Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/JndOZnJuD7VeVtgFn7jTOya0C7w.roa
File:                     JndOZnJuD7VeVtgFn7jTOya0C7w.roa (raw, json)
Hash identifier:          1eJ1OWtaIx/DGoIMazt3tn6pZJzZMIkM+x9Kg7IgSJY=
Subject key identifier:   26:77:4E:66:72:6E:0F:B5:5E:56:D8:05:9F:B8:D3:3B:26:B4:0B:BC
Certificate issuer:       /CN=eab066c6e1800a3f5bd2e406e9a620d2a0f6f653
Certificate serial:       018CC6B7EA855D822000A04780511C3B8332
Authority key identifier: EA:B0:66:C6:E1:80:0A:3F:5B:D2:E4:06:E9:A6:20:D2:A0:F6:F6:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6rBmxuGACj9b0uQG6aYg0qD29lM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/JndOZnJuD7VeVtgFn7jTOya0C7w.roa
Signing time:             Mon 01 Jan 2024 20:29:51 +0000
ROA not before:           Mon 01 Jan 2024 20:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        2a0b:1200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/6rBmxuGACj9b0uQG6aYg0qD29lM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/6rBmxuGACj9b0uQG6aYg0qD29lM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6rBmxuGACj9b0uQG6aYg0qD29lM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ea:85:5d:82:20:00:a0:47:80:51:1c:3b:83:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eab066c6e1800a3f5bd2e406e9a620d2a0f6f653
        Validity
            Not Before: Jan  1 20:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26774e66726e0fb55e56d8059fb8d33b26b40bbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f3:29:ce:29:77:c1:0a:d9:49:89:b2:f1:a1:
                    92:be:26:04:bd:34:c6:2b:d0:4c:37:1c:4b:04:f5:
                    aa:79:52:d3:94:b9:ef:e6:fa:d8:44:f6:72:c1:63:
                    0d:fb:81:11:d8:e2:5c:f7:61:7e:57:aa:b5:5b:34:
                    28:23:31:fd:67:ac:f0:be:84:0d:f3:44:04:c4:90:
                    c1:2d:47:8a:30:9a:85:1e:c7:d7:6c:62:74:56:39:
                    4d:c1:17:e4:3d:53:c1:d1:34:c5:6a:d4:59:5f:8f:
                    47:5f:0d:10:28:d4:ac:20:8a:95:44:df:0a:31:e9:
                    96:2b:28:8a:0d:15:3a:1e:a0:f9:64:10:8e:bb:a0:
                    65:83:73:8c:e8:eb:93:0a:26:47:4d:25:38:7a:29:
                    51:b2:d2:ef:9c:90:08:3e:5b:be:d8:38:5e:1f:19:
                    37:20:82:f8:84:22:e1:c6:75:08:d5:16:1f:1f:48:
                    10:5d:d1:e6:1d:e3:16:f2:d1:43:49:6a:fa:35:b4:
                    3c:d6:1b:f1:ba:8f:35:7f:f3:16:a8:af:a0:45:31:
                    2a:95:8c:b9:90:09:90:8a:af:2e:82:ba:ad:77:e1:
                    03:19:25:9b:17:ac:71:07:3f:66:fa:f2:92:ee:e0:
                    50:dc:ed:1a:81:e5:c8:e4:b8:f2:b0:ef:f6:9a:4c:
                    45:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:77:4E:66:72:6E:0F:B5:5E:56:D8:05:9F:B8:D3:3B:26:B4:0B:BC
            X509v3 Authority Key Identifier:
