Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/JjgLVYD_xJAzQgEsxv704RTJtEI.roa
File:                     JjgLVYD_xJAzQgEsxv704RTJtEI.roa (raw, json)
Hash identifier:          2h1ogcGPMQ3n2z1740U/v3v9A4z+IsHVRGyjZ8cmBOk=
Subject key identifier:   26:38:0B:55:80:FF:C4:90:33:42:01:2C:C6:FE:F4:E1:14:C9:B4:42
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       018D35FFC7C28345246DE6E02380FD041880
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/JjgLVYD_xJAzQgEsxv704RTJtEI.roa
Signing time:             Tue 23 Jan 2024 11:06:11 +0000
ROA not before:           Tue 23 Jan 2024 11:06:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209100
IP address blocks:        2a0e:800:ff90::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:35:ff:c7:c2:83:45:24:6d:e6:e0:23:80:fd:04:18:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan 23 11:06:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26380b5580ffc4903342012cc6fef4e114c9b442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:49:36:c6:c9:8f:7d:79:f2:0a:f5:86:32:fa:
                    55:e3:65:a0:3f:13:42:e5:29:36:de:6a:c0:87:09:
                    21:12:f4:c1:ba:97:85:db:aa:0f:f9:9f:71:32:a0:
                    38:56:df:88:8c:8b:eb:35:49:90:e3:85:d7:dd:10:
                    44:c1:ab:d2:a3:37:4d:5a:a1:1c:fd:80:f3:bc:62:
                    cf:23:20:59:95:77:27:ac:98:b6:42:d3:97:1f:ed:
                    44:1d:83:73:34:55:5b:7a:6b:6b:3c:c6:93:c6:98:
                    5a:f1:41:2e:1c:1a:2f:2f:34:4b:2d:53:35:0a:0f:
                    4f:12:a8:73:18:ec:fd:89:76:dc:32:82:7e:e9:8e:
                    fb:bb:a1:28:ca:c1:23:73:ab:17:fe:3a:b3:98:43:
                    d5:0c:de:98:83:38:cf:13:04:40:f4:ec:3f:d2:b5:
                    c2:60:74:e7:3e:64:50:3d:cf:24:e1:54:be:0f:58:
                    a7:03:8c:61:e9:5b:f3:fc:55:59:3c:2b:8a:2a:60:
                    7f:9b:e8:8f:53:4e:c8:36:a8:22:d1:00:b2:85:f3:
                    56:82:6e:9e:04:bc:2c:18:d8:a7:a5:95:c4:50:73:
                    aa:e5:71:16:4b:88:9a:f0:8e:cd:ce:61:99:a6:c4:
                    3b:9c:c0:d5:af:0e:fe:78:dc:2e:bd:4c:4d:15:6d:
                    f5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:38:0B:55:80:FF:C4:90:33:42:01:2C:C6:FE:F4:E1:14:C9:B4:42
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/JjgLVYD_xJAzQgEsxv704RTJtEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:ff90::/47

    Signature Algorithm: sha256WithRSAEncryption
         95:e8:ab:4e:fb:2e:dc:1d:f9:e2:49:5f:8d:0e:d7:d6:08:38:
         b5:ad:9f:6f:8d:98:fd:6f:e9:c8:9f:f9:3c:55:94:8b:47:78:
         15:1d:75:2b:e1:8b:55:7b:79:47:1d:ec:4b:e2:21:e3:78:fa:
         db:74:53:f1:14:52:0b:83:7d:36:92:08:4e:a7:77:18:ed:85:
         47:d4:9c:c9:53:2f:f7:d0:e6:be:3e:da:28:6e:e1:2b:d4:d1:
         22:60:8b:c8:dd:16:74:fd:eb:6c:db:70:07:a5:23:f3:b0:00:
         b2:6c:a4:e0:c7:59:4c:ad:9d:27:ee:c3:db:90:cd:35:7f:68:
         be:51:6a:4c:bc:ae:02:d9:a4:f4:c5:35:53:8c:00:88:19:1f:
         bc:c9:d5:28:ae:45:57:ba:45:65:a3:01:27:a3:a9:24:7d:58:
         0a:8b:6e:85:42:56:5d:8c:bb:93:8b:07:b5:2a:a5:1a:d2:c0:
         bf:e7:91:7b:75:9c:c7:03:34:38:c5:fb:f0:8c:c6:91:82:55:
         7a:38:6d:c9:00:c6:4b:8e:2c:cb:9f:60:14:1d:6f:ee:e5:50:
         48:fc:6e:f4:e2:ff:97:18:ff:de:b3:f9:6e:3f:9d:c3:e0:da:
         28:78:90:cc:c0:79:e0:c7:77:1f:7e:96:6b:23:f8:01:95:05:
         2d:03:d3:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY01/8fCg0UkbebgI4D9BBiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjQwMTIzMTEwNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjM4MGI1NTgwZmZjNDkwMzM0MjAxMmNjNmZlZjRlMTE0YzliNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUk2xsmPfXnyCvWGMvpV42WgPxNC
5Sk23mrAhwkhEvTBupeF26oP+Z9xMqA4Vt+IjIvrNUmQ44XX3RBEwavSozdNWqEc
/YDzvGLPIyBZlXcnrJi2QtOXH+1EHYNzNFVbemtrPMaTxpha8UEuHBovLzRLLVM1
Cg9PEqhzGOz9iXbcMoJ+6Y77u6EoysEjc6sX/jqzmEPVDN6YgzjPEwRA9Ow/0rXC
YHTnPmRQPc8k4VS+D1inA4xh6Vvz/FVZPCuKKmB/m+iPU07INqgi0QCyhfNWgm6e
BLwsGNinpZXEUHOq5XEWS4ia8I7NzmGZpsQ7nMDVrw7+eNwuvUxNFW31qQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCY4C1WA/8SQM0IBLMb+9OEUybRCMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvSmpnTFZZRF94SkF6UWdFc3h2NzA0UlRKdEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg4IAP+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCV6KtO+y7cHfniSV+NDtfWCDi1rZ9vjZj9b+nI
n/k8VZSLR3gVHXUr4YtVe3lHHexL4iHjePrbdFPxFFILg302kghOp3cY7YVH1JzJ
Uy/30Oa+PtoobuEr1NEiYIvI3RZ0/ets23AHpSPzsACybKTgx1lMrZ0n7sPbkM01
f2i+UWpMvK4C2aT0xTVTjACIGR+8ydUorkVXukVlowEno6kkfVgKi26FQlZdjLuT
iwe1KqUa0sC/55F7dZzHAzQ4xfvwjMaRglV6OG3JAMZLjizLn2AUHW/u5VBI/G70
4v+XGP/es/luP53D4NooeJDMwHngx3cffpZrI/gBlQUtA9Ow
-----END CERTIFICATE-----