Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/OYOpNeEVsu0T0BbvhmHIdNFIT_o.roa
File:                     OYOpNeEVsu0T0BbvhmHIdNFIT_o.roa (raw, json)
Hash identifier:          5OjFPxxmaTIrwXXRizdKgOIFQoKouBwpJLlgwAhC1mU=
Subject key identifier:   39:83:A9:35:E1:15:B2:ED:13:D0:16:EF:86:61:C8:74:D1:48:4F:FA
Certificate issuer:       /CN=41b8c2f37bd8d7e04e76985a4ced4559d7651c43
Certificate serial:       01954BA72428897CBCC9B18C7CEE0B1FF40C
Authority key identifier: 41:B8:C2:F3:7B:D8:D7:E0:4E:76:98:5A:4C:ED:45:59:D7:65:1C:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QbjC83vY1-BOdphaTO1FWddlHEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/OYOpNeEVsu0T0BbvhmHIdNFIT_o.roa
Signing time:             Fri 28 Feb 2025 08:23:19 +0000
ROA not before:           Fri 28 Feb 2025 08:23:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12348
IP address blocks:        2a00:12e8:f141::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/QbjC83vY1-BOdphaTO1FWddlHEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/QbjC83vY1-BOdphaTO1FWddlHEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QbjC83vY1-BOdphaTO1FWddlHEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4b:a7:24:28:89:7c:bc:c9:b1:8c:7c:ee:0b:1f:f4:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41b8c2f37bd8d7e04e76985a4ced4559d7651c43
        Validity
            Not Before: Feb 28 08:23:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3983a935e115b2ed13d016ef8661c874d1484ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:e9:f5:b4:c2:8a:f2:96:ed:7f:90:25:53:
                    bf:4a:27:a3:aa:17:fa:a2:0b:7e:fd:07:7b:90:33:
                    05:bd:72:62:03:1c:68:8d:23:0b:4b:c0:01:19:c3:
                    0a:c0:0c:b5:42:bb:e5:be:37:6a:8c:d7:d9:81:97:
                    2b:fc:3a:90:50:44:36:0a:14:a5:f6:42:64:ec:03:
                    33:f5:ba:04:28:37:9a:e4:db:79:96:f5:c2:09:b2:
                    a4:39:46:21:af:30:70:3e:17:ae:3b:1f:06:77:50:
                    18:02:33:3a:64:4e:01:d8:7e:06:24:88:b6:94:3d:
                    82:a4:7c:02:de:58:39:f5:de:9b:1b:98:13:fb:d9:
                    9a:e4:40:91:b6:11:e1:b4:0d:f0:59:44:e9:2a:c5:
                    f4:a4:97:00:fd:2f:e5:a1:06:e1:32:85:c7:1e:9b:
                    cd:f8:17:42:45:6f:59:91:93:ba:00:0a:76:fd:60:
                    76:7e:e2:fa:fd:67:dc:ec:32:25:72:64:e5:37:67:
                    d3:10:0a:86:e0:51:2a:d4:9f:cd:6c:c3:90:90:74:
                    30:32:71:52:0d:8c:37:52:46:c2:a6:9d:db:14:76:
                    0a:03:2c:97:3b:df:ba:4c:af:06:1e:ed:31:33:0d:
                    84:94:59:f6:af:1c:cf:64:1e:9b:1b:57:d5:23:bf:
                    74:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:83:A9:35:E1:15:B2:ED:13:D0:16:EF:86:61:C8:74:D1:48:4F:FA
            X509v3 Authority Key Identifier:
