Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vX7nSxarBb0z08AMgB6xPwK8vSk.roa
File:                     vX7nSxarBb0z08AMgB6xPwK8vSk.roa (raw, json)
Hash identifier:          4Mx9mPzDzeEWaNKd3X6byHNmgFQpn9oxfk+eJ8YxRm4=
Subject key identifier:   BD:7E:E7:4B:16:AB:05:BD:33:D3:C0:0C:80:1E:B1:3F:02:BC:BD:29
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC7944218375D6D5ADEE3D3FB5C7184AC
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vX7nSxarBb0z08AMgB6xPwK8vSk.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17035
IP address blocks:        2001:668:120::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 13:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:42:18:37:5d:6d:5a:de:e3:d3:fb:5c:71:84:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd7ee74b16ab05bd33d3c00c801eb13f02bcbd29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b9:ae:2f:c3:94:58:8d:77:50:74:41:f9:da:
                    eb:e9:66:89:b5:1f:c5:0b:ad:e4:5a:f1:08:69:4f:
                    65:3d:41:5e:b7:75:35:7d:47:f3:f1:02:2b:f7:c8:
                    e0:e7:f6:85:67:5f:63:bc:aa:20:b4:d2:5b:90:d6:
                    8b:53:3e:0a:03:c0:48:ad:e5:a3:41:ec:06:a1:c9:
                    96:a1:d3:1d:41:5c:a7:07:de:78:4d:3e:32:ed:93:
                    36:16:37:c4:5d:cc:2d:a8:a4:d7:31:05:f8:9b:48:
                    2f:75:5e:cb:c4:13:ba:f2:9b:63:14:c7:bf:c8:28:
                    85:19:90:27:bd:f9:37:2e:9a:ef:c8:46:34:40:5f:
                    46:53:0a:55:c1:9d:2a:01:1d:91:b4:d5:a8:2e:e6:
                    24:ee:9e:6b:d1:8a:22:94:73:a2:ac:c8:21:e3:64:
                    40:87:43:29:1b:28:06:e2:ad:f7:42:51:05:42:dc:
                    39:8a:c6:7e:84:54:d8:9f:d2:1f:d9:71:7d:06:49:
                    1b:84:c3:79:d5:8f:bc:9c:6f:b2:8b:11:2e:2e:20:
                    93:0e:e2:71:81:35:ad:da:f8:a1:93:39:ee:2e:44:
                    3f:cd:27:e4:b2:69:b6:38:8f:87:bc:0f:d4:63:8f:
                    13:64:30:20:5c:e0:02:80:fe:df:53:7a:a8:86:d5:
                    55:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:7E:E7:4B:16:AB:05:BD:33:D3:C0:0C:80:1E:B1:3F:02:BC:BD:29
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vX7nSxarBb0z08AMgB6xPwK8vSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:668:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:62:ac:a5:19:7d:ac:d7:ab:5b:00:93:79:7f:c1:9e:5e:56:
         87:d7:a7:5f:3c:71:cf:f6:b4:1c:e7:54:1e:c6:b3:c6:a8:3f:
         7c:15:14:08:ce:d6:50:e5:80:04:30:42:71:ff:0b:9b:eb:76:
         fb:37:9d:0f:a8:b0:3c:f9:b8:20:25:cf:5a:02:06:1c:72:a2:
         0b:66:54:d2:42:ec:ee:8c:47:6a:00:2a:61:be:5b:e9:78:93:
         bd:36:21:f8:fa:eb:f6:b0:31:12:2f:57:42:26:2d:99:b5:a7:
         69:55:5c:d3:1c:23:b7:f2:3a:60:4f:3e:42:62:78:7b:50:08:
         a2:e9:00:86:1f:c0:3f:a5:bf:d6:23:bf:6b:27:9b:02:6c:ce:
         95:1f:ea:cd:ab:d6:b4:47:b5:6b:3e:6f:20:c2:a8:19:69:cc:
         9c:b3:c1:ad:ac:3f:b4:2e:fc:fa:ef:34:b0:51:12:91:b7:53:
         ae:2f:bf:80:55:d9:fc:05:b9:fa:69:de:33:62:0d:86:e3:7a:
         77:92:24:18:30:44:d8:92:7f:5b:f2:29:f2:bf:04:a5:f2:a6:
         cd:3a:20:12:88:94:e1:02:b7:e5:dc:72:c2:6c:e2:cb:71:28:
         db:99:e5:8e:d8:83:02:cc:42:d5:77:5f:af:f1:b1:60:13:a1:
         2f:74:d4:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlEIYN11tWt7j0/tccYSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDdlZTc0YjE2YWIwNWJkMzNkM2MwMGM4MDFlYjEzZjAyYmNiZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrmuL8OUWI13UHRB+drr6WaJtR/F
C63kWvEIaU9lPUFet3U1fUfz8QIr98jg5/aFZ19jvKogtNJbkNaLUz4KA8BIreWj
QewGocmWodMdQVynB954TT4y7ZM2FjfEXcwtqKTXMQX4m0gvdV7LxBO68ptjFMe/
yCiFGZAnvfk3LprvyEY0QF9GUwpVwZ0qAR2RtNWoLuYk7p5r0YoilHOirMgh42RA
h0MpGygG4q33QlEFQtw5isZ+hFTYn9If2XF9BkkbhMN51Y+8nG+yixEuLiCTDuJx
gTWt2vihkznuLkQ/zSfksmm2OI+HvA/UY48TZDAgXOACgP7fU3qohtVV+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL1+50sWqwW9M9PADIAesT8CvL0pMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvdlg3blN4YXJCYjB6MDhBTWdCNnhQd0s4dlNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGaAEg
MA0GCSqGSIb3DQEBCwUAA4IBAQAlYqylGX2s16tbAJN5f8GeXlaH16dfPHHP9rQc
51QexrPGqD98FRQIztZQ5YAEMEJx/wub63b7N50PqLA8+bggJc9aAgYccqILZlTS
QuzujEdqACphvlvpeJO9NiH4+uv2sDESL1dCJi2ZtadpVVzTHCO38jpgTz5CYnh7
UAii6QCGH8A/pb/WI79rJ5sCbM6VH+rNq9a0R7VrPm8gwqgZacycs8GtrD+0Lvz6
7zSwURKRt1OuL7+AVdn8Bbn6ad4zYg2G43p3kiQYMETYkn9b8inyvwSl8qbNOiAS
iJThArfl3HLCbOLLcSjbmeWO2IMCzELVd1+v8bFgE6EvdNRR
-----END CERTIFICATE-----