Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bSPGjTS_aM2m3Jwqf4EZZL1fetM.roa
File:                     bSPGjTS_aM2m3Jwqf4EZZL1fetM.roa (raw, json)
Hash identifier:          nCONkQEx40RxONTWOuI3uqaW1YH9xrRQhBRSYxFuETE=
Subject key identifier:   6D:23:C6:8D:34:BF:68:CD:A6:DC:9C:2A:7F:81:19:64:BD:5F:7A:D3
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC7944903F62605F575C350381CBE5152
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bSPGjTS_aM2m3Jwqf4EZZL1fetM.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59524
IP address blocks:        2001:680:4008::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:49:03:f6:26:05:f5:75:c3:50:38:1c:be:51:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d23c68d34bf68cda6dc9c2a7f811964bd5f7ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:61:5e:6d:a0:96:dd:9f:4b:e8:95:6b:af:83:
                    48:32:0d:dd:92:ba:b9:a8:f2:4a:f5:a5:2d:8b:61:
                    c5:d3:f4:0c:e0:c6:79:de:4a:15:e4:e9:fb:67:f7:
                    c4:9d:8d:6c:c0:9e:6c:9c:62:ae:be:f8:26:06:d9:
                    2e:05:ce:50:98:23:dd:f0:bd:cf:49:cf:ca:8d:a4:
                    45:d5:7a:8b:00:a6:d7:27:37:0f:87:63:10:8f:6a:
                    bd:ce:82:93:ab:09:19:72:42:53:43:98:58:63:47:
                    c9:97:14:ab:bf:bb:39:69:f8:04:3c:68:f4:ef:ff:
                    57:07:5b:4d:a8:12:1f:0a:bd:86:11:50:53:f4:30:
                    e2:ed:c0:32:61:77:7d:6b:cf:67:ea:df:7b:14:c5:
                    48:56:80:fd:12:fc:9d:cc:f6:42:db:a6:66:53:b4:
                    2c:72:c3:23:d7:be:f6:16:7c:cf:17:31:86:eb:1c:
                    5b:b3:f8:4c:58:3d:e7:01:4e:e8:59:96:b9:1c:7a:
                    99:de:32:ba:e8:b6:06:8b:77:9d:86:f7:38:a3:03:
                    da:78:88:4f:f8:19:07:f5:33:bf:f8:af:e9:2a:8c:
                    e1:c5:c1:4b:c8:c5:a4:26:47:52:52:8b:b9:bf:42:
                    d6:28:f8:47:24:3d:84:55:92:7d:33:bd:76:d4:82:
                    8d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:23:C6:8D:34:BF:68:CD:A6:DC:9C:2A:7F:81:19:64:BD:5F:7A:D3
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bSPGjTS_aM2m3Jwqf4EZZL1fetM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:680:4008::/48

    Signature Algorithm: sha256WithRSAEncryption
         d2:cd:da:20:ba:b1:19:85:bc:77:53:9a:89:6a:50:72:6d:b7:
         87:e4:0f:97:c2:dc:00:e6:96:d8:93:df:f1:1c:1a:90:61:7a:
         99:be:ea:d7:0f:0d:93:3b:ac:e1:48:c9:68:e6:e0:92:71:9c:
         37:49:57:a6:d7:1e:6d:04:ef:df:4f:6b:a9:90:a7:ea:5f:64:
         10:8d:ca:0e:d5:31:01:54:0a:a5:4c:db:6c:30:b2:99:02:f6:
         12:d5:58:af:ca:01:05:dc:3d:05:9a:43:9f:1c:ea:39:62:23:
         1f:7d:d6:1b:40:a4:69:de:8e:66:7c:01:67:de:3c:d1:a9:48:
         54:a6:98:db:a8:56:75:4a:21:a5:ba:ee:a2:f5:21:c5:c5:d9:
         46:ba:db:1b:5b:9b:69:35:f8:c7:b8:b4:07:8b:cf:76:cb:46:
         2c:aa:13:c7:7c:8c:9a:91:0e:eb:09:75:f1:d1:9c:6d:26:d3:
         02:07:59:c2:60:7b:c8:3a:ea:17:ae:5e:18:51:6f:e2:e8:15:
         d4:70:37:21:f2:7b:04:85:85:6f:1b:3c:54:9b:9f:1f:34:a2:
         0a:8b:23:af:24:56:d4:5f:99:0a:d6:c2:56:50:4b:25:d3:0f:
         16:ba:e9:dd:f3:97:30:84:cd:1d:05:92:b7:21:9a:49:0b:5e:
         f9:a3:8f:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlEkD9iYF9XXDUDgcvlFSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDIzYzY4ZDM0YmY2OGNkYTZkYzljMmE3ZjgxMTk2NGJkNWY3YWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumFebaCW3Z9L6JVrr4NIMg3dkrq5
qPJK9aUti2HF0/QM4MZ53koV5On7Z/fEnY1swJ5snGKuvvgmBtkuBc5QmCPd8L3P
Sc/KjaRF1XqLAKbXJzcPh2MQj2q9zoKTqwkZckJTQ5hYY0fJlxSrv7s5afgEPGj0
7/9XB1tNqBIfCr2GEVBT9DDi7cAyYXd9a89n6t97FMVIVoD9EvydzPZC26ZmU7Qs
csMj1772FnzPFzGG6xxbs/hMWD3nAU7oWZa5HHqZ3jK66LYGi3edhvc4owPaeIhP
+BkH9TO/+K/pKozhxcFLyMWkJkdSUou5v0LWKPhHJD2EVZJ9M7121IKNBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG0jxo00v2jNptycKn+BGWS9X3rTMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYlNQR2pUU19hTTJtM0p3cWY0RVpaTDFmZXRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGgEAI
MA0GCSqGSIb3DQEBCwUAA4IBAQDSzdogurEZhbx3U5qJalBybbeH5A+XwtwA5pbY
k9/xHBqQYXqZvurXDw2TO6zhSMlo5uCScZw3SVem1x5tBO/fT2upkKfqX2QQjcoO
1TEBVAqlTNtsMLKZAvYS1VivygEF3D0FmkOfHOo5YiMffdYbQKRp3o5mfAFn3jzR
qUhUppjbqFZ1SiGluu6i9SHFxdlGutsbW5tpNfjHuLQHi892y0YsqhPHfIyakQ7r
CXXx0ZxtJtMCB1nCYHvIOuoXrl4YUW/i6BXUcDch8nsEhYVvGzxUm58fNKIKiyOv
JFbUX5kK1sJWUEsl0w8Wuund85cwhM0dBZK3IZpJC175o49L
-----END CERTIFICATE-----