Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/0f4abf-4d90-4969-85ad-40159b5313d1/1/OCfk8a4AVa7fwNgkHNEQMnss8E4.roa
File:                     OCfk8a4AVa7fwNgkHNEQMnss8E4.roa (raw, json)
Hash identifier:          aynvRDkjlUgqMpx+ScZgdMmALbmwshDelkQVQPOOxxY=
Subject key identifier:   38:27:E4:F1:AE:00:55:AE:DF:C0:D8:24:1C:D1:10:32:7B:2C:F0:4E
Certificate issuer:       /CN=95406691f2e374ee37a640492a364dfc53ba4412
Certificate serial:       018CC9BA830CA2EE9A5E58BE1DF7CCD9FF35
Authority key identifier: 95:40:66:91:F2:E3:74:EE:37:A6:40:49:2A:36:4D:FC:53:BA:44:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUBmkfLjdO43pkBJKjZN_FO6RBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/0f4abf-4d90-4969-85ad-40159b5313d1/1/OCfk8a4AVa7fwNgkHNEQMnss8E4.roa
Signing time:             Tue 02 Jan 2024 10:31:32 +0000
ROA not before:           Tue 02 Jan 2024 10:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        2001:678:c40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/0f4abf-4d90-4969-85ad-40159b5313d1/1/lUBmkfLjdO43pkBJKjZN_FO6RBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/0f4abf-4d90-4969-85ad-40159b5313d1/1/lUBmkfLjdO43pkBJKjZN_FO6RBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUBmkfLjdO43pkBJKjZN_FO6RBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:83:0c:a2:ee:9a:5e:58:be:1d:f7:cc:d9:ff:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95406691f2e374ee37a640492a364dfc53ba4412
        Validity
            Not Before: Jan  2 10:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3827e4f1ae0055aedfc0d8241cd110327b2cf04e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c4:0b:3e:7e:fe:81:fd:e0:42:81:95:fe:2c:
                    8e:ae:94:ca:ef:39:9a:53:f7:ed:05:2e:cf:f4:e7:
                    57:ad:b9:38:d7:83:20:21:f4:50:a6:8d:2f:0e:27:
                    8e:14:5f:4f:53:e9:a3:da:7b:3e:ac:b0:c5:7b:bc:
                    4a:ca:1e:49:14:d9:b9:cf:e3:6f:e8:44:c8:e9:49:
                    4d:c6:d6:0b:63:f9:6a:f5:2d:40:76:f5:72:e4:41:
                    4a:19:b6:5c:2d:6f:fb:64:a2:02:19:e0:f5:d6:5d:
                    28:0f:08:85:27:4e:d6:c7:63:48:af:d7:be:5b:4d:
                    ae:6e:e2:30:44:a8:fe:96:c7:31:00:73:a1:48:7d:
                    7b:e8:b8:2e:0d:f1:d1:f4:cb:f0:a8:b3:a6:69:8e:
                    64:36:fd:75:6d:55:b8:5e:19:ff:0b:60:a2:b9:9e:
                    49:2c:c3:3e:fb:5d:d5:19:b1:7b:4c:8b:ab:80:d3:
                    69:14:37:12:bc:7e:1f:3c:64:fe:f3:da:9e:45:88:
                    d0:98:ba:7d:e4:2f:60:8f:ee:32:86:9f:71:dc:26:
                    e0:6b:b5:25:ad:0f:13:93:5a:58:50:be:01:04:6a:
                    32:45:61:75:d9:5d:d1:61:01:f6:35:f1:e0:ea:26:
                    7c:1b:0f:09:be:9d:cd:76:01:8a:05:8a:3a:f0:43:
                    1a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:27:E4:F1:AE:00:55:AE:DF:C0:D8:24:1C:D1:10:32:7B:2C:F0:4E
            X509v3 Authority Key Identifier:
