU8TKPBkfvGaE53lPUkIaQkHMSOmbjb22/B7tu9P
aSAGgraKuTUHvb2P1D/LgDqVXsH3YCOmhvWwTK5DN5YHFPaR8CJyYkL8VyofKSbs
6nIKl2WsZiujBaBFcoQ5c2R2r3dVD6UIWCVqfIlBf5yuj+bYaeQHBvzvaIDfvibi
j0CuAVIEvDSyWk79wzdQB+Nz4zp3VSmi7QyjFMn7w+L38xzgr8TbH0QeGMidDzxJ
SjPOUDYiX+66txRZfPxexfNsq8ryI4/9evvHp158OhPL1LTQxXj/3P5Hx80gJFNi
VJxUq0WDT2HAqJ+mvwVwEaA9ax5r4bUWIhvXlaAa6FyVug==
-----END CERTIFICATE-----