Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/JMyc902U4qAH4W8GY_seA4V06YA.roa
File:                     JMyc902U4qAH4W8GY_seA4V06YA.roa (raw, json)
Hash identifier:          CInztdSEWa/kQQjBmI41PEJmgZEl/9daZDOnb6LHhE0=
Subject key identifier:   24:CC:9C:F7:4D:94:E2:A0:07:E1:6F:06:63:FB:1E:03:85:74:E9:80
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       018CC6B7AE915A11062A81ECF60ABB14479F
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/JMyc902U4qAH4W8GY_seA4V06YA.roa
Signing time:             Mon 01 Jan 2024 20:29:35 +0000
ROA not before:           Mon 01 Jan 2024 20:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203564
IP address blocks:        2a0a:d6c0:2035::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ae:91:5a:11:06:2a:81:ec:f6:0a:bb:14:47:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Jan  1 20:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24cc9cf74d94e2a007e16f0663fb1e038574e980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6c:9c:67:f9:ca:08:77:89:4e:f4:52:8b:a0:
                    c4:c3:34:da:21:e7:d8:9b:a7:40:92:15:3e:d5:9e:
                    54:78:f5:d2:4f:d6:6e:7c:09:16:33:27:7c:8f:81:
                    60:4d:0f:88:8d:99:17:55:7c:8a:ef:6d:65:12:5f:
                    9d:d9:59:95:03:62:de:5b:ff:c6:47:51:2e:4b:ef:
                    82:0d:43:40:21:f9:c2:0f:fe:58:33:c3:f2:8a:89:
                    90:cb:4d:b4:4e:bd:04:60:02:b5:94:48:29:7f:42:
                    bf:47:ee:c4:12:18:b7:f6:1a:3f:05:7c:3c:2c:6e:
                    d9:49:a8:e3:bc:0e:47:85:7e:ac:f0:9b:b4:d7:01:
                    83:52:97:4e:c4:11:60:67:7b:ba:0a:93:d4:cb:c4:
                    ea:af:31:bb:b9:48:82:15:f8:af:35:0d:44:3e:ae:
                    3d:a1:f5:4f:90:3b:8b:18:4d:c2:1c:a3:7f:21:14:
                    44:62:ca:5c:d1:a6:c2:50:82:26:20:b3:6e:6f:cc:
                    dc:f0:ef:8a:24:64:bd:38:ba:a8:c1:cc:fb:fd:17:
                    15:42:72:12:c2:b3:4b:f8:fd:d5:b8:b7:2f:ca:bf:
                    3f:57:43:a2:eb:05:e2:1e:e7:35:f9:77:f7:1e:67:
                    d8:f4:06:df:10:48:c9:c3:14:cf:58:6d:6b:68:69:
                    52:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:CC:9C:F7:4D:94:E2:A0:07:E1:6F:06:63:FB:1E:03:85:74:E9:80
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/JMyc902U4qAH4W8GY_seA4V06YA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d6c0:2035::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:3a:81:a3:d3:3f:8d:99:45:29:49:9c:cc:48:19:e5:3a:bf:
         47:f6:33:03:9b:cc:49:ab:0c:be:07:d5:3e:c1:07:bb:b1:31:
         c5:21:96:29:3e:ce:1c:89:2d:92:a1:25:f3:cf:5e:75:db:d2:
         04:19:16:f0:81:81:19:62:1e:14:e6:c4:36:44:9b:56:c7:8e:
         39:bc:e7:19:2c:b4:9b:8d:db:7f:17:b9:f6:86:3f:bb:74:36:
         58:9d:5e:66:90:8f:07:e1:16:dd:83:fa:21:17:e2:7c:d3:a2:
         db:6c:e5:1a:c5:5f:5b:49:8b:ca:5f:c3:6d:9c:38:65:97:38:
         d7:ba:b8:ba:e7:8f:cb:a7:ec:a1:89:6d:f1:13:42:09:d9:a7:
         a8:c5:0b:52:04:84:50:27:5b:87:99:ff:96:a6:2b:79:b4:d2:
         da:ca:f5:d0:3e:7f:35:ac:e2:28:71:e5:f6:57:60:07:5b:51:
         4d:de:98:30:30:b3:66:95:3b:1f:8a:0a:1a:c1:4b:a3:8d:cb:
         1d:ee:02:98:58:c1:55:77:1b:05:69:e9:88:79:46:61:bf:9b:
         29:40:cc:4e:ab:6b:12:eb:c0:96:1a:b7:94:0f:ed:9f:ee:e7:
         b0:20:9b:f4:17:74:a0:77:94:ce:2c:6e:e6:d4:46:c5:7d:03:
         44:5f:26:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt66RWhEGKoHs9gq7FEefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGNjOWNmNzRkOTRlMmEwMDdlMTZmMDY2M2ZiMWUwMzg1NzRlOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mycZ/nKCHeJTvRSi6DEwzTaIefY
m6dAkhU+1Z5UePXST9ZufAkWMyd8j4FgTQ+IjZkXVXyK721lEl+d2VmVA2LeW//G
R1EuS++CDUNAIfnCD/5YM8PyiomQy020Tr0EYAK1lEgpf0K/R+7EEhi39ho/BXw8
LG7ZSajjvA5HhX6s8Ju01wGDUpdOxBFgZ3u6CpPUy8TqrzG7uUiCFfivNQ1EPq49
ofVPkDuLGE3CHKN/IRREYspc0abCUIImILNub8zc8O+KJGS9OLqowcz7/RcVQnIS
wrNL+P3VuLcvyr8/V0Oi6wXiHuc1+Xf3HmfY9AbfEEjJwxTPWG1raGlSYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCTMnPdNlOKgB+FvBmP7HgOFdOmAMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvSk15YzkwMlU0cUFINFc4R1lfc2VBNFYwNllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrWwCA1
MA0GCSqGSIb3DQEBCwUAA4IBAQAsOoGj0z+NmUUpSZzMSBnlOr9H9jMDm8xJqwy+
B9U+wQe7sTHFIZYpPs4ciS2SoSXzz15129IEGRbwgYEZYh4U5sQ2RJtWx445vOcZ
LLSbjdt/F7n2hj+7dDZYnV5mkI8H4Rbdg/ohF+J806LbbOUaxV9bSYvKX8NtnDhl
lzjXuri654/Lp+yhiW3xE0IJ2aeoxQtSBIRQJ1uHmf+Wpit5tNLayvXQPn81rOIo
ceX2V2AHW1FN3pgwMLNmlTsfigoawUujjcsd7gKYWMFVdxsFaemIeUZhv5spQMxO
q2sS68CWGreUD+2f7uewIJv0F3Sgd5TOLG7m1EbFfQNEXyYI
-----END CERTIFICATE-----