Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/JSDT-l7XbiwAw3hok_7MGRAKlQc.roa
File:                     JSDT-l7XbiwAw3hok_7MGRAKlQc.roa (raw, json)
Hash identifier:          oTK8ThKZIJ3MXL1rO+0PlNM3M/X4u+aifeqwvlrqjHI=
Subject key identifier:   25:20:D3:FA:5E:D7:6E:2C:00:C3:78:68:93:FE:CC:19:10:0A:95:07
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018E77F9376C3B2A2CC2507896F237A3701B
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/JSDT-l7XbiwAw3hok_7MGRAKlQc.roa
Signing time:             Mon 25 Mar 2024 23:36:45 +0000
ROA not before:           Mon 25 Mar 2024 23:36:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50375
IP address blocks:        2a01:d0:a::/48 maxlen: 48
                          2a01:d0:3a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:77:f9:37:6c:3b:2a:2c:c2:50:78:96:f2:37:a3:70:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Mar 25 23:36:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2520d3fa5ed76e2c00c3786893fecc19100a9507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:76:65:77:75:d6:47:57:b4:34:13:68:02:9a:
                    df:85:a3:4f:1b:07:bd:87:0c:05:3c:bb:34:97:89:
                    2b:0c:be:bf:6a:08:52:0a:e4:69:61:0b:24:11:66:
                    56:d6:9d:55:a3:8a:14:31:96:6b:51:dd:96:f7:a2:
                    5d:e8:b3:0a:d9:22:3a:7f:e6:af:49:b3:f9:da:b9:
                    3d:4d:ff:53:81:d5:a8:4d:63:63:6a:c3:60:7c:5c:
                    bd:80:1c:8b:bf:69:0f:81:cf:60:df:a0:24:24:48:
                    41:7e:13:ae:4c:2e:f9:75:19:35:e7:ac:04:dc:ac:
                    c7:ae:9a:a8:26:28:fb:5b:60:a0:8d:49:cc:fc:8e:
                    1f:7e:61:3d:c5:ca:f1:ba:fa:ac:00:5c:29:24:fc:
                    a3:83:46:cb:6d:5e:e1:66:a7:e4:b2:2a:ff:03:ae:
                    5c:0d:db:df:af:f0:6d:a5:96:c0:b8:5c:db:9c:0d:
                    1b:1a:6a:07:f3:5c:44:fb:d6:78:e5:74:2c:ec:52:
                    65:f0:f1:29:9b:b8:cd:ff:0f:23:11:ee:92:2e:a1:
                    10:44:57:41:7b:13:7b:a9:00:4b:f1:6d:f9:aa:69:
                    10:2b:e9:3b:ec:99:15:1d:fc:94:29:92:40:80:79:
                    dc:3d:25:87:08:1b:a9:a3:8e:64:f4:6f:39:ae:6a:
                    50:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:20:D3:FA:5E:D7:6E:2C:00:C3:78:68:93:FE:CC:19:10:0A:95:07
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/JSDT-l7XbiwAw3hok_7MGRAKlQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:d0:a::/48
                  2a01:d0:3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:ba:bb:ad:f8:d8:65:dd:23:1a:05:81:37:40:7e:dd:5e:bf:
         ba:5d:0d:79:16:cf:e7:a2:db:51:85:a8:05:a7:c2:aa:b9:52:
         8a:f7:1d:1f:f8:a1:e7:6b:92:e6:36:cc:34:1b:0a:10:ef:f8:
         33:aa:23:ec:e8:89:dc:63:a7:90:16:9e:e8:e7:8d:05:24:de:
         52:0d:e0:20:e9:96:a0:7b:55:83:2f:d2:6e:c8:00:b5:8e:c6:
         3a:f9:36:71:f4:4b:67:92:7f:f6:61:7c:55:bc:da:21:15:db:
         0a:84:5c:2d:10:df:ff:02:92:52:eb:27:ac:88:3d:3a:63:3c:
         65:72:f9:bc:38:ab:74:b8:f8:c2:f3:8e:b9:c3:0d:02:55:a1:
         88:34:18:c5:6a:fa:8d:bd:b9:26:96:7e:e9:1e:20:81:5e:b8:
         6c:d7:d1:d3:81:fa:f2:75:b1:ac:11:47:5e:c7:f9:1d:e1:bc:
         3d:78:e3:e7:ae:a4:93:bb:9f:16:fd:a6:41:6c:4b:e1:7e:ab:
         ce:df:7e:c6:84:e9:c8:e0:84:f4:a9:0d:b4:f2:68:e3:a1:bb:
         72:63:88:df:83:4a:c6:8a:7a:f4:f7:ba:6e:3d:8a:62:2d:a1:
         0b:4a:ed:4b:48:d2:4b:cc:e1:62:95:d2:f8:86:51:d6:c0:47:
         8e:a6:d8:50
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY53+TdsOyoswlB4lvI3o3AbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMzI1MjMzNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTIwZDNmYTVlZDc2ZTJjMDBjMzc4Njg5M2ZlY2MxOTEwMGE5NTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHZld3XWR1e0NBNoAprfhaNPGwe9
hwwFPLs0l4krDL6/aghSCuRpYQskEWZW1p1Vo4oUMZZrUd2W96Jd6LMK2SI6f+av
SbP52rk9Tf9TgdWoTWNjasNgfFy9gByLv2kPgc9g36AkJEhBfhOuTC75dRk156wE
3KzHrpqoJij7W2CgjUnM/I4ffmE9xcrxuvqsAFwpJPyjg0bLbV7hZqfksir/A65c
Ddvfr/BtpZbAuFzbnA0bGmoH81xE+9Z45XQs7FJl8PEpm7jN/w8jEe6SLqEQRFdB
exN7qQBL8W35qmkQK+k77JkVHfyUKZJAgHncPSWHCBupo45k9G85rmpQswIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCUg0/pe124sAMN4aJP+zBkQCpUHMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvSlNEVC1sN1hiaXdBdzNob2tfN01HUkFLbFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgEA0AAK
AwcAKgEA0AA6MA0GCSqGSIb3DQEBCwUAA4IBAQAourut+Nhl3SMaBYE3QH7dXr+6
XQ15Fs/nottRhagFp8KquVKK9x0f+KHna5LmNsw0GwoQ7/gzqiPs6IncY6eQFp7o
540FJN5SDeAg6Zage1WDL9JuyAC1jsY6+TZx9Etnkn/2YXxVvNohFdsKhFwtEN//
ApJS6yesiD06Yzxlcvm8OKt0uPjC8465ww0CVaGINBjFavqNvbkmln7pHiCBXrhs
19HTgfrydbGsEUdex/kd4bw9eOPnrqSTu58W/aZBbEvhfqvO337GhOnI4IT0qQ20
8mjjobtyY4jfg0rGinr097puPYpiLaELSu1LSNJLzOFildL4hlHWwEeOpthQ
-----END CERTIFICATE-----