Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/_jo1neDOPgBw16JKs3w734c_EQs.roa
File:                     _jo1neDOPgBw16JKs3w734c_EQs.roa (raw, json)
Hash identifier:          QSUqebleAkzzx2IVDYfX2CFKHz6w8bMFKnVWq2lSjoE=
Subject key identifier:   FE:3A:35:9D:E0:CE:3E:00:70:D7:A2:4A:B3:7C:3B:DF:87:3F:11:0B
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       018CC64B555C2FD3689E05D2C9B735B42554
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/_jo1neDOPgBw16JKs3w734c_EQs.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49030
IP address blocks:        2a01:240:ab01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:55:5c:2f:d3:68:9e:05:d2:c9:b7:35:b4:25:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe3a359de0ce3e0070d7a24ab37c3bdf873f110b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c0:80:fc:38:a0:f1:ac:ff:e4:31:bb:eb:01:
                    b7:7b:5a:06:5f:f0:53:04:5d:1b:16:f0:9c:fd:0a:
                    94:89:6b:6a:b8:f1:d4:db:d3:4a:3d:8e:1f:18:62:
                    a1:79:74:f3:4b:49:c1:8c:0e:45:d5:76:93:6a:1f:
                    e5:83:20:43:51:cd:d7:65:ef:3d:1b:2a:91:7c:40:
                    71:ed:f1:5f:76:27:f7:f8:5d:eb:1e:a6:b7:ac:84:
                    a6:6e:9a:73:3a:ac:a5:ee:fc:ac:78:50:5c:64:6c:
                    c8:dc:5c:14:71:1b:db:c5:e6:cf:87:a6:d1:86:72:
                    6f:68:fc:8a:4a:4d:e2:35:ac:df:c4:e3:b6:6c:87:
                    30:46:ed:3b:83:44:4c:3b:a5:1c:72:51:00:d9:df:
                    6f:1f:bf:31:8a:e5:be:83:cb:77:dc:36:2a:8b:f8:
                    1f:bf:bd:74:de:e4:da:d0:00:0f:aa:33:44:9c:9c:
                    6d:43:63:8b:e1:2c:5d:a2:b5:43:4a:d4:19:de:6f:
                    25:8d:e2:a7:38:40:29:b9:90:6a:84:36:2a:0c:a7:
                    9a:86:07:83:29:ad:3c:54:db:45:84:f8:6b:01:7a:
                    02:63:cd:de:4c:ef:a5:53:0a:f2:5c:5f:ff:9e:3e:
                    41:62:d8:ef:93:25:90:bc:9b:25:fb:6d:6b:67:f7:
                    07:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:3A:35:9D:E0:CE:3E:00:70:D7:A2:4A:B3:7C:3B:DF:87:3F:11:0B
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/_jo1neDOPgBw16JKs3w734c_EQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:240:ab01::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:05:ff:34:65:17:dd:fb:fd:f5:6b:0c:22:07:4b:2d:d8:90:
         70:41:3d:82:8d:5d:bd:20:10:3b:86:7e:0f:1c:bd:b8:40:6d:
         6a:65:41:66:2f:40:b3:8e:35:0f:36:64:65:49:ca:36:c2:38:
         a9:5c:70:41:59:6c:d3:2e:23:00:1e:ae:c8:b8:00:0d:54:a8:
         37:6f:8f:a6:e2:5a:7f:d1:a8:a0:8d:14:f3:c0:bc:cf:8c:d5:
         fe:27:47:ac:f6:7c:29:2d:a6:03:e0:f1:af:59:1e:a3:c3:9e:
         17:7a:98:eb:bd:59:3e:54:89:a1:0b:bb:3a:f3:39:e3:a8:59:
         1c:93:d4:ed:86:65:fd:16:bb:89:eb:0b:54:c4:d8:89:34:7c:
         b0:94:7f:29:44:58:93:bb:f1:5a:ea:c1:03:a7:b1:3d:b0:97:
         e0:d8:78:9a:7e:74:0d:a2:8b:ab:66:dd:98:38:9a:6e:6d:20:
         c8:ab:11:6c:31:b1:01:82:c1:99:be:b1:86:a1:68:54:49:01:
         65:2f:c6:b4:72:15:cf:44:5c:39:c3:7c:a8:f8:c6:83:b7:7e:
         4e:f0:28:33:75:d9:2b:d8:1f:2c:5b:77:1f:c2:d8:7f:99:3b:
         c3:9a:c0:c8:9a:cb:26:00:81:31:50:60:c6:52:dc:52:f9:a8:
         57:0e:35:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS1VcL9NongXSybc1tCVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTNhMzU5ZGUwY2UzZTAwNzBkN2EyNGFiMzdjM2JkZjg3M2YxMTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMCA/Dig8az/5DG76wG3e1oGX/BT
BF0bFvCc/QqUiWtquPHU29NKPY4fGGKheXTzS0nBjA5F1XaTah/lgyBDUc3XZe89
GyqRfEBx7fFfdif3+F3rHqa3rISmbppzOqyl7vyseFBcZGzI3FwUcRvbxebPh6bR
hnJvaPyKSk3iNazfxOO2bIcwRu07g0RMO6UcclEA2d9vH78xiuW+g8t33DYqi/gf
v7103uTa0AAPqjNEnJxtQ2OL4SxdorVDStQZ3m8ljeKnOEApuZBqhDYqDKeahgeD
Ka08VNtFhPhrAXoCY83eTO+lUwryXF//nj5BYtjvkyWQvJsl+21rZ/cHUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP46NZ3gzj4AcNeiSrN8O9+HPxELMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvX2pvMW5lRE9QZ0J3MTZKS3MzdzczNGNfRVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgECQKsB
MA0GCSqGSIb3DQEBCwUAA4IBAQBHBf80ZRfd+/31awwiB0st2JBwQT2CjV29IBA7
hn4PHL24QG1qZUFmL0CzjjUPNmRlSco2wjipXHBBWWzTLiMAHq7IuAANVKg3b4+m
4lp/0aigjRTzwLzPjNX+J0es9nwpLaYD4PGvWR6jw54XepjrvVk+VImhC7s68znj
qFkck9TthmX9FruJ6wtUxNiJNHywlH8pRFiTu/Fa6sEDp7E9sJfg2HiafnQNoour
Zt2YOJpubSDIqxFsMbEBgsGZvrGGoWhUSQFlL8a0chXPRFw5w3yo+MaDt35O8Cgz
ddkr2B8sW3cfwth/mTvDmsDImssmAIExUGDGUtxS+ahXDjXb
-----END CERTIFICATE-----