                keyid:95:40:66:91:F2:E3:74:EE:37:A6:40:49:2A:36:4D:FC:53:BA:44:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUBmkfLjdO43pkBJKjZN_FO6RBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0f4abf-4d90-4969-85ad-40159b5313d1/1/OCfk8a4AVa7fwNgkHNEQMnss8E4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0f4abf-4d90-4969-85ad-40159b5313d1/1/lUBmkfLjdO43pkBJKjZN_FO6RBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c40::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:30:90:37:ad:d6:af:17:da:e4:d8:fe:60:96:b3:00:a4:0e:
         a7:ae:70:e6:4a:72:a2:b1:85:c7:5f:09:1a:46:6a:2c:83:7b:
         5d:54:cb:f1:c8:a3:57:a8:0a:5f:5c:ed:69:ce:ff:8e:04:e9:
         05:e1:f9:77:5d:70:5f:eb:07:98:07:0e:90:79:a9:47:42:29:
         c1:d4:ce:8b:6a:b2:32:07:f9:99:d7:59:aa:db:a7:ba:09:59:
         73:7d:1d:48:1a:23:d0:7b:60:00:55:07:95:ff:04:4c:d9:5b:
         29:66:b3:3d:26:3b:04:2a:db:f5:71:d4:9f:c8:4b:f8:64:95:
         57:82:76:a3:1d:ae:3d:59:82:b9:b9:db:b5:0e:4d:16:fb:c5:
         d4:44:ed:8a:5d:4c:10:f3:7d:ce:00:bd:4a:c1:fc:fe:90:c1:
         6c:a2:8a:a7:cc:7f:cd:70:c7:e0:b9:6e:b2:4d:98:c7:80:67:
         c1:56:02:cb:7f:38:b7:9d:73:3a:fe:80:77:c0:27:df:64:76:
         43:75:a8:c7:db:e5:a4:46:2b:cb:09:99:81:74:89:70:7b:dd:
         6f:ec:b1:e1:8f:7a:99:5d:b2:95:f6:b3:36:d9:4a:09:3f:2e:
         45:32:cf:ec:f5:a1:79:5e:db:69:66:f2:2d:12:5c:46:ae:d8:
         02:86:bd:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJuoMMou6aXli+HffM2f81MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NDA2NjkxZjJlMzc0ZWUzN2E2NDA0OTJhMzY0ZGZjNTNi
YTQ0MTIwHhcNMjQwMTAyMTAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI3ZTRmMWFlMDA1NWFlZGZjMGQ4MjQxY2QxMTAzMjdiMmNmMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8QLPn7+gf3gQoGV/iyOrpTK7zma
U/ftBS7P9OdXrbk414MgIfRQpo0vDieOFF9PU+mj2ns+rLDFe7xKyh5JFNm5z+Nv
6ETI6UlNxtYLY/lq9S1AdvVy5EFKGbZcLW/7ZKICGeD11l0oDwiFJ07Wx2NIr9e+
W02ubuIwRKj+lscxAHOhSH176LguDfHR9MvwqLOmaY5kNv11bVW4Xhn/C2CiuZ5J
LMM++13VGbF7TIurgNNpFDcSvH4fPGT+89qeRYjQmLp95C9gj+4yhp9x3Cbga7Ul
rQ8Tk1pYUL4BBGoyRWF12V3RYQH2NfHg6iZ8Gw8Jvp3NdgGKBYo68EMauwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDgn5PGuAFWu38DYJBzREDJ7LPBOMB8GA1UdIwQY
MBaAFJVAZpHy43TuN6ZASSo2TfxTukQSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVCbWtmTGpkTzQzcGtCSktqWk5fRk82UkJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wZjRhYmYtNGQ5MC00OTY5LTg1YWQt
NDAxNTliNTMxM2QxLzEvT0NmazhhNEFWYTdmd05na0hORVFNbnNzOEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wZjRhYmYtNGQ5MC00OTY5LTg1YWQtNDAxNTliNTMxM2Qx
LzEvbFVCbWtmTGpkTzQzcGtCSktqWk5fRk82UkJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAxA
MA0GCSqGSIb3DQEBCwUAA4IBAQC0MJA3rdavF9rk2P5glrMApA6nrnDmSnKisYXH
XwkaRmosg3tdVMvxyKNXqApfXO1pzv+OBOkF4fl3XXBf6weYBw6QealHQinB1M6L
arIyB/mZ11mq26e6CVlzfR1IGiPQe2AAVQeV/wRM2VspZrM9JjsEKtv1cdSfyEv4
ZJVXgnajHa49WYK5udu1Dk0W+8XURO2KXUwQ833OAL1Kwfz+kMFsooqnzH/NcMfg
uW6yTZjHgGfBVgLLfzi3nXM6/oB3wCffZHZDdajH2+WkRivLCZmBdIlwe91v7LHh
j3qZXbKV9rM22UoJPy5FMs/s9aF5XttpZvItElxGrtgChr3r
-----END CERTIFICATE-----