Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/O3zu0p6LLGUnuryVZ1ubMaRgCCM.roa
File:                     O3zu0p6LLGUnuryVZ1ubMaRgCCM.roa (raw, json)
Hash identifier:          8/cutdm8wwvT8dFWyASNttICLfGgnAzVSDiuy9VGOpI=
Subject key identifier:   3B:7C:EE:D2:9E:8B:2C:65:27:BA:BC:95:67:5B:9B:31:A4:60:08:23
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       018CC56E03105440A607C671B94951638C4B
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/O3zu0p6LLGUnuryVZ1ubMaRgCCM.roa
Signing time:             Mon 01 Jan 2024 14:29:30 +0000
ROA not before:           Mon 01 Jan 2024 14:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        2a0f:e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:03:10:54:40:a6:07:c6:71:b9:49:51:63:8c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Jan  1 14:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b7ceed29e8b2c6527babc95675b9b31a4600823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e8:ab:b6:07:70:74:d0:f1:e9:d4:0b:08:a8:
                    fb:7d:9c:8f:d7:db:f8:80:e2:fa:73:71:b3:c9:38:
                    bc:01:30:f1:de:29:13:a6:0c:63:6f:0c:c5:6e:94:
                    61:6c:32:8f:0e:7e:d4:ca:38:3a:e9:fd:d1:bc:c6:
                    8b:27:16:5e:af:74:fc:26:5d:8b:f7:47:e4:7c:05:
                    de:50:c6:1a:6c:d2:0e:9b:7f:0f:26:24:1b:ab:53:
                    8e:c3:d6:58:58:8d:6c:5c:37:a6:8c:1b:8e:72:1d:
                    fa:ad:43:58:b8:4c:c6:97:fc:2d:71:e9:1a:f9:06:
                    cf:b2:98:93:82:64:f0:4d:bc:06:03:90:7e:1f:33:
                    f5:57:86:08:44:93:93:06:6b:77:8a:75:5d:13:ca:
                    8b:08:c1:8a:02:bc:ed:ae:f9:c3:84:de:57:b3:ae:
                    5f:b9:01:18:36:5b:bf:91:7d:57:54:82:9a:ce:82:
                    6a:39:69:4e:e7:70:c2:88:5f:d3:05:f9:da:ba:c7:
                    2f:76:ab:ab:39:b3:4d:78:cf:4c:14:ea:a2:73:43:
                    a4:6b:e6:5b:ce:e1:d5:93:02:25:e2:1a:5b:70:29:
                    d4:d2:50:fd:02:6f:78:b5:6d:38:47:d0:38:a9:6e:
                    7b:10:81:d8:f7:28:b4:1d:ec:f5:4f:7b:2b:ac:de:
                    dd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:7C:EE:D2:9E:8B:2C:65:27:BA:BC:95:67:5B:9B:31:A4:60:08:23
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/O3zu0p6LLGUnuryVZ1ubMaRgCCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:fa:35:be:45:b8:62:7c:4a:92:2f:85:ee:00:4e:ab:85:c5:
         ea:71:0d:0d:c5:14:a8:e8:64:93:68:b9:3c:03:ee:9a:be:52:
         e1:b5:3a:c9:55:55:09:99:c1:db:80:d8:5d:40:09:9f:95:8b:
         4d:1c:dd:f7:2c:d5:88:eb:2a:8d:ab:00:b2:86:bb:ad:09:ef:
         f0:9c:8c:78:54:30:14:55:4b:0d:87:b8:26:4f:b7:6b:dc:45:
         83:52:93:23:c2:56:da:20:ee:00:81:86:2d:3e:8f:0f:9f:4e:
         bb:31:bf:b0:1d:eb:52:7f:42:9d:e2:f1:73:cb:61:4e:cd:da:
         84:72:4b:f6:ae:cd:ee:50:aa:72:1d:ce:2d:8a:49:1a:3b:00:
         3d:9a:e9:77:a0:f8:78:42:d3:e9:19:be:21:03:ef:b3:f7:d7:
         ce:90:2a:13:5c:ef:e9:b8:d4:79:1c:bd:ed:91:62:f2:30:e1:
         cf:05:6c:0e:fe:d9:1b:9a:80:ca:42:fa:41:00:23:c3:e9:c8:
         94:98:b6:6f:e3:ac:93:ea:c6:46:80:b0:2e:5f:40:70:ef:b5:
         32:8a:64:37:19:dc:7d:61:15:1a:b2:5f:d1:2a:ca:17:4c:a3:
         32:e8:4f:a7:70:fe:02:c7:8a:bf:e5:e6:00:a5:a3:02:14:cd:
         6b:bf:d4:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbgMQVECmB8ZxuUlRY4xLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjQwMTAxMTQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjdjZWVkMjllOGIyYzY1MjdiYWJjOTU2NzViOWIzMWE0NjAwODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeirtgdwdNDx6dQLCKj7fZyP19v4
gOL6c3GzyTi8ATDx3ikTpgxjbwzFbpRhbDKPDn7Uyjg66f3RvMaLJxZer3T8Jl2L
90fkfAXeUMYabNIOm38PJiQbq1OOw9ZYWI1sXDemjBuOch36rUNYuEzGl/wtceka
+QbPspiTgmTwTbwGA5B+HzP1V4YIRJOTBmt3inVdE8qLCMGKArztrvnDhN5Xs65f
uQEYNlu/kX1XVIKazoJqOWlO53DCiF/TBfnauscvdqurObNNeM9MFOqic0Oka+Zb
zuHVkwIl4hpbcCnU0lD9Am94tW04R9A4qW57EIHY9yi0Hez1T3srrN7dLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDt87tKeiyxlJ7q8lWdbmzGkYAgjMB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvTzN6dTBwNkxMR1VudXJ5VloxdWJNYVJnQ0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8OgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJvo1vkW4YnxKki+F7gBOq4XF6nENDcUUqOhkk2i5
PAPumr5S4bU6yVVVCZnB24DYXUAJn5WLTRzd9yzViOsqjasAsoa7rQnv8JyMeFQw
FFVLDYe4Jk+3a9xFg1KTI8JW2iDuAIGGLT6PD59OuzG/sB3rUn9CneLxc8thTs3a
hHJL9q7N7lCqch3OLYpJGjsAPZrpd6D4eELT6Rm+IQPvs/fXzpAqE1zv6bjUeRy9
7ZFi8jDhzwVsDv7ZG5qAykL6QQAjw+nIlJi2b+Osk+rGRoCwLl9AcO+1MopkNxnc
fWEVGrJf0SrKF0yjMuhPp3D+AseKv+XmAKWjAhTNa7/Ugg==
-----END CERTIFICATE-----