                keyid:EA:B0:66:C6:E1:80:0A:3F:5B:D2:E4:06:E9:A6:20:D2:A0:F6:F6:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6rBmxuGACj9b0uQG6aYg0qD29lM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/JndOZnJuD7VeVtgFn7jTOya0C7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/6rBmxuGACj9b0uQG6aYg0qD29lM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1200::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:68:3c:ee:5d:38:a1:f4:53:8f:b6:03:33:8b:41:37:95:5a:
         8d:bc:a3:c5:5b:93:ff:9d:b7:ff:25:80:d1:07:24:a6:9c:7a:
         af:50:6e:d3:78:cb:0b:aa:c7:7d:68:6f:5e:f9:0f:0e:cd:3c:
         14:b9:50:f8:25:6b:b5:20:be:fd:18:fd:aa:62:85:d8:7e:3f:
         f6:e9:41:0f:38:92:41:dc:0f:48:f3:f6:e3:f8:73:96:9e:d7:
         42:8e:36:e5:03:b7:62:30:1c:d6:36:9a:05:aa:48:ca:2d:97:
         83:0a:e6:6e:10:86:c8:0f:d0:a3:3e:70:00:7e:6e:a0:53:f1:
         e1:c7:63:2b:fb:64:06:d4:60:b1:b5:81:3d:ba:1c:1f:d1:31:
         94:00:6b:67:f8:6b:0b:31:f6:48:e9:88:14:4e:79:09:fb:80:
         82:43:1a:58:16:67:32:b5:23:6f:4c:0a:fa:12:5c:33:06:98:
         c6:5a:44:37:81:20:ee:dd:de:ef:95:5d:10:f2:4d:91:eb:3f:
         b8:52:12:1a:f5:e7:35:fa:5b:a9:d7:ed:74:72:ab:17:7f:45:
         88:ba:a6:dd:cb:74:78:07:42:b4:6b:78:25:95:52:3f:c2:39:
         35:65:a3:5f:10:99:b0:f6:75:52:20:63:a6:18:c9:6c:60:83:
         86:7c:43:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGt+qFXYIgAKBHgFEcO4MyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYjA2NmM2ZTE4MDBhM2Y1YmQyZTQwNmU5YTYyMGQyYTBm
NmY2NTMwHhcNMjQwMTAxMjAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjc3NGU2NjcyNmUwZmI1NWU1NmQ4MDU5ZmI4ZDMzYjI2YjQwYmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/Mpzil3wQrZSYmy8aGSviYEvTTG
K9BMNxxLBPWqeVLTlLnv5vrYRPZywWMN+4ER2OJc92F+V6q1WzQoIzH9Z6zwvoQN
80QExJDBLUeKMJqFHsfXbGJ0VjlNwRfkPVPB0TTFatRZX49HXw0QKNSsIIqVRN8K
MemWKyiKDRU6HqD5ZBCOu6Blg3OM6OuTCiZHTSU4eilRstLvnJAIPlu+2DheHxk3
IIL4hCLhxnUI1RYfH0gQXdHmHeMW8tFDSWr6NbQ81hvxuo81f/MWqK+gRTEqlYy5
kAmQiq8ugrqtd+EDGSWbF6xxBz9m+vKS7uBQ3O0ageXI5LjysO/2mkxFUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCZ3TmZybg+1XlbYBZ+40zsmtAu8MB8GA1UdIwQY
MBaAFOqwZsbhgAo/W9LkBummINKg9vZTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnJCbXh1R0FDajliMHVRRzZhWWcwcUQyOWxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi85MWQ2MjktN2QxZi00NWJkLWExZTEt
OTMxY2Y3OThlNDEyLzEvSm5kT1puSnVEN1ZlVnRnRm43alRPeWEwQzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi85MWQ2MjktN2QxZi00NWJkLWExZTEtOTMxY2Y3OThlNDEy
LzEvNnJCbXh1R0FDajliMHVRRzZhWWcwcUQyOWxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsSADAN
BgkqhkiG9w0BAQsFAAOCAQEAbWg87l04ofRTj7YDM4tBN5VajbyjxVuT/523/yWA
0Qckppx6r1Bu03jLC6rHfWhvXvkPDs08FLlQ+CVrtSC+/Rj9qmKF2H4/9ulBDziS
QdwPSPP24/hzlp7XQo425QO3YjAc1jaaBapIyi2XgwrmbhCGyA/Qoz5wAH5uoFPx
4cdjK/tkBtRgsbWBPbocH9ExlABrZ/hrCzH2SOmIFE55CfuAgkMaWBZnMrUjb0wK
+hJcMwaYxlpEN4Eg7t3e75VdEPJNkes/uFISGvXnNfpbqdftdHKrF39FiLqm3ct0
eAdCtGt4JZVSP8I5NWWjXxCZsPZ1UiBjphjJbGCDhnxDGA==
-----END CERTIFICATE-----
Generated at Wed Jun 26 11:31:35 2024 by rpki-client on console-fra.rpki-client.org