                keyid:41:B8:C2:F3:7B:D8:D7:E0:4E:76:98:5A:4C:ED:45:59:D7:65:1C:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QbjC83vY1-BOdphaTO1FWddlHEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/OYOpNeEVsu0T0BbvhmHIdNFIT_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/QbjC83vY1-BOdphaTO1FWddlHEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:12e8:f141::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:ed:cd:d9:cb:54:3d:38:52:fe:a7:3a:84:25:16:b4:94:54:
         f4:2d:e6:6d:d5:45:d5:85:c9:a7:35:c1:37:53:aa:2d:d8:34:
         02:5a:75:cc:7d:6c:83:e2:26:63:13:4e:21:0e:6e:92:af:d6:
         60:5a:ec:d0:b9:44:36:38:ca:58:14:d5:9d:5b:27:41:4b:fb:
         d9:60:ec:8c:54:31:5f:e4:76:b0:30:eb:3b:2d:44:b8:6f:1f:
         67:31:be:84:5e:8a:6f:01:79:67:d6:d4:db:82:57:92:ba:f3:
         6d:5c:4c:c2:7a:32:3d:1e:1d:91:95:1a:94:44:68:19:c9:2a:
         82:86:94:64:4b:66:39:a5:00:c1:f1:99:88:b3:da:07:ab:28:
         f8:1e:20:69:3b:b6:09:80:81:1a:80:c1:14:6d:29:38:01:f0:
         00:cd:cb:33:64:27:36:09:ba:f2:32:bb:a6:71:ff:8a:b3:5f:
         a4:95:fc:09:16:1d:fd:32:db:75:55:b9:2b:04:be:2f:ff:15:
         b0:1b:1c:40:f8:94:4a:7b:20:98:8f:63:12:c8:c8:4d:ea:bf:
         44:65:ec:4e:fd:b0:8d:57:c0:5e:08:e9:d5:e2:bc:de:6d:1e:
         d3:ea:8e:60:e6:98:88:15:83:fa:0c:fe:74:71:d3:6e:a4:cb:
         a9:f4:60:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZVLpyQoiXy8ybGMfO4LH/QMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxYjhjMmYzN2JkOGQ3ZTA0ZTc2OTg1YTRjZWQ0NTU5ZDc2
NTFjNDMwHhcNMjUwMjI4MDgyMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTgzYTkzNWUxMTViMmVkMTNkMDE2ZWY4NjYxYzg3NGQxNDg0ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudDp9bTCivKW7X+QJVO/Siejqhf6
ogt+/Qd7kDMFvXJiAxxojSMLS8ABGcMKwAy1QrvlvjdqjNfZgZcr/DqQUEQ2ChSl
9kJk7AMz9boEKDea5Nt5lvXCCbKkOUYhrzBwPheuOx8Gd1AYAjM6ZE4B2H4GJIi2
lD2CpHwC3lg59d6bG5gT+9ma5ECRthHhtA3wWUTpKsX0pJcA/S/loQbhMoXHHpvN
+BdCRW9ZkZO6AAp2/WB2fuL6/Wfc7DIlcmTlN2fTEAqG4FEq1J/NbMOQkHQwMnFS
DYw3UkbCpp3bFHYKAyyXO9+6TK8GHu0xMw2ElFn2rxzPZB6bG1fVI790NwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDmDqTXhFbLtE9AW74ZhyHTRSE/6MB8GA1UdIwQY
MBaAFEG4wvN72NfgTnaYWkztRVnXZRxDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWJqQzgzdlkxLUJPZHBoYVRPMUZXZGRsSEVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8zZTNiNGItZjgyNy00MzQ3LTkwMjIt
MjgxOGY2NTc4ZDFiLzEvT1lPcE5lRVZzdTBUMEJidmhtSElkTkZJVF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8zZTNiNGItZjgyNy00MzQ3LTkwMjItMjgxOGY2NTc4ZDFi
LzEvUWJqQzgzdlkxLUJPZHBoYVRPMUZXZGRsSEVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAS6PFB
MA0GCSqGSIb3DQEBCwUAA4IBAQBh7c3Zy1Q9OFL+pzqEJRa0lFT0LeZt1UXVhcmn
NcE3U6ot2DQCWnXMfWyD4iZjE04hDm6Sr9ZgWuzQuUQ2OMpYFNWdWydBS/vZYOyM
VDFf5HawMOs7LUS4bx9nMb6EXopvAXln1tTbgleSuvNtXEzCejI9Hh2RlRqURGgZ
ySqChpRkS2Y5pQDB8ZmIs9oHqyj4HiBpO7YJgIEagMEUbSk4AfAAzcszZCc2Cbry
Mrumcf+Ks1+klfwJFh39Mtt1VbkrBL4v/xWwGxxA+JRKeyCYj2MSyMhN6r9EZexO
/bCNV8BeCOnV4rzebR7T6o5g5piIFYP6DP50cdNupMup9GBU
-----END CERTIFICATE-----