Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/JDPDxy4Tei3RxbJkEDgoG4CA1eE.roa
File:                     JDPDxy4Tei3RxbJkEDgoG4CA1eE.roa (raw, json)
Hash identifier:          U2bquEudoAHsgvrxCRmUl6tNq+k5ra28n+erb5U8PzE=
Subject key identifier:   24:33:C3:C7:2E:13:7A:2D:D1:C5:B2:64:10:38:28:1B:80:80:D5:E1
Certificate issuer:       /CN=0b934c36b773008865b9c9fb0fd48669395ac730
Certificate serial:       018CCA2BAEA8700D6379942ED14F4C846F11
Authority key identifier: 0B:93:4C:36:B7:73:00:88:65:B9:C9:FB:0F:D4:86:69:39:5A:C7:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/JDPDxy4Tei3RxbJkEDgoG4CA1eE.roa
Signing time:             Tue 02 Jan 2024 12:35:09 +0000
ROA not before:           Tue 02 Jan 2024 12:35:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40027
IP address blocks:        2a00:86c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ae:a8:70:0d:63:79:94:2e:d1:4f:4c:84:6f:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b934c36b773008865b9c9fb0fd48669395ac730
        Validity
            Not Before: Jan  2 12:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2433c3c72e137a2dd1c5b2641038281b8080d5e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fe:e9:1f:26:d7:b3:0f:81:ae:a5:d9:03:66:
                    fa:54:6a:66:f5:86:15:75:42:02:90:cd:6d:0e:19:
                    c6:c9:e5:c3:b8:e1:ae:a8:83:a1:7f:f5:72:b0:f6:
                    c2:ad:1c:94:8c:83:9e:77:da:ac:88:aa:1a:3d:ef:
                    47:e9:b9:97:72:7a:1b:78:0e:7a:18:0d:ef:91:ed:
                    f8:6b:11:ed:f5:fa:58:5f:c6:1e:c6:33:5d:b2:40:
                    cd:a5:7c:34:77:58:54:24:09:46:f8:64:94:8a:d1:
                    7d:cc:b4:25:f5:bb:71:3f:72:fc:4d:e8:fa:b5:ac:
                    29:bb:c4:5e:4e:53:e4:16:24:d7:ff:f7:cb:a0:97:
                    29:24:bc:e5:d2:1e:96:f1:85:55:07:30:0b:80:b6:
                    6f:bf:1a:93:96:5c:62:ce:98:81:ee:d8:98:f0:34:
                    e9:76:84:9d:cd:32:70:30:19:79:92:e4:68:9f:d1:
                    54:c5:cd:2f:77:dd:0d:09:0d:35:74:b4:69:14:94:
                    ba:4d:72:ca:c6:bc:2f:e7:ab:6c:82:84:c5:17:40:
                    7f:39:6a:e9:c9:e5:42:0b:50:54:67:1f:b6:b2:93:
                    f1:d6:f8:fe:57:d9:c0:34:59:1c:27:74:86:cb:5b:
                    04:f0:13:e6:18:a4:aa:e2:f1:73:d8:33:de:0f:17:
                    37:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:33:C3:C7:2E:13:7A:2D:D1:C5:B2:64:10:38:28:1B:80:80:D5:E1
            X509v3 Authority Key Identifier:
                keyid:0B:93:4C:36:B7:73:00:88:65:B9:C9:FB:0F:D4:86:69:39:5A:C7:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/JDPDxy4Tei3RxbJkEDgoG4CA1eE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:86c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:45:1e:bf:92:f5:ff:2a:10:25:08:cc:a9:b1:b8:8f:95:b3:
         99:7a:a8:7b:e4:b5:fc:4b:96:6d:0c:8d:53:93:38:b2:8a:d1:
         da:e5:fd:6a:dc:05:52:a2:63:b8:0a:b7:4f:16:2c:f5:ea:a2:
         60:36:74:bd:a3:66:06:95:eb:ca:fa:23:a9:c0:b4:9d:69:f9:
         b1:3a:70:f2:de:3b:c4:5d:3e:1c:76:f2:c2:cf:e2:1f:25:42:
         06:73:24:76:53:47:1f:0e:40:82:e0:06:4a:a9:97:26:4c:a4:
         30:87:13:0b:69:16:76:6c:df:d7:81:24:79:49:6d:a4:52:0f:
         31:b4:a4:11:a3:45:37:cc:2a:32:dc:cd:3e:01:bd:f8:76:36:
         bd:25:ae:ec:40:5e:2b:df:1a:82:fc:d7:0d:40:90:04:f3:a2:
         53:c4:01:e0:a2:fb:36:e9:6f:af:5a:05:0c:33:e2:fc:ac:f5:
         92:1c:dc:b0:1d:42:30:e8:08:2f:42:7f:47:f1:1d:6d:47:11:
         e7:a3:56:3c:19:ff:93:e4:bc:5c:74:bd:24:bd:34:5d:a0:d4:
         ed:bc:96:c6:6b:a3:f2:80:70:8d:53:a1:58:b8:bf:32:9e:7e:
         62:22:61:8c:29:17:a4:fb:d4:e7:4d:f1:ca:f1:76:bf:1b:8d:
         b6:33:af:5f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKK66ocA1jeZQu0U9MhG8RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiOTM0YzM2Yjc3MzAwODg2NWI5YzlmYjBmZDQ4NjY5Mzk1
YWM3MzAwHhcNMjQwMTAyMTIzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDMzYzNjNzJlMTM3YTJkZDFjNWIyNjQxMDM4MjgxYjgwODBkNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf7pHybXsw+BrqXZA2b6VGpm9YYV
dUICkM1tDhnGyeXDuOGuqIOhf/VysPbCrRyUjIOed9qsiKoaPe9H6bmXcnobeA56
GA3vke34axHt9fpYX8YexjNdskDNpXw0d1hUJAlG+GSUitF9zLQl9btxP3L8Tej6
tawpu8ReTlPkFiTX//fLoJcpJLzl0h6W8YVVBzALgLZvvxqTllxizpiB7tiY8DTp
doSdzTJwMBl5kuRon9FUxc0vd90NCQ01dLRpFJS6TXLKxrwv56tsgoTFF0B/OWrp
yeVCC1BUZx+2spPx1vj+V9nANFkcJ3SGy1sE8BPmGKSq4vFz2DPeDxc3XwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCQzw8cuE3ot0cWyZBA4KBuAgNXhMB8GA1UdIwQY
MBaAFAuTTDa3cwCIZbnJ+w/Uhmk5WscwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzVOTU5yZHpBSWhsdWNuN0Q5U0dhVGxheHpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9kZWNiN2QtMDM4OC00ZTNjLThkYjQt
YTMwMmY1MWQzODJjLzEvSkRQRHh5NFRlaTNSeGJKa0VEZ29HNENBMWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9kZWNiN2QtMDM4OC00ZTNjLThkYjQtYTMwMmY1MWQzODJj
LzEvQzVOTU5yZHpBSWhsdWNuN0Q5U0dhVGxheHpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgCGwDAN
BgkqhkiG9w0BAQsFAAOCAQEAfkUev5L1/yoQJQjMqbG4j5WzmXqoe+S1/EuWbQyN
U5M4sorR2uX9atwFUqJjuAq3TxYs9eqiYDZ0vaNmBpXryvojqcC0nWn5sTpw8t47
xF0+HHbyws/iHyVCBnMkdlNHHw5AguAGSqmXJkykMIcTC2kWdmzf14EkeUltpFIP
MbSkEaNFN8wqMtzNPgG9+HY2vSWu7EBeK98agvzXDUCQBPOiU8QB4KL7Nulvr1oF
DDPi/Kz1khzcsB1CMOgIL0J/R/EdbUcR56NWPBn/k+S8XHS9JL00XaDU7byWxmuj
8oBwjVOhWLi/Mp5+YiJhjCkXpPvU503xyvF2vxuNtjOvXw==
-----END CERTIFICATE-----