Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/jbJI3XcrAYwskqPOgfchTCrxCAI.roa
File:                     jbJI3XcrAYwskqPOgfchTCrxCAI.roa (raw, json)
Hash identifier:          aeaS5Zd8p+PcSoZ2J21SxxaahnaU1O7B421nnXH5GPs=
Subject key identifier:   8D:B2:48:DD:77:2B:01:8C:2C:92:A3:CE:81:F7:21:4C:2A:F1:08:02
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       0194222053FD3B10B0C2AFA2F54DBD67EA84
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/jbJI3XcrAYwskqPOgfchTCrxCAI.roa
Signing time:             Wed 01 Jan 2025 13:48:51 +0000
ROA not before:           Wed 01 Jan 2025 13:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215956
IP address blocks:        2a0e:8f02:2270::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:53:fd:3b:10:b0:c2:af:a2:f5:4d:bd:67:ea:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8db248dd772b018c2c92a3ce81f7214c2af10802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:20:2c:59:d2:a4:a4:20:75:51:1f:3b:38:d2:
                    0f:a4:cf:e3:4f:e1:e9:ee:8b:5a:9a:f8:91:00:50:
                    c6:94:5f:06:6f:4d:a4:be:b0:6f:b4:fe:93:28:53:
                    02:62:e3:25:59:55:72:d6:2b:77:d0:a5:36:1f:32:
                    4e:4d:22:71:f3:8b:c2:16:e1:37:01:7e:40:e4:be:
                    89:eb:69:87:f9:be:cd:fd:fd:fc:7f:81:4e:fd:99:
                    6d:f6:95:c3:c3:f5:5d:1e:42:57:7b:bf:f5:c0:83:
                    5a:b6:54:cd:51:0b:05:79:01:a7:24:c4:35:d1:74:
                    f7:4c:7e:90:66:0e:b3:41:a7:45:b4:05:fd:b2:b7:
                    79:63:70:5e:d2:0b:70:5f:88:c4:96:71:c7:a7:dd:
                    be:cd:9a:b0:ac:eb:7b:0c:dc:ac:71:82:d8:bf:76:
                    e4:9d:93:f6:20:ad:05:7f:fa:35:b5:fc:a9:c3:95:
                    53:13:09:97:fb:d9:23:ac:28:50:ac:fd:08:fb:6a:
                    b1:3a:3b:50:a4:62:6a:04:d2:73:27:d7:1d:9b:b9:
                    79:29:75:c1:a7:6e:ad:89:34:fa:7f:5a:74:93:c9:
                    14:63:01:98:b2:8f:3d:04:73:ef:3f:dc:b4:5e:74:
                    61:27:32:13:93:80:41:a0:27:3a:68:5b:8b:f1:e8:
                    f5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:B2:48:DD:77:2B:01:8C:2C:92:A3:CE:81:F7:21:4C:2A:F1:08:02
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/jbJI3XcrAYwskqPOgfchTCrxCAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2270::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:72:1f:bc:e7:3c:a5:75:c4:81:fb:e3:7d:b6:bc:2c:f7:f6:
         5e:bd:0a:a3:e8:d8:65:df:7f:3a:3a:f3:26:b9:23:cd:cd:91:
         05:b0:db:64:7c:09:1a:1b:e9:58:66:b0:e0:47:84:54:39:5c:
         6d:57:2d:27:bb:bf:12:7e:e0:b0:a9:ea:5d:a6:b4:a1:3d:ac:
         b5:5a:8a:41:1c:0c:e6:b8:b8:e5:c3:23:58:61:46:50:28:76:
         04:a8:3e:fc:7e:9b:ae:fb:94:62:d4:ec:e6:90:f0:b0:2c:ef:
         cc:32:b1:0e:72:47:2d:77:55:5e:45:93:41:d7:c9:7f:a2:89:
         29:f2:7d:44:b7:f8:7e:79:c3:d7:a4:e0:f9:45:50:e1:ff:b9:
         09:4e:bb:65:24:e8:d5:bb:55:3f:48:06:cf:d0:7d:61:82:87:
         04:74:6e:7c:e5:c9:18:7e:01:4f:5c:fd:6c:3a:c8:a7:71:94:
         02:2e:47:aa:5c:3d:83:40:6f:28:61:e9:ce:b2:7f:7e:a9:ce:
         1b:1b:ef:3a:6e:2a:1c:aa:15:37:8d:75:52:53:90:67:61:a3:
         b7:fb:9b:47:b2:4d:68:ae:9b:cc:3e:08:4c:01:9a:3c:30:04:
         5d:53:f5:9d:1d:51:7d:82:25:f1:d9:be:72:ed:52:e4:b4:64:
         d8:a3:9b:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIFP9OxCwwq+i9U29Z+qEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGIyNDhkZDc3MmIwMThjMmM5MmEzY2U4MWY3MjE0YzJhZjEwODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySAsWdKkpCB1UR87ONIPpM/jT+Hp
7otamviRAFDGlF8Gb02kvrBvtP6TKFMCYuMlWVVy1it30KU2HzJOTSJx84vCFuE3
AX5A5L6J62mH+b7N/f38f4FO/Zlt9pXDw/VdHkJXe7/1wINatlTNUQsFeQGnJMQ1
0XT3TH6QZg6zQadFtAX9srd5Y3Be0gtwX4jElnHHp92+zZqwrOt7DNyscYLYv3bk
nZP2IK0Ff/o1tfypw5VTEwmX+9kjrChQrP0I+2qxOjtQpGJqBNJzJ9cdm7l5KXXB
p26tiTT6f1p0k8kUYwGYso89BHPvP9y0XnRhJzITk4BBoCc6aFuL8ej14wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI2ySN13KwGMLJKjzoH3IUwq8QgCMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvamJKSTNYY3JBWXdza3FQT2dmY2hUQ3J4Q0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiJw
MA0GCSqGSIb3DQEBCwUAA4IBAQALch+85zyldcSB++N9trws9/ZevQqj6Nhl3386
OvMmuSPNzZEFsNtkfAkaG+lYZrDgR4RUOVxtVy0nu78SfuCwqepdprShPay1WopB
HAzmuLjlwyNYYUZQKHYEqD78fpuu+5Ri1OzmkPCwLO/MMrEOckctd1VeRZNB18l/
ookp8n1Et/h+ecPXpOD5RVDh/7kJTrtlJOjVu1U/SAbP0H1hgocEdG585ckYfgFP
XP1sOsincZQCLkeqXD2DQG8oYenOsn9+qc4bG+86biocqhU3jXVSU5BnYaO3+5tH
sk1orpvMPghMAZo8MARdU/WdHVF9giXx2b5y7VLktGTYo5sv
-----END CERTIFICATE-----