Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/JhtcFZn1DBeB_YgvykiGwbwq-5A.roa
File:                     JhtcFZn1DBeB_YgvykiGwbwq-5A.roa (raw, json)
Hash identifier:          lq1ksW9sk7qmDbD3RjXDo/8t3AbaOgnRFZLoQxj9cxk=
Subject key identifier:   26:1B:5C:15:99:F5:0C:17:81:FD:88:2F:CA:48:86:C1:BC:2A:FB:90
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29793AD96E1489BFE60D5A068CFF0A
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/JhtcFZn1DBeB_YgvykiGwbwq-5A.roa
Signing time:             Tue 02 Jan 2024 12:32:44 +0000
ROA not before:           Tue 02 Jan 2024 12:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     222222
IP address blocks:        2a0e:8f02:f054::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:79:3a:d9:6e:14:89:bf:e6:0d:5a:06:8c:ff:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=261b5c1599f50c1781fd882fca4886c1bc2afb90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:34:2f:61:f6:bf:fb:36:5b:32:b3:1f:ea:ed:
                    33:b2:d5:37:4d:d1:63:3a:e9:68:a5:6c:9c:b4:44:
                    b6:10:c6:55:dd:68:83:63:93:c6:bd:c6:21:7a:26:
                    21:62:95:20:60:97:33:80:53:b6:ae:4f:ad:74:42:
                    51:0a:4e:08:ed:b4:1d:d3:56:d0:7f:c3:62:93:29:
                    41:1f:df:79:52:70:f3:38:73:2d:15:5b:96:4b:33:
                    04:85:e5:13:33:8e:a1:bc:5a:79:1c:51:d7:f9:37:
                    06:8f:ec:a9:94:c3:95:f3:f9:69:32:83:f6:78:f2:
                    11:f9:37:c7:78:b4:b8:fe:f0:cd:a3:31:4b:ac:5f:
                    3c:1d:1d:ed:9b:c9:ca:5f:84:e4:f6:be:df:2b:e8:
                    9b:f1:01:ac:f2:00:ad:10:00:0c:c7:9a:74:b2:cf:
                    85:d6:6c:68:e4:1b:c6:e9:70:69:35:99:9f:79:08:
                    3b:1a:e6:38:f8:69:35:28:1d:b8:60:e7:74:22:1c:
                    56:06:ee:72:2b:a8:db:dc:d0:fc:3c:cc:06:15:8e:
                    f5:62:a2:07:46:26:0e:33:cd:ea:a5:af:47:8e:13:
                    02:e2:08:86:9a:23:f2:c1:55:4e:97:cb:61:40:ca:
                    3e:ee:38:4d:cc:44:84:73:51:d0:2b:ad:aa:49:80:
                    f0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:1B:5C:15:99:F5:0C:17:81:FD:88:2F:CA:48:86:C1:BC:2A:FB:90
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/JhtcFZn1DBeB_YgvykiGwbwq-5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f054::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:e6:9e:d5:32:ab:5a:10:98:f5:76:b4:7e:43:d1:7f:80:32:
         b3:89:f1:03:25:ae:bb:5b:db:1a:fc:be:46:52:8e:d3:59:58:
         69:ec:50:08:ee:12:5c:16:ac:a3:58:70:87:11:6d:ca:01:a6:
         be:f2:1e:64:09:7c:aa:b1:32:f8:6a:be:3e:78:9d:17:7e:02:
         8b:7f:19:8f:32:d3:6a:75:12:8a:e7:cb:f5:05:50:6c:1d:c9:
         05:b1:b4:cb:91:2c:58:c6:8c:90:2d:b5:58:80:50:6e:49:df:
         44:af:de:72:fc:c0:2d:9c:4c:4d:c2:11:cf:82:8a:a8:1b:29:
         be:ba:e1:57:d3:81:95:7c:ec:5f:be:c2:17:5f:05:ca:7f:00:
         df:97:54:47:e1:9f:2a:dc:42:4f:99:72:03:9b:44:40:e6:15:
         bb:e0:de:2f:d5:5d:e7:24:73:d1:f0:cd:e5:58:d0:06:3d:fd:
         87:c7:e6:17:38:ec:e6:ff:45:68:92:63:5e:c7:c1:de:f8:b7:
         a7:cc:f1:4b:44:75:10:d4:55:8d:37:c6:27:88:cc:77:6b:17:
         ff:98:ec:f8:d1:d7:3c:83:48:f7:4d:ef:39:56:5e:d8:6e:1c:
         5d:4c:82:69:4e:07:c2:c4:1a:cc:5c:9f:0a:89:8e:cd:f7:d2:
         8c:81:51:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXk62W4Uib/mDVoGjP8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjFiNWMxNTk5ZjUwYzE3ODFmZDg4MmZjYTQ4ODZjMWJjMmFmYjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTQvYfa/+zZbMrMf6u0zstU3TdFj
OulopWyctES2EMZV3WiDY5PGvcYheiYhYpUgYJczgFO2rk+tdEJRCk4I7bQd01bQ
f8NikylBH995UnDzOHMtFVuWSzMEheUTM46hvFp5HFHX+TcGj+yplMOV8/lpMoP2
ePIR+TfHeLS4/vDNozFLrF88HR3tm8nKX4Tk9r7fK+ib8QGs8gCtEAAMx5p0ss+F
1mxo5BvG6XBpNZmfeQg7GuY4+Gk1KB24YOd0IhxWBu5yK6jb3ND8PMwGFY71YqIH
RiYOM83qpa9HjhMC4giGmiPywVVOl8thQMo+7jhNzESEc1HQK62qSYDwDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCYbXBWZ9QwXgf2IL8pIhsG8KvuQMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvSmh0Y0ZabjFEQmVCX1lndnlraUd3YndxLTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBU
MA0GCSqGSIb3DQEBCwUAA4IBAQBd5p7VMqtaEJj1drR+Q9F/gDKzifEDJa67W9sa
/L5GUo7TWVhp7FAI7hJcFqyjWHCHEW3KAaa+8h5kCXyqsTL4ar4+eJ0XfgKLfxmP
MtNqdRKK58v1BVBsHckFsbTLkSxYxoyQLbVYgFBuSd9Er95y/MAtnExNwhHPgoqo
Gym+uuFX04GVfOxfvsIXXwXKfwDfl1RH4Z8q3EJPmXIDm0RA5hW74N4v1V3nJHPR
8M3lWNAGPf2Hx+YXOOzm/0VokmNex8He+LenzPFLRHUQ1FWNN8YniMx3axf/mOz4
0dc8g0j3Te85Vl7YbhxdTIJpTgfCxBrMXJ8KiY7N99KMgVFT
-----END CERTIFICATE-----