Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/JlQN0N4As8kTE_2777wqlcFNrC8.roa
File:                     JlQN0N4As8kTE_2777wqlcFNrC8.roa (raw, json)
Hash identifier:          gQA+8fA2lRTUYRE2yD6RworLn/rUFJdeb4rtkckOnyE=
Subject key identifier:   26:54:0D:D0:DE:00:B3:C9:13:13:FD:BB:EF:BC:2A:95:C1:4D:AC:2F
Certificate issuer:       /CN=cbf74cd846493138f522c57c0065b5c60512dd09
Certificate serial:       01941FFA461620B10E17150E389F7C85597D
Authority key identifier: CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/JlQN0N4As8kTE_2777wqlcFNrC8.roa
Signing time:             Wed 01 Jan 2025 03:48:03 +0000
ROA not before:           Wed 01 Jan 2025 03:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a06:3b80:154::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:46:16:20:b1:0e:17:15:0e:38:9f:7c:85:59:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbf74cd846493138f522c57c0065b5c60512dd09
        Validity
            Not Before: Jan  1 03:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26540dd0de00b3c91313fdbbefbc2a95c14dac2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:06:d1:ec:c5:f1:ab:83:a7:a9:7a:0b:19:f1:
                    ed:31:09:2d:c0:13:09:af:e1:29:91:5f:31:5f:c1:
                    ef:d0:f6:ac:50:46:c7:60:6d:67:a8:7c:08:98:3e:
                    d6:c5:82:a7:e9:a7:bf:e6:23:b3:f6:d7:e5:d4:71:
                    37:4d:b2:c5:1e:5b:31:f2:59:71:c5:79:d0:4a:10:
                    e1:56:67:a0:d2:bc:60:fa:a4:0a:ab:8e:75:cc:4f:
                    28:65:05:a1:fe:9d:67:30:53:97:4a:59:57:39:58:
                    a6:89:c4:35:60:32:b6:47:09:05:bd:53:8a:9c:b0:
                    3d:bc:da:9b:19:bd:62:c5:9c:85:5b:ff:37:34:ba:
                    27:a8:d2:cb:13:01:da:59:5e:34:16:23:07:cb:29:
                    1e:88:23:42:cc:b3:3f:e6:d5:ef:37:6a:93:ee:88:
                    17:fe:eb:9f:08:04:96:07:fd:91:05:d5:ce:08:5a:
                    df:35:00:4c:3f:d4:de:b3:75:aa:ca:ac:89:ba:ef:
                    8a:64:a9:9f:0d:9d:76:53:12:f9:48:27:96:0b:a1:
                    6a:08:ff:c2:ed:4b:b4:74:b4:4f:98:04:65:40:c5:
                    3d:1e:2e:c7:d3:cb:da:b7:c5:48:3d:8a:ca:85:99:
                    07:a3:25:9b:a8:de:4e:4d:ad:92:43:93:e6:26:86:
                    c9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:54:0D:D0:DE:00:B3:C9:13:13:FD:BB:EF:BC:2A:95:C1:4D:AC:2F
            X509v3 Authority Key Identifier:
                keyid:CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/JlQN0N4As8kTE_2777wqlcFNrC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3b80:154::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:5b:55:15:32:42:47:ca:f0:c6:06:7b:aa:27:1b:f6:a1:2d:
