Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/d128de-d61d-4f03-9134-046a68ab4c8d/1/OPRe5kTf9W8US9AliIINqhJlleg.roa
File:                     OPRe5kTf9W8US9AliIINqhJlleg.roa (raw, json)
Hash identifier:          ni3KI598O1geBk5O7zNHptXS6llpTq5UwdPTnKcY7mg=
Subject key identifier:   38:F4:5E:E6:44:DF:F5:6F:14:4B:D0:25:88:82:0D:AA:12:65:95:E8
Certificate issuer:       /CN=6cc3853da70cdea0dba46414b6b0e6d1f1716e74
Certificate serial:       0193062D71279DB508E43283FC7872F4ACD8
Authority key identifier: 6C:C3:85:3D:A7:0C:DE:A0:DB:A4:64:14:B6:B0:E6:D1:F1:71:6E:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bMOFPacM3qDbpGQUtrDm0fFxbnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/d128de-d61d-4f03-9134-046a68ab4c8d/1/OPRe5kTf9W8US9AliIINqhJlleg.roa
Signing time:             Thu 07 Nov 2024 10:31:01 +0000
ROA not before:           Thu 07 Nov 2024 10:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216418
IP address blocks:        2001:67c:2dc8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/d128de-d61d-4f03-9134-046a68ab4c8d/1/bMOFPacM3qDbpGQUtrDm0fFxbnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/d128de-d61d-4f03-9134-046a68ab4c8d/1/bMOFPacM3qDbpGQUtrDm0fFxbnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bMOFPacM3qDbpGQUtrDm0fFxbnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:06:2d:71:27:9d:b5:08:e4:32:83:fc:78:72:f4:ac:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cc3853da70cdea0dba46414b6b0e6d1f1716e74
        Validity
            Not Before: Nov  7 10:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38f45ee644dff56f144bd02588820daa126595e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:16:49:d4:f0:f9:31:f4:15:b3:26:2c:78:3a:
                    f1:d7:59:46:e9:8c:79:73:64:e5:0e:98:e8:7e:70:
                    37:4f:93:23:23:d1:87:39:88:49:75:d3:3d:59:2c:
                    2e:12:d9:e6:8d:2e:1c:3e:8b:51:49:dc:89:f9:b5:
                    6c:f0:bc:61:65:92:97:71:c6:87:fc:37:71:59:e9:
                    65:44:cc:ba:43:ae:a8:4a:82:26:11:a3:12:3b:45:
                    96:cb:19:91:16:fd:19:1f:d4:60:c3:42:cc:f4:c8:
                    3a:23:00:6c:a4:0b:62:e0:3e:88:86:e4:4d:44:2c:
                    4c:7b:5b:a5:e5:19:9a:88:54:ba:c3:f3:10:62:e0:
                    9a:f5:27:89:be:f3:4d:88:3f:de:c0:0e:c1:15:8f:
                    cc:6e:4e:87:b5:a6:01:a3:f4:38:df:fa:95:33:8e:
                    94:fe:97:ba:c9:7e:9e:a7:6f:04:4a:c4:82:53:08:
                    db:ff:1f:d3:ff:55:1f:07:1c:1f:3b:b4:44:8e:a3:
                    85:b4:7d:d1:f7:02:a7:6f:f8:59:16:02:21:c7:fc:
                    f0:e3:74:f2:31:df:a3:b9:54:48:0c:bc:87:42:f2:
                    24:3b:59:e9:0b:a8:85:d9:83:2b:4d:9a:10:98:36:
                    19:31:c4:30:09:ef:88:e2:86:d7:d4:49:b8:34:69:
                    fc:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F4:5E:E6:44:DF:F5:6F:14:4B:D0:25:88:82:0D:AA:12:65:95:E8
            X509v3 Authority Key Identifier:
