Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/JQhRMG4-Y6hXO7oAPgYjDQYPkTo.roa
File:                     JQhRMG4-Y6hXO7oAPgYjDQYPkTo.roa (raw, json)
Hash identifier:          hDa/U14il7UgbZz09me2lDK7PKLO7CUjFaoBDYrgnXI=
Subject key identifier:   25:08:51:30:6E:3E:63:A8:57:3B:BA:00:3E:06:23:0D:06:0F:91:3A
Certificate issuer:       /CN=6b7d1f1e877c12798274e01334554f899f38eac1
Certificate serial:       018CC86F0E40390D0EE19B5B97F35B7704CE
Authority key identifier: 6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/JQhRMG4-Y6hXO7oAPgYjDQYPkTo.roa
Signing time:             Tue 02 Jan 2024 04:29:30 +0000
ROA not before:           Tue 02 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40970
IP address blocks:        2a0c:7100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0e:40:39:0d:0e:e1:9b:5b:97:f3:5b:77:04:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b7d1f1e877c12798274e01334554f899f38eac1
        Validity
            Not Before: Jan  2 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=250851306e3e63a8573bba003e06230d060f913a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:70:3d:3e:5e:f6:5c:87:65:57:8a:48:96:65:
                    31:be:a2:7e:6f:d2:07:d2:96:a7:52:07:e3:ae:df:
                    a3:3f:b3:80:cb:24:32:ab:36:8f:a2:5d:a6:df:90:
                    3f:9f:d2:fd:f7:23:9c:1e:ee:56:6e:06:d7:ea:cd:
                    fa:3e:6c:07:c7:93:15:86:b0:2a:f8:76:82:6f:78:
                    c6:2e:9f:6b:a0:cf:f2:a1:c0:cc:4b:d3:a7:e9:6c:
                    9a:32:3b:8f:59:68:e7:bd:ce:cd:2a:6a:9e:3b:9c:
                    60:9f:6c:f0:82:e8:61:9e:1f:99:8d:a5:10:80:ec:
                    2f:ba:f4:f5:7a:5f:c7:d9:08:07:c5:77:44:50:4a:
                    ff:03:a3:58:ac:28:58:44:c0:fe:45:d0:2b:1e:40:
                    29:5b:71:cc:a9:0b:b9:c6:02:42:60:bb:4f:38:9e:
                    e0:96:93:3c:84:46:cb:7a:1c:7a:d2:36:2f:94:6f:
                    b9:28:44:29:df:d1:eb:ce:e9:83:48:5f:7e:66:b0:
                    1a:48:5e:4e:86:26:a7:dd:4e:28:1d:c5:1f:b8:ba:
                    1e:19:1b:c5:78:b8:3a:85:27:23:c6:99:ea:03:12:
                    bd:de:1e:b3:9b:d7:81:1b:25:d4:f5:2e:1d:6b:af:
                    b7:7b:96:e2:ae:a3:9c:b4:e9:87:75:3d:25:40:93:
                    84:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:08:51:30:6E:3E:63:A8:57:3B:BA:00:3E:06:23:0D:06:0F:91:3A
            X509v3 Authority Key Identifier:
                keyid:6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/JQhRMG4-Y6hXO7oAPgYjDQYPkTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7100::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:78:13:e0:76:43:1a:5c:53:9f:b2:d5:95:c2:81:35:4b:be:
         27:68:b3:e1:aa:b2:9f:cc:32:5c:f8:90:a3:99:d6:7e:a2:0d:
         83:5e:3f:22:7a:49:9d:5c:97:40:40:8f:19:af:43:3c:72:3d:
         b1:dc:17:8c:ff:31:00:38:b0:02:80:a7:b3:d9:c8:ac:3c:92:
         c8:24:13:bc:b4:c8:d5:42:39:f3:85:c1:5c:c9:c9:bf:de:31:
         a7:36:92:06:71:45:47:82:6b:cd:83:a8:46:a1:62:c6:e2:10:
         a4:e3:10:aa:6b:92:b4:1b:fe:61:41:94:c8:25:76:0b:d0:46:
         0a:f2:e8:c5:0f:47:5d:78:66:fc:27:88:a0:e2:b8:3d:98:30:
         3f:9e:a5:e5:61:d2:74:cd:68:14:8b:b8:cf:ef:e5:d4:f4:28:
         3a:b2:46:1e:7f:6e:74:16:95:1c:0a:01:c8:7e:39:8a:79:5d:
         83:a3:0d:9a:c8:5e:29:91:f6:28:7a:b7:76:ce:e1:09:4d:88:
         4e:bb:9d:e5:61:88:5d:fc:fb:03:1a:35:6d:a1:06:6c:88:e0:
         70:62:be:fb:55:46:63:3f:00:c1:96:eb:e6:80:3d:07:2c:39:
         02:b9:6f:70:cd:e0:77:4b:44:77:73:fb:a7:3f:ca:6a:78:0e:
         df:a8:3f:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIbw5AOQ0O4Ztbl/NbdwTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiN2QxZjFlODc3YzEyNzk4Mjc0ZTAxMzM0NTU0Zjg5OWYz
OGVhYzEwHhcNMjQwMTAyMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTA4NTEzMDZlM2U2M2E4NTczYmJhMDAzZTA2MjMwZDA2MGY5MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3A9Pl72XIdlV4pIlmUxvqJ+b9IH
0panUgfjrt+jP7OAyyQyqzaPol2m35A/n9L99yOcHu5WbgbX6s36PmwHx5MVhrAq
+HaCb3jGLp9roM/yocDMS9On6WyaMjuPWWjnvc7NKmqeO5xgn2zwguhhnh+ZjaUQ
gOwvuvT1el/H2QgHxXdEUEr/A6NYrChYRMD+RdArHkApW3HMqQu5xgJCYLtPOJ7g
lpM8hEbLehx60jYvlG+5KEQp39HrzumDSF9+ZrAaSF5Ohian3U4oHcUfuLoeGRvF
eLg6hScjxpnqAxK93h6zm9eBGyXU9S4da6+3e5birqOctOmHdT0lQJOEpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCUIUTBuPmOoVzu6AD4GIw0GD5E6MB8GA1UdIwQY
MBaAFGt9Hx6HfBJ5gnTgEzRVT4mfOOrBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUt
MmZhZDlhMmZjM2VmLzEvSlFoUk1HNC1ZNmhYTzdvQVBnWWpEUVlQa1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUtMmZhZDlhMmZjM2Vm
LzEvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgxxADAN
BgkqhkiG9w0BAQsFAAOCAQEAmngT4HZDGlxTn7LVlcKBNUu+J2iz4aqyn8wyXPiQ
o5nWfqINg14/InpJnVyXQECPGa9DPHI9sdwXjP8xADiwAoCns9nIrDySyCQTvLTI
1UI584XBXMnJv94xpzaSBnFFR4JrzYOoRqFixuIQpOMQqmuStBv+YUGUyCV2C9BG
CvLoxQ9HXXhm/CeIoOK4PZgwP56l5WHSdM1oFIu4z+/l1PQoOrJGHn9udBaVHAoB
yH45inldg6MNmsheKZH2KHq3ds7hCU2ITrud5WGIXfz7Axo1baEGbIjgcGK++1VG
Yz8AwZbr5oA9Byw5ArlvcM3gd0tEd3P7pz/KangO36g/eg==
-----END CERTIFICATE-----