Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/njVN5zyy-e7-zkeIDLdDxPJFHyE.roa
File:                     njVN5zyy-e7-zkeIDLdDxPJFHyE.roa (raw, json)
Hash identifier:          bJtSMwqBmK8wKLU7SX73PY2FCnbv13ySsR61Dg73HJU=
Subject key identifier:   9E:35:4D:E7:3C:B2:F9:EE:FE:CE:47:88:0C:B7:43:C4:F2:45:1F:21
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE3739063637A4D4DDF46322CCC557
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/njVN5zyy-e7-zkeIDLdDxPJFHyE.roa
Signing time:             Tue 02 Jan 2024 06:30:55 +0000
ROA not before:           Tue 02 Jan 2024 06:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211027
IP address blocks:        2a06:d642::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 20:23:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:37:39:06:36:37:a4:d4:dd:f4:63:22:cc:c5:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e354de73cb2f9eefece47880cb743c4f2451f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5b:78:23:c2:8c:b8:bd:d9:09:e1:5c:ef:6b:
                    7b:f1:da:4f:dc:1c:9e:53:e5:b7:c1:c0:3f:91:31:
                    d5:b2:bb:92:af:e2:95:e4:b5:c2:fe:d7:be:c9:20:
                    ac:54:ac:3a:0c:09:50:c1:38:64:61:a2:a3:77:50:
                    64:4b:7d:5f:fe:27:6f:3b:0d:63:16:bf:14:97:13:
                    73:17:82:82:70:22:dd:fd:68:99:7d:8d:96:b3:ef:
                    b5:29:53:f9:67:de:61:c8:03:8c:c2:e9:88:6c:38:
                    a1:3b:ea:b5:ce:33:88:f8:3b:09:3f:98:68:a2:b3:
                    66:d2:52:a6:02:3b:71:56:9e:b9:fd:2b:10:b9:63:
                    68:68:65:81:4a:a0:ad:16:27:29:e9:26:ac:5d:70:
                    6c:fd:9d:3f:38:4d:96:a7:30:05:e1:45:5f:22:9a:
                    29:a9:17:35:e9:7e:6b:21:70:c6:93:3e:a6:35:4f:
                    f9:12:03:be:01:6e:fb:66:31:82:d5:5e:ed:2b:81:
                    ad:dd:6d:92:9d:97:12:18:be:4b:20:fc:cf:bb:a4:
                    9c:f2:a5:ae:22:0e:41:8e:12:e8:13:39:88:57:b9:
                    db:44:d5:3b:54:0c:ca:4a:19:9f:23:46:b1:8d:2b:
                    fd:fd:f3:2e:58:ab:93:93:97:00:71:52:56:41:fd:
                    ea:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:35:4D:E7:3C:B2:F9:EE:FE:CE:47:88:0C:B7:43:C4:F2:45:1F:21
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/njVN5zyy-e7-zkeIDLdDxPJFHyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d642::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:c6:e5:ce:e3:fc:03:87:98:11:b7:57:4f:7b:98:2b:37:11:
         4d:9a:6f:fb:9f:c5:8c:97:83:53:2d:d0:96:9c:ed:06:59:13:
         d7:e1:38:e8:fb:04:18:b3:ba:2e:68:b1:cb:0c:9e:39:f3:4a:
         e5:84:dc:fe:85:12:5d:63:a3:bb:9e:91:79:24:ca:af:3b:22:
         18:6f:03:b9:c2:9b:d4:8d:f3:45:6c:78:30:41:c5:92:45:f4:
         cb:e5:ba:c0:bd:dd:7a:83:72:8f:5b:9b:a4:40:d3:f1:64:00:
         a1:b3:d6:3d:76:10:de:24:1f:28:c7:d1:e2:7b:ce:eb:ad:e4:
         4c:7a:41:58:7b:de:a7:53:e6:b3:2a:32:b7:20:27:3b:8a:69:
         b2:3e:24:3b:a7:85:d6:69:73:f9:d6:8b:ed:81:3d:41:2e:11:
         f6:a5:e1:da:05:91:d3:42:b3:5b:a7:bf:48:ab:e2:44:43:eb:
         61:84:61:bb:d9:b9:38:3d:bd:c5:a3:cc:60:c7:f9:7a:7a:be:
         77:17:e3:c8:9f:44:e6:32:3d:67:c7:29:69:f9:01:40:02:9b:
         91:6d:78:1e:07:13:ba:c3:a4:33:fc:27:54:81:2c:57:fb:8b:
         6a:f4:ce:1c:cc:86:6f:ba:66:46:5b:73:0c:cc:f0:fc:7b:85:
         ee:0e:24:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3jc5BjY3pNTd9GMizMVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTM1NGRlNzNjYjJmOWVlZmVjZTQ3ODgwY2I3NDNjNGYyNDUxZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFt4I8KMuL3ZCeFc72t78dpP3Bye
U+W3wcA/kTHVsruSr+KV5LXC/te+ySCsVKw6DAlQwThkYaKjd1BkS31f/idvOw1j
Fr8UlxNzF4KCcCLd/WiZfY2Ws++1KVP5Z95hyAOMwumIbDihO+q1zjOI+DsJP5ho
orNm0lKmAjtxVp65/SsQuWNoaGWBSqCtFicp6SasXXBs/Z0/OE2WpzAF4UVfIpop
qRc16X5rIXDGkz6mNU/5EgO+AW77ZjGC1V7tK4Gt3W2SnZcSGL5LIPzPu6Sc8qWu
Ig5BjhLoEzmIV7nbRNU7VAzKShmfI0axjSv9/fMuWKuTk5cAcVJWQf3qzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ41Tec8svnu/s5HiAy3Q8TyRR8hMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvbmpWTjV6eXktZTctemtlSURMZER4UEpGSHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbWQjAN
BgkqhkiG9w0BAQsFAAOCAQEAE8blzuP8A4eYEbdXT3uYKzcRTZpv+5/FjJeDUy3Q
lpztBlkT1+E46PsEGLO6LmixywyeOfNK5YTc/oUSXWOju56ReSTKrzsiGG8DucKb
1I3zRWx4MEHFkkX0y+W6wL3deoNyj1ubpEDT8WQAobPWPXYQ3iQfKMfR4nvO663k
THpBWHvep1PmsyoytyAnO4ppsj4kO6eF1mlz+daL7YE9QS4R9qXh2gWR00KzW6e/
SKviREPrYYRhu9m5OD29xaPMYMf5enq+dxfjyJ9E5jI9Z8cpafkBQAKbkW14HgcT
usOkM/wnVIEsV/uLavTOHMyGb7pmRltzDMzw/HuF7g4koA==
-----END CERTIFICATE-----