Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/jN5zHZCMrwhdjbddZxmBgqe6ARg.roa
File:                     jN5zHZCMrwhdjbddZxmBgqe6ARg.roa (raw, json)
Hash identifier:          bYLJksVLzAr3D/SAbSaZ29/MrqGx22tcVsSGFNjgd88=
Subject key identifier:   8C:DE:73:1D:90:8C:AF:08:5D:8D:B7:5D:67:19:81:82:A7:BA:01:18
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018E0D773AD714F9151865C0C1D30A65E56C
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/jN5zHZCMrwhdjbddZxmBgqe6ARg.roa
Signing time:             Tue 05 Mar 2024 07:15:01 +0000
ROA not before:           Tue 05 Mar 2024 07:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215379
IP address blocks:        2a0a:280:3500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:77:3a:d7:14:f9:15:18:65:c0:c1:d3:0a:65:e5:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Mar  5 07:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cde731d908caf085d8db75d67198182a7ba0118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:15:89:81:9d:a2:6d:cc:48:68:03:59:d5:2c:
                    9c:15:d7:9e:a1:54:4f:63:36:e4:27:1f:d6:45:dc:
                    20:10:a3:12:b0:c4:73:93:5f:f4:c5:97:93:84:41:
                    8e:f3:d4:c4:31:53:01:92:33:40:66:81:3f:cf:22:
                    36:93:ce:77:e3:7a:0e:41:ed:13:57:6f:28:3e:a1:
                    8f:f8:a5:2f:87:23:53:e3:e1:ed:7a:84:78:7e:0e:
                    2e:55:e0:fe:07:69:58:d9:bc:15:ac:ab:8a:bd:9d:
                    74:97:b7:9e:ec:23:b0:58:6a:3c:a1:ac:63:7b:98:
                    eb:09:3f:e0:44:5a:3a:89:99:93:22:fa:04:78:a8:
                    66:fc:9f:bd:fd:12:17:25:e6:b3:06:88:58:36:83:
                    ca:10:98:0c:8d:06:cb:09:3e:c8:e7:7e:5a:c8:44:
                    e9:1a:a7:87:1b:68:b3:75:06:19:7e:49:fc:6c:46:
                    79:7d:65:00:a7:8f:6d:65:44:92:45:b4:a8:7b:9d:
                    0f:c2:ad:d2:78:c5:95:2d:a4:11:c1:28:42:77:1e:
                    97:64:30:61:2d:dd:81:1d:9b:80:00:4c:c0:ba:12:
                    06:18:5d:26:bf:ad:8d:65:95:ce:fc:1e:d7:da:8d:
                    86:57:f2:d1:1f:63:0f:9e:2a:8a:c5:72:11:5e:7f:
                    b2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DE:73:1D:90:8C:AF:08:5D:8D:B7:5D:67:19:81:82:A7:BA:01:18
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/jN5zHZCMrwhdjbddZxmBgqe6ARg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3500::/40

    Signature Algorithm: sha256WithRSAEncryption
         45:e4:c2:63:05:77:53:94:f8:51:9f:65:73:8b:46:55:5e:f1:
         38:62:d1:f3:52:1d:33:dc:45:88:dd:60:ec:b8:fe:f4:7f:70:
         64:66:27:a9:4e:0c:32:72:4d:14:4f:66:4e:83:f9:ae:02:61:
         14:0e:10:26:8e:cc:8f:08:63:b4:6d:ac:03:09:1f:33:d2:ea:
         fa:b2:03:22:7e:c1:8d:8d:d0:b9:9f:eb:7f:96:97:98:86:fa:
         46:55:81:1e:68:35:8e:d7:4a:08:a2:45:91:ce:1d:aa:bc:93:
         40:37:68:d4:29:ae:11:19:13:69:f2:52:ff:de:ef:4c:5c:3a:
         8e:85:44:08:da:bd:a5:3a:fd:28:d3:45:43:40:d6:b4:9b:a3:
         2e:d8:f0:4d:4d:c9:bc:72:fd:e0:76:58:a9:c0:37:46:59:7c:
         14:bc:27:7c:ab:28:b6:d7:f5:0f:7c:60:45:b3:51:ad:88:96:
         42:81:07:34:51:71:d5:53:c1:01:78:b7:a7:69:62:ba:0e:13:
         5c:c2:3a:ce:6a:b2:63:6c:f9:c0:ef:df:33:34:68:9d:37:db:
         f7:05:cd:eb:4a:93:ca:7e:ea:cf:72:dd:05:46:11:8e:1f:67:
         73:4d:ce:a0:ce:cb:69:ca:2b:9f:ad:c9:de:8e:4f:36:88:71:
         d8:c0:8c:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY4NdzrXFPkVGGXAwdMKZeVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMzA1MDcxNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RlNzMxZDkwOGNhZjA4NWQ4ZGI3NWQ2NzE5ODE4MmE3YmEwMTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxWJgZ2ibcxIaANZ1SycFdeeoVRP
YzbkJx/WRdwgEKMSsMRzk1/0xZeThEGO89TEMVMBkjNAZoE/zyI2k85343oOQe0T
V28oPqGP+KUvhyNT4+HteoR4fg4uVeD+B2lY2bwVrKuKvZ10l7ee7COwWGo8oaxj
e5jrCT/gRFo6iZmTIvoEeKhm/J+9/RIXJeazBohYNoPKEJgMjQbLCT7I535ayETp
GqeHG2izdQYZfkn8bEZ5fWUAp49tZUSSRbSoe50Pwq3SeMWVLaQRwShCdx6XZDBh
Ld2BHZuAAEzAuhIGGF0mv62NZZXO/B7X2o2GV/LRH2MPniqKxXIRXn+y9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIzecx2QjK8IXY23XWcZgYKnugEYMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvak41ekhaQ01yd2hkamJkZFp4bUJncWU2QVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDUw
DQYJKoZIhvcNAQELBQADggEBAEXkwmMFd1OU+FGfZXOLRlVe8Thi0fNSHTPcRYjd
YOy4/vR/cGRmJ6lODDJyTRRPZk6D+a4CYRQOECaOzI8IY7RtrAMJHzPS6vqyAyJ+
wY2N0Lmf63+Wl5iG+kZVgR5oNY7XSgiiRZHOHaq8k0A3aNQprhEZE2nyUv/e70xc
Oo6FRAjavaU6/SjTRUNA1rSboy7Y8E1Nybxy/eB2WKnAN0ZZfBS8J3yrKLbX9Q98
YEWzUa2IlkKBBzRRcdVTwQF4t6dpYroOE1zCOs5qsmNs+cDv3zM0aJ032/cFzetK
k8p+6s9y3QVGEY4fZ3NNzqDOy2nKK5+tyd6OTzaIcdjAjBc=
-----END CERTIFICATE-----