                keyid:6C:C3:85:3D:A7:0C:DE:A0:DB:A4:64:14:B6:B0:E6:D1:F1:71:6E:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bMOFPacM3qDbpGQUtrDm0fFxbnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d128de-d61d-4f03-9134-046a68ab4c8d/1/OPRe5kTf9W8US9AliIINqhJlleg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d128de-d61d-4f03-9134-046a68ab4c8d/1/bMOFPacM3qDbpGQUtrDm0fFxbnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2dc8::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:17:3c:db:cd:6a:cf:a3:18:b5:b9:e9:42:44:e6:a1:7d:4b:
         73:21:10:b4:2e:6b:e3:c4:02:ab:68:a2:f7:7b:c1:12:7c:a6:
         01:1d:9e:4d:b1:62:9c:90:44:9f:86:0b:a1:c1:0b:49:8b:cb:
         58:62:98:9b:21:27:b5:8d:1a:d5:8a:bc:8f:21:45:e8:21:b4:
         82:2a:32:64:6b:02:4b:7d:30:5c:a5:c4:28:28:72:b8:5e:cb:
         02:b7:89:38:0a:f5:59:80:c9:4b:b7:cb:53:fa:5c:4b:e1:ee:
         96:53:a4:7d:d3:11:85:c0:15:f5:a1:73:d6:47:81:0a:03:1c:
         ef:9e:64:f2:78:b0:f4:1b:3b:aa:5e:ee:68:88:e1:d3:ef:c1:
         03:b8:f9:ca:23:90:e5:75:e5:6a:66:66:1c:48:ea:75:c5:62:
         fc:44:39:0d:ab:6d:a5:54:08:00:7a:aa:9b:30:6d:c8:29:3d:
         45:6a:d3:f6:ff:f2:83:1f:4c:1a:ae:2a:e7:1c:25:b2:10:d3:
         f5:25:85:0a:3a:38:56:dc:74:52:9e:86:2a:65:c8:16:56:64:
         c3:4e:45:b7:6a:3c:38:89:03:7a:1b:f6:a7:b8:bb:6e:3c:b6:
         53:a0:2b:ea:06:86:85:7a:a2:0c:e7:0a:5a:55:a8:1c:6f:5f:
         d5:0b:8e:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMGLXEnnbUI5DKD/Hhy9KzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYzM4NTNkYTcwY2RlYTBkYmE0NjQxNGI2YjBlNmQxZjE3
MTZlNzQwHhcNMjQxMTA3MTAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGY0NWVlNjQ0ZGZmNTZmMTQ0YmQwMjU4ODgyMGRhYTEyNjU5NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRZJ1PD5MfQVsyYseDrx11lG6Yx5
c2TlDpjofnA3T5MjI9GHOYhJddM9WSwuEtnmjS4cPotRSdyJ+bVs8LxhZZKXccaH
/DdxWellRMy6Q66oSoImEaMSO0WWyxmRFv0ZH9Rgw0LM9Mg6IwBspAti4D6IhuRN
RCxMe1ul5RmaiFS6w/MQYuCa9SeJvvNNiD/ewA7BFY/Mbk6HtaYBo/Q43/qVM46U
/pe6yX6ep28ESsSCUwjb/x/T/1UfBxwfO7REjqOFtH3R9wKnb/hZFgIhx/zw43Ty
Md+juVRIDLyHQvIkO1npC6iF2YMrTZoQmDYZMcQwCe+I4obX1Em4NGn8hQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDj0XuZE3/VvFEvQJYiCDaoSZZXoMB8GA1UdIwQY
MBaAFGzDhT2nDN6g26RkFLaw5tHxcW50MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk1PRlBhY00zcURicEdRVXRyRG0wZkZ4Ym5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9kMTI4ZGUtZDYxZC00ZjAzLTkxMzQt
MDQ2YTY4YWI0YzhkLzEvT1BSZTVrVGY5VzhVUzlBbGlJSU5xaEpsbGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9kMTI4ZGUtZDYxZC00ZjAzLTkxMzQtMDQ2YTY4YWI0Yzhk
LzEvYk1PRlBhY00zcURicEdRVXRyRG0wZkZ4Ym5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC3I
MA0GCSqGSIb3DQEBCwUAA4IBAQAHFzzbzWrPoxi1uelCROahfUtzIRC0LmvjxAKr
aKL3e8ESfKYBHZ5NsWKckESfhguhwQtJi8tYYpibISe1jRrViryPIUXoIbSCKjJk
awJLfTBcpcQoKHK4XssCt4k4CvVZgMlLt8tT+lxL4e6WU6R90xGFwBX1oXPWR4EK
AxzvnmTyeLD0GzuqXu5oiOHT78EDuPnKI5DldeVqZmYcSOp1xWL8RDkNq22lVAgA
eqqbMG3IKT1FatP2//KDH0warirnHCWyENP1JYUKOjhW3HRSnoYqZcgWVmTDTkW3
ajw4iQN6G/anuLtuPLZToCvqBoaFeqIM5wpaVagcb1/VC45i
-----END CERTIFICATE-----