Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1dO4wEBxAyZIq3df1VoQ_TXapUk.roa
File:                     1dO4wEBxAyZIq3df1VoQ_TXapUk.roa (raw, json)
Hash identifier:          Okvy1dsyG2rlIUB0Pl+xAtdaE2dsI1y5AcafgF3uxoM=
Subject key identifier:   D5:D3:B8:C0:40:71:03:26:48:AB:77:5F:D5:5A:10:FD:35:DA:A5:49
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC79441A744C0022565A04DAD2E9B4153
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1dO4wEBxAyZIq3df1VoQ_TXapUk.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16260
IP address blocks:        2001:668:1fc::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:41:a7:44:c0:02:25:65:a0:4d:ad:2e:9b:41:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5d3b8c04071032648ab775fd55a10fd35daa549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:28:70:e7:8a:ca:6f:ff:cc:6f:74:d0:b5:5b:
                    d7:4a:e7:a8:af:8e:92:85:9c:4e:f6:dc:90:1a:7b:
                    92:ed:d5:54:ba:b4:2e:fd:24:4e:77:55:bc:96:d5:
                    12:41:8c:63:cd:8c:bd:f7:c4:c1:5e:42:99:5e:50:
                    c7:21:c9:81:fd:7f:6c:86:1e:ed:d3:9f:28:f2:0b:
                    aa:63:60:1a:e6:4d:68:f7:88:0e:03:62:23:36:0b:
                    2c:7c:d1:af:ef:24:5e:0d:37:6c:ec:18:77:e2:16:
                    d0:a2:79:49:90:cd:73:43:61:91:a8:40:e5:1d:82:
                    e2:2c:09:f2:ee:81:4f:7a:61:34:86:36:5e:2d:88:
                    35:4c:8e:9f:7e:01:eb:b2:e4:ac:10:16:a6:0b:91:
                    8b:a9:55:30:fc:c4:35:b3:f1:bd:fe:42:5a:37:9a:
                    9d:b2:aa:86:7f:0d:9d:cd:47:64:07:bc:69:88:35:
                    5c:31:d7:bf:e3:e3:68:4e:98:97:07:d6:d3:00:c9:
                    7f:7c:98:f3:72:cb:bb:4f:8b:df:cd:e1:e4:9f:5e:
                    fe:1e:3f:73:fb:ce:a8:86:a3:b1:2a:f4:86:ae:23:
                    e8:05:be:1a:2e:05:58:a8:2f:b2:c3:89:b9:b8:61:
                    de:b4:0a:1e:78:44:5a:64:53:1e:4e:75:32:00:e1:
                    0a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D3:B8:C0:40:71:03:26:48:AB:77:5F:D5:5A:10:FD:35:DA:A5:49
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1dO4wEBxAyZIq3df1VoQ_TXapUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:668:1fc::/46

    Signature Algorithm: sha256WithRSAEncryption
         44:5d:97:29:87:97:65:84:9f:44:fc:5e:24:10:83:98:bb:69:
         4a:66:85:bd:75:48:11:eb:0f:ce:9b:31:ab:e8:67:9d:e1:93:
         eb:6f:28:f9:c3:de:bc:e4:10:61:f1:b8:a6:54:4d:07:ab:a1:
         7d:22:0c:0c:7d:6e:d4:ff:b5:05:89:69:37:94:ce:d2:35:bc:
         91:32:85:06:f6:7c:79:ba:7a:3f:fc:b3:aa:9e:ab:10:9a:d9:
         bd:a1:c0:b6:67:4f:72:6f:a0:46:86:a7:74:07:e3:7a:6e:c6:
         33:6f:8d:d0:1b:ae:ce:b3:b8:a8:8c:cd:00:01:cc:f8:a3:d3:
         1d:44:d5:a2:1d:fa:d9:f6:67:51:d1:25:cd:b9:c1:40:7a:0b:
         58:87:35:11:19:e3:36:5b:6d:46:80:f1:c3:66:f2:e6:10:34:
         cc:fe:20:5c:6b:14:07:f4:31:fe:38:f9:64:60:8f:c9:31:ec:
         43:49:41:59:44:23:db:e9:73:c4:f4:fd:57:0e:05:95:17:cc:
         94:e9:db:ef:d7:fa:f3:b5:44:92:4a:eb:5c:40:e8:56:82:ed:
         0a:09:df:38:dd:f9:52:59:66:4f:10:1b:7a:53:af:23:ee:6d:
         ef:4d:ce:4c:88:f6:84:4d:2b:c0:9b:29:3c:90:f4:06:c5:62:
         a3:e7:dd:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlEGnRMACJWWgTa0um0FTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWQzYjhjMDQwNzEwMzI2NDhhYjc3NWZkNTVhMTBmZDM1ZGFhNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoShw54rKb//Mb3TQtVvXSueor46S
hZxO9tyQGnuS7dVUurQu/SROd1W8ltUSQYxjzYy998TBXkKZXlDHIcmB/X9shh7t
058o8guqY2Aa5k1o94gOA2IjNgssfNGv7yReDTds7Bh34hbQonlJkM1zQ2GRqEDl
HYLiLAny7oFPemE0hjZeLYg1TI6ffgHrsuSsEBamC5GLqVUw/MQ1s/G9/kJaN5qd
sqqGfw2dzUdkB7xpiDVcMde/4+NoTpiXB9bTAMl/fJjzcsu7T4vfzeHkn17+Hj9z
+86ohqOxKvSGriPoBb4aLgVYqC+yw4m5uGHetAoeeERaZFMeTnUyAOEKYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNXTuMBAcQMmSKt3X9VaEP012qVJMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMWRPNHdFQnhBeVpJcTNkZjFWb1FfVFhhcFVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCIAEGaAH8
MA0GCSqGSIb3DQEBCwUAA4IBAQBEXZcph5dlhJ9E/F4kEIOYu2lKZoW9dUgR6w/O
mzGr6Ged4ZPrbyj5w9685BBh8bimVE0Hq6F9IgwMfW7U/7UFiWk3lM7SNbyRMoUG
9nx5uno//LOqnqsQmtm9ocC2Z09yb6BGhqd0B+N6bsYzb43QG67Os7iojM0AAcz4
o9MdRNWiHfrZ9mdR0SXNucFAegtYhzURGeM2W21GgPHDZvLmEDTM/iBcaxQH9DH+
OPlkYI/JMexDSUFZRCPb6XPE9P1XDgWVF8yU6dvv1/rztUSSSutcQOhWgu0KCd84
3flSWWZPEBt6U68j7m3vTc5MiPaETSvAmyk8kPQGxWKj5908
-----END CERTIFICATE-----