Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/OoMhY-on5mZKRPIaHPT8RmDWs0M.roa
File:                     OoMhY-on5mZKRPIaHPT8RmDWs0M.roa (raw, json)
Hash identifier:          T/XTDbcwpykhFeZz4gN+AdXGxEPEbkg67zNU6Y5jt5w=
Subject key identifier:   3A:83:21:63:EA:27:E6:66:4A:44:F2:1A:1C:F4:FC:46:60:D6:B3:43
Certificate issuer:       /CN=291f0b73e67d63c5a4c9046814166a9e21625f28
Certificate serial:       018CC2DB17F5054794C8AD944F0EF90FA947
Authority key identifier: 29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/OoMhY-on5mZKRPIaHPT8RmDWs0M.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200747
IP address blocks:        2a04:5d00:10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:17:f5:05:47:94:c8:ad:94:4f:0e:f9:0f:a9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291f0b73e67d63c5a4c9046814166a9e21625f28
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a832163ea27e6664a44f21a1cf4fc4660d6b343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c6:22:b7:18:0a:4d:82:c5:eb:e7:47:c0:17:
                    b8:b6:c5:ea:da:23:63:64:e2:7f:6a:cd:14:ae:07:
                    ef:96:d2:b8:29:d1:cc:f5:64:b5:3f:7c:e4:da:2d:
                    41:22:b2:41:f1:c2:8a:de:29:ad:43:b8:5e:93:bb:
                    a7:07:18:e5:11:59:6f:3f:53:40:7b:28:0b:d4:d3:
                    e1:fb:34:a7:2d:72:90:a4:2e:cd:6b:62:4a:a0:dd:
                    19:78:12:ea:86:5f:54:1c:c7:d9:a7:9a:27:2b:62:
                    c5:8a:0d:bb:35:94:63:02:33:75:32:2f:8d:56:e3:
                    db:b7:5b:b8:c0:cb:9c:c8:10:45:4d:20:9e:a6:d6:
                    9c:67:e5:e4:fc:10:0e:aa:14:09:35:d6:34:d6:48:
                    30:37:77:af:15:c5:bb:23:9c:b9:d5:45:5e:d4:4b:
                    62:60:0a:97:10:9d:80:86:3d:b2:1b:d3:c6:5c:ee:
                    e8:e9:84:68:50:2c:8b:fe:87:e4:b8:70:b5:68:0e:
                    0f:e1:28:8f:a9:db:57:05:64:3b:73:88:26:c9:5e:
                    fe:91:d4:c4:39:7e:ca:77:17:0d:80:b5:0e:04:32:
                    53:b4:33:60:57:52:90:2a:6f:5e:d8:3d:9b:14:92:
                    97:3c:3c:a1:ab:66:69:0a:0f:f1:c9:50:1b:3d:a2:
                    78:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:83:21:63:EA:27:E6:66:4A:44:F2:1A:1C:F4:FC:46:60:D6:B3:43
            X509v3 Authority Key Identifier:
                keyid:29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/OoMhY-on5mZKRPIaHPT8RmDWs0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5d00:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:df:6a:27:f2:33:d9:f8:e7:ea:69:71:c1:5b:ef:87:f3:28:
         2f:2d:f1:14:b1:95:98:f3:b3:2e:a4:66:17:61:d0:85:ba:b0:
         2f:6f:54:64:b8:48:10:14:a9:6f:66:09:bc:b9:fa:bc:b6:d3:
         de:5b:fd:c2:20:01:6c:15:a7:35:68:04:46:e4:72:f6:12:e2:
         bc:2e:12:ec:8c:6c:b1:3f:43:28:2f:15:92:95:0b:30:dd:2a:
         87:1f:2d:6e:b6:2e:c9:c4:d2:dc:34:70:db:1c:49:d2:52:19:
         61:c7:20:97:a3:82:ec:67:ad:51:af:f7:8a:44:51:11:2b:6b:
         ba:97:7a:14:e1:9b:dc:1a:0e:91:1c:30:6e:8e:89:94:eb:43:
         b5:e2:fd:df:ea:04:fc:15:9f:89:83:dc:6c:28:27:3c:a5:e5:
         00:fc:f5:c9:c2:59:9c:55:ca:88:1f:47:b3:e8:af:61:84:9e:
         a2:8f:35:e9:0b:ac:db:66:64:2b:fa:35:15:ea:5a:b0:b0:6a:
         5f:09:62:8d:a1:a1:8f:fe:72:04:3f:e7:43:4a:5c:be:7a:a0:
         fc:00:59:a4:07:8a:48:8a:6d:fa:e3:fe:35:56:2b:f2:89:8b:
         29:6f:7e:af:30:47:ca:a9:58:29:84:11:b7:63:c2:65:15:75:
         bd:36:fe:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2xf1BUeUyK2UTw75D6lHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWYwYjczZTY3ZDYzYzVhNGM5MDQ2ODE0MTY2YTllMjE2
MjVmMjgwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTgzMjE2M2VhMjdlNjY2NGE0NGYyMWExY2Y0ZmM0NjYwZDZiMzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cYitxgKTYLF6+dHwBe4tsXq2iNj
ZOJ/as0UrgfvltK4KdHM9WS1P3zk2i1BIrJB8cKK3imtQ7hek7unBxjlEVlvP1NA
eygL1NPh+zSnLXKQpC7Na2JKoN0ZeBLqhl9UHMfZp5onK2LFig27NZRjAjN1Mi+N
VuPbt1u4wMucyBBFTSCeptacZ+Xk/BAOqhQJNdY01kgwN3evFcW7I5y51UVe1Eti
YAqXEJ2Ahj2yG9PGXO7o6YRoUCyL/ofkuHC1aA4P4SiPqdtXBWQ7c4gmyV7+kdTE
OX7KdxcNgLUOBDJTtDNgV1KQKm9e2D2bFJKXPDyhq2ZpCg/xyVAbPaJ49QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDqDIWPqJ+ZmSkTyGhz0/EZg1rNDMB8GA1UdIwQY
MBaAFCkfC3PmfWPFpMkEaBQWap4hYl8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQt
MzhlZThmZDY0ZTdkLzEvT29NaFktb241bVpLUlBJYUhQVDhSbURXczBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQtMzhlZThmZDY0ZTdk
LzEvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgRdAAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCi32on8jPZ+OfqaXHBW++H8ygvLfEUsZWY87Mu
pGYXYdCFurAvb1RkuEgQFKlvZgm8ufq8ttPeW/3CIAFsFac1aARG5HL2EuK8LhLs
jGyxP0MoLxWSlQsw3SqHHy1uti7JxNLcNHDbHEnSUhlhxyCXo4LsZ61Rr/eKRFER
K2u6l3oU4ZvcGg6RHDBujomU60O14v3f6gT8FZ+Jg9xsKCc8peUA/PXJwlmcVcqI
H0ez6K9hhJ6ijzXpC6zbZmQr+jUV6lqwsGpfCWKNoaGP/nIEP+dDSly+eqD8AFmk
B4pIim364/41VivyiYspb36vMEfKqVgphBG3Y8JlFXW9Nv7a
-----END CERTIFICATE-----