         30:8a:9e:85:fe:5d:a5:96:7b:78:96:4a:52:28:94:7d:48:65:
         7f:84:47:aa:01:16:ae:4a:6f:8d:55:22:97:a2:dc:4d:e5:b5:
         2e:86:e0:47:8d:49:d9:0d:f1:02:d3:42:9f:a5:87:f3:37:5b:
         87:83:df:d3:d7:aa:99:4b:98:ad:e8:6a:2c:4a:96:84:38:02:
         cd:c9:80:83:12:de:ca:d6:f6:ed:a1:da:59:c9:06:f1:4d:e4:
         6f:8e:4d:c2:b9:9a:00:e0:80:ea:13:f0:a8:bd:b7:06:69:0f:
         68:cc:f4:a6:2d:e8:45:66:4f:f7:e1:69:1b:ec:c6:60:9e:8e:
         84:23:4c:f0:d1:8d:83:b8:1f:b2:e5:bf:8b:ee:0c:ea:26:ea:
         a5:1f:ee:14:bd:ee:d1:af:04:3a:66:04:11:e2:90:35:97:99:
         a4:fc:6b:91:e9:fe:0b:3e:e3:e8:39:07:25:48:12:60:a2:09:
         e8:1d:95:65:01:ba:22:55:10:51:25:3e:d2:9c:b9:12:9d:2b:
         19:6f:1e:73:c7:73:b1:34:a0:c6:a4:2c:d5:2c:cf:34:5b:64:
         6e:30:85:1c:eb:6a:81:a4:f2:0d:7a:97:57:91:2d:cc:49:82:
         f4:c8:99:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+kYWILEOFxUOOJ98hVl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZjc0Y2Q4NDY0OTMxMzhmNTIyYzU3YzAwNjViNWM2MDUx
MmRkMDkwHhcNMjUwMTAxMDM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjU0MGRkMGRlMDBiM2M5MTMxM2ZkYmJlZmJjMmE5NWMxNGRhYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wbR7MXxq4OnqXoLGfHtMQktwBMJ
r+EpkV8xX8Hv0PasUEbHYG1nqHwImD7WxYKn6ae/5iOz9tfl1HE3TbLFHlsx8llx
xXnQShDhVmeg0rxg+qQKq451zE8oZQWh/p1nMFOXSllXOVimicQ1YDK2RwkFvVOK
nLA9vNqbGb1ixZyFW/83NLonqNLLEwHaWV40FiMHyykeiCNCzLM/5tXvN2qT7ogX
/uufCASWB/2RBdXOCFrfNQBMP9Tes3WqyqyJuu+KZKmfDZ12UxL5SCeWC6FqCP/C
7Uu0dLRPmARlQMU9Hi7H08vat8VIPYrKhZkHoyWbqN5OTa2SQ5PmJobJUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCZUDdDeALPJExP9u++8KpXBTawvMB8GA1UdIwQY
MBaAFMv3TNhGSTE49SLFfABltcYFEt0JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveV9kTTJFWkpNVGoxSXNWOEFHVzF4Z1VTM1FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zNDg3ODktMzIwOC00ODQ3LTljM2Yt
OTgyZDFmMjFhMzJiLzEvSmxRTjBONEFzOGtURV8yNzc3d3FsY0ZOckM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zNDg3ODktMzIwOC00ODQ3LTljM2YtOTgyZDFmMjFhMzJi
LzEveV9kTTJFWkpNVGoxSXNWOEFHVzF4Z1VTM1FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgY7gAFU
MA0GCSqGSIb3DQEBCwUAA4IBAQBxW1UVMkJHyvDGBnuqJxv2oS0wip6F/l2llnt4
lkpSKJR9SGV/hEeqARauSm+NVSKXotxN5bUuhuBHjUnZDfEC00KfpYfzN1uHg9/T
16qZS5it6GosSpaEOALNyYCDEt7K1vbtodpZyQbxTeRvjk3CuZoA4IDqE/CovbcG
aQ9ozPSmLehFZk/34Wkb7MZgno6EI0zw0Y2DuB+y5b+L7gzqJuqlH+4Uve7RrwQ6
ZgQR4pA1l5mk/GuR6f4LPuPoOQclSBJgognoHZVlAboiVRBRJT7SnLkSnSsZbx5z
x3OxNKDGpCzVLM80W2RuMIUc62qBpPINepdXkS3MSYL0yJmO
-----END CERTIFICATE-----