Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/JtUZOkkVHj4uRvyb6J9AcYx4Ngs.roa
File:                     JtUZOkkVHj4uRvyb6J9AcYx4Ngs.roa (raw, json)
Hash identifier:          tUy6d9vmyY5VZTre9VxEHBTMiK1Bt0O87ayaO5vDi8I=
Subject key identifier:   26:D5:19:3A:49:15:1E:3E:2E:46:FC:9B:E8:9F:40:71:8C:78:36:0B
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D06D24D21A231E143952C105F53EA
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/JtUZOkkVHj4uRvyb6J9AcYx4Ngs.roa
Signing time:             Tue 02 Jan 2024 08:31:57 +0000
ROA not before:           Tue 02 Jan 2024 08:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200676
IP address blocks:        2a0a:280:1c00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:06:d2:4d:21:a2:31:e1:43:95:2c:10:5f:53:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26d5193a49151e3e2e46fc9be89f40718c78360b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:59:45:b9:37:06:92:44:94:3a:a7:01:3b:fd:
                    9b:f1:49:d8:97:ec:1b:cc:bf:3d:f0:15:05:b9:0b:
                    5f:34:2b:4a:c3:ee:00:be:1a:25:bd:3b:ae:89:24:
                    27:4f:9e:87:a1:5c:13:2d:9b:f5:67:1d:6d:88:36:
                    74:a5:4e:1d:7e:23:42:fa:27:50:8a:67:af:82:ec:
                    72:5b:88:73:cc:94:ec:b7:6c:bd:f0:fc:2a:c8:56:
                    77:51:62:c0:a9:2a:94:cd:26:71:fb:ad:45:b8:f7:
                    72:f5:ce:a1:6b:50:68:05:9a:af:a9:39:51:5f:74:
                    15:ef:0d:49:17:10:1f:01:f5:29:60:a6:d2:07:48:
                    d1:bf:61:9f:1d:64:b7:57:05:5b:48:a3:0f:ae:62:
                    64:3d:1c:e3:6c:79:c5:2d:10:69:9f:93:b8:c4:91:
                    f6:13:00:cf:9c:51:1d:47:cd:93:83:48:e1:6e:0f:
                    fe:c4:a0:ae:3e:a0:56:74:62:cd:f5:88:5b:3b:68:
                    fc:ca:32:53:b0:dd:43:36:a3:e1:c1:53:ea:55:4f:
                    9b:c2:69:04:12:a1:b8:a2:aa:6d:73:7d:f2:b4:8a:
                    88:3f:c6:8e:30:e5:7b:44:6f:e3:12:a2:88:3b:4e:
                    57:b4:19:22:c9:21:b5:58:34:e6:0d:76:3b:b5:d0:
                    54:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D5:19:3A:49:15:1E:3E:2E:46:FC:9B:E8:9F:40:71:8C:78:36:0B
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/JtUZOkkVHj4uRvyb6J9AcYx4Ngs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:8f:31:1d:d6:be:75:e8:5e:a1:96:d0:dc:2f:0e:26:3b:04:
         df:df:15:dc:c2:8d:70:8b:ff:10:c7:9a:1c:d3:ca:37:3d:62:
         46:45:94:3f:0c:c5:54:6d:d1:d2:07:62:29:1f:88:4b:24:82:
         20:98:88:f5:55:44:a6:67:68:42:b4:1c:05:9f:f6:e7:5b:68:
         06:15:1e:66:4b:f4:62:c7:bd:04:07:8b:0c:96:50:e2:5b:43:
         07:85:6f:39:c5:c5:b4:ad:d1:7d:37:ae:85:2c:c4:dd:94:9d:
         03:52:cf:c3:f2:20:01:9f:1d:c8:c8:bc:79:a8:2a:4b:68:0f:
         89:26:3d:15:2f:6f:b6:91:ca:c8:cc:d1:7a:ba:a4:6d:e8:c3:
         b2:a7:cb:ee:57:90:9d:9f:15:88:3e:d6:45:67:17:9d:0c:50:
         5c:8b:70:26:20:e9:e8:9d:a1:3b:5e:51:b0:e2:42:24:bf:29:
         4e:a8:c1:fc:41:fd:a4:54:d3:37:2c:bc:f6:14:b0:40:9d:92:
         db:70:1e:89:c1:05:37:fb:8f:3d:20:7a:6c:ec:9b:6f:0f:31:
         3f:55:36:60:d9:64:8f:85:22:d4:47:75:ab:12:f4:8a:20:e2:
         e5:13:82:b0:71:7d:af:82:18:bf:e2:7a:f9:76:5f:76:9d:49:
         d1:0d:df:f1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQbSTSGiMeFDlSwQX1PqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQ1MTkzYTQ5MTUxZTNlMmU0NmZjOWJlODlmNDA3MThjNzgzNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVlFuTcGkkSUOqcBO/2b8UnYl+wb
zL898BUFuQtfNCtKw+4AvholvTuuiSQnT56HoVwTLZv1Zx1tiDZ0pU4dfiNC+idQ
imevguxyW4hzzJTst2y98PwqyFZ3UWLAqSqUzSZx+61FuPdy9c6ha1BoBZqvqTlR
X3QV7w1JFxAfAfUpYKbSB0jRv2GfHWS3VwVbSKMPrmJkPRzjbHnFLRBpn5O4xJH2
EwDPnFEdR82Tg0jhbg/+xKCuPqBWdGLN9YhbO2j8yjJTsN1DNqPhwVPqVU+bwmkE
EqG4oqptc33ytIqIP8aOMOV7RG/jEqKIO05XtBkiySG1WDTmDXY7tdBUBQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCbVGTpJFR4+Lkb8m+ifQHGMeDYLMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvSnRVWk9ra1ZIajR1UnZ5YjZKOUFjWXg0TmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBww
DQYJKoZIhvcNAQELBQADggEBAIuPMR3WvnXoXqGW0NwvDiY7BN/fFdzCjXCL/xDH
mhzTyjc9YkZFlD8MxVRt0dIHYikfiEskgiCYiPVVRKZnaEK0HAWf9udbaAYVHmZL
9GLHvQQHiwyWUOJbQweFbznFxbSt0X03roUsxN2UnQNSz8PyIAGfHcjIvHmoKkto
D4kmPRUvb7aRysjM0Xq6pG3ow7Kny+5XkJ2fFYg+1kVnF50MUFyLcCYg6eidoTte
UbDiQiS/KU6owfxB/aRU0zcsvPYUsECdkttwHonBBTf7jz0gemzsm28PMT9VNmDZ
ZI+FItRHdasS9Iog4uUTgrBxfa+CGL/ievl2X3adSdEN3/E=
-----END CERTIFICATE-----