Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/hUUUkolAljwlG78_CgQSGYSFaxM.roa
File:                     hUUUkolAljwlG78_CgQSGYSFaxM.roa (raw, json)
Hash identifier:          Bm+Mxtc/ZVk52URRq0Yu42ItO1fVR00dTDIZMQSxa8M=
Subject key identifier:   85:45:14:92:89:40:96:3C:25:1B:BF:3F:0A:04:12:19:84:85:6B:13
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC79448B9FE6C55FD82016FF3A9C05002
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/hUUUkolAljwlG78_CgQSGYSFaxM.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54040
IP address blocks:        2001:668:121::/48 maxlen: 48
                          2001:668:122::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:48:b9:fe:6c:55:fd:82:01:6f:f3:a9:c0:50:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=854514928940963c251bbf3f0a04121984856b13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ff:06:97:c5:f5:2c:0c:58:47:5a:16:6a:ba:
                    e8:bc:8b:be:98:f1:7d:2f:47:21:32:4a:6d:f7:ae:
                    22:9b:f4:f1:2a:2d:68:93:ee:ec:65:c1:ad:39:d0:
                    99:c7:13:36:27:3f:6e:fb:93:29:ef:ea:01:1e:e1:
                    a0:09:f6:bd:5a:16:60:ce:56:1a:fe:94:e6:14:1f:
                    58:9c:31:51:1b:38:60:d7:f9:1b:49:05:8e:f4:1f:
                    19:15:55:01:c2:f7:ee:25:64:bb:eb:9f:3f:93:6b:
                    7a:a8:81:dc:b0:b4:6b:36:40:5e:34:78:e7:85:ad:
                    ee:86:49:62:e7:a8:f4:18:90:2d:44:c8:e4:54:75:
                    93:bf:94:39:27:4b:ea:ab:72:c0:c4:fd:5b:fb:21:
                    9e:8a:d5:0f:85:56:33:05:eb:34:3e:76:f2:77:aa:
                    8a:32:de:35:8f:76:ec:9f:a0:fb:4a:b7:b9:6f:39:
                    05:8d:30:74:75:fe:c7:83:7a:0a:d3:0e:47:59:55:
                    2f:df:c7:db:41:77:2e:8b:0e:93:e0:e4:82:f3:b6:
                    8c:5a:82:fa:1d:67:12:83:1d:e9:10:e8:be:c8:2f:
                    a4:67:b1:1f:ee:42:01:72:87:bd:84:4b:cc:fe:41:
                    46:74:00:c0:71:8c:1f:49:45:4c:e8:49:4e:a3:2b:
                    8b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:45:14:92:89:40:96:3C:25:1B:BF:3F:0A:04:12:19:84:85:6B:13
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/hUUUkolAljwlG78_CgQSGYSFaxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:668:121::-2001:668:122:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         06:d8:8a:df:7b:e2:28:3f:07:cc:89:7b:7a:d5:70:53:e5:66:
         4d:9c:01:d0:30:7a:37:47:03:c8:2c:1b:05:c9:b9:da:c2:b4:
         d8:4a:ca:d8:fe:45:1b:83:64:03:63:f5:64:7d:20:d0:7e:07:
         ed:68:f1:e2:e1:2d:36:7d:c9:d1:aa:d6:f6:2a:ad:64:7b:ad:
         3d:a3:83:a5:3a:44:89:c2:23:85:41:cb:58:b5:af:05:02:cd:
         0e:68:b7:a7:24:d5:7d:ae:63:ce:35:14:22:e9:27:c5:df:50:
         0b:98:65:04:30:fe:3a:2d:76:3f:db:e2:99:a7:8b:80:db:df:
         18:60:ed:91:91:ec:b5:7e:90:c1:85:fc:8b:b1:61:54:e7:08:
         86:f6:be:42:ad:79:57:7a:a7:5e:24:42:d6:e3:0a:2f:8e:dc:
         4b:fc:26:2a:69:92:18:90:bb:42:78:9c:6b:96:61:57:fa:5a:
         4c:8c:05:03:dc:31:f5:40:3c:e0:84:b8:34:96:21:95:21:0a:
         0a:d9:d5:11:57:17:26:a6:01:63:73:4a:99:6b:25:34:85:fb:
         09:80:f5:29:08:b3:90:75:9d:8e:ee:b6:71:08:63:3b:7c:14:
         a7:03:92:08:ba:10:23:2e:ff:c0:7f:62:91:61:ad:22:59:6c:
         e4:ec:15:3e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHlEi5/mxV/YIBb/OpwFACMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ1MTQ5Mjg5NDA5NjNjMjUxYmJmM2YwYTA0MTIxOTg0ODU2YjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP8Gl8X1LAxYR1oWarrovIu+mPF9
L0chMkpt964im/TxKi1ok+7sZcGtOdCZxxM2Jz9u+5Mp7+oBHuGgCfa9WhZgzlYa
/pTmFB9YnDFRGzhg1/kbSQWO9B8ZFVUBwvfuJWS7658/k2t6qIHcsLRrNkBeNHjn
ha3uhkli56j0GJAtRMjkVHWTv5Q5J0vqq3LAxP1b+yGeitUPhVYzBes0Pnbyd6qK
Mt41j3bsn6D7Sre5bzkFjTB0df7Hg3oK0w5HWVUv38fbQXcuiw6T4OSC87aMWoL6
HWcSgx3pEOi+yC+kZ7Ef7kIBcoe9hEvM/kFGdADAcYwfSUVM6ElOoyuLvwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIVFFJKJQJY8JRu/PwoEEhmEhWsTMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvaFVVVWtvbEFsandsRzc4X0NnUVNHWVNGYXhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAgAQZo
ASEDBwAgAQZoASIwDQYJKoZIhvcNAQELBQADggEBAAbYit974ig/B8yJe3rVcFPl
Zk2cAdAwejdHA8gsGwXJudrCtNhKytj+RRuDZANj9WR9INB+B+1o8eLhLTZ9ydGq
1vYqrWR7rT2jg6U6RInCI4VBy1i1rwUCzQ5ot6ck1X2uY841FCLpJ8XfUAuYZQQw
/jotdj/b4pmni4Db3xhg7ZGR7LV+kMGF/IuxYVTnCIb2vkKteVd6p14kQtbjCi+O
3Ev8JippkhiQu0J4nGuWYVf6WkyMBQPcMfVAPOCEuDSWIZUhCgrZ1RFXFyamAWNz
SplrJTSF+wmA9SkIs5B1nY7utnEIYzt8FKcDkgi6ECMu/8B/YpFhrSJZbOTsFT4=
-----END CERTIFICATE-----