Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/JSs2XWcXvNLetBr-aMMnU8iAG0o.roa
File:                     JSs2XWcXvNLetBr-aMMnU8iAG0o.roa (raw, json)
Hash identifier:          zVf8G7CuQ1OpU9FWl7mbBMAyjh3opXuuTyL5MolWRMQ=
Subject key identifier:   25:2B:36:5D:67:17:BC:D2:DE:B4:1A:FE:68:C3:27:53:C8:80:1B:4A
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC098AEF5B2FBEA241054F075F780D
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/JSs2XWcXvNLetBr-aMMnU8iAG0o.roa
Signing time:             Mon 01 Jan 2024 16:29:41 +0000
ROA not before:           Mon 01 Jan 2024 16:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48700
IP address blocks:        2a05:b0c7:7000::/36 maxlen: 36
                          2a05:b0c7:7fe0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:09:8a:ef:5b:2f:be:a2:41:05:4f:07:5f:78:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=252b365d6717bcd2deb41afe68c32753c8801b4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b2:bb:22:88:c9:ea:be:52:7f:b8:2b:33:f7:
                    89:f0:f3:3d:b7:b8:92:5a:64:46:c5:47:4d:d7:1c:
                    7f:a7:3f:ed:8f:d4:9a:14:83:f9:d3:4a:6b:af:3e:
                    b9:f1:fd:ee:9c:30:c8:1b:e6:8d:f3:e6:3e:b4:43:
                    e6:f6:77:5f:b1:47:a1:86:20:90:ac:d7:b4:ad:59:
                    f5:df:23:a5:40:25:2a:83:c2:85:ec:6b:73:f2:b8:
                    0d:e0:61:4d:a9:1f:27:50:67:5b:01:43:b8:ce:62:
                    59:c8:ce:32:b5:61:b2:ff:26:21:64:d0:a6:b2:3f:
                    95:c7:2c:de:0b:52:4c:a2:00:9d:2b:48:e4:06:12:
                    e1:af:3a:ee:c2:27:43:18:0b:bd:3e:4b:42:dc:1e:
                    c3:49:df:29:b9:4b:85:80:88:61:95:cb:31:da:f7:
                    55:14:99:7b:63:ae:b2:8f:27:bb:36:bf:e4:26:0a:
                    43:2a:76:23:31:77:7b:66:2f:01:5a:78:3e:7c:cb:
                    5d:d8:75:54:82:41:48:37:fb:fe:fc:76:1b:88:96:
                    eb:c0:2a:b4:97:34:32:9b:3c:3a:ca:13:9b:26:43:
                    bb:ea:fc:43:4a:fa:7b:fc:b7:6f:c5:d5:ba:6c:24:
                    42:d3:f3:3d:60:be:16:43:4a:9a:1c:64:40:47:32:
                    a8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2B:36:5D:67:17:BC:D2:DE:B4:1A:FE:68:C3:27:53:C8:80:1B:4A
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/JSs2XWcXvNLetBr-aMMnU8iAG0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         6d:55:79:27:b4:f0:6a:2f:45:8a:36:73:05:b0:97:81:15:69:
         16:d2:27:51:20:55:dc:d8:14:45:53:7f:88:e0:f5:a9:96:a0:
         81:13:00:29:a3:76:c3:ba:24:ce:b1:32:b5:b8:e4:d8:88:01:
         b4:f8:24:c0:a8:12:f1:e8:0e:bf:99:30:16:7b:d5:b4:37:57:
         1e:e1:e7:b0:e1:db:2e:23:e2:25:eb:5c:77:75:76:2a:28:51:
         30:42:8e:14:53:10:11:04:ba:b3:b5:3c:ea:ff:f2:ed:aa:35:
         81:77:bb:9a:55:c1:0e:cf:6e:41:97:11:9f:ca:78:c7:8f:85:
         03:b1:07:a0:66:b1:d3:20:80:54:04:02:45:fc:0b:da:90:7a:
         a5:d7:95:7b:69:34:3b:3a:2f:4b:88:58:75:50:74:05:68:de:
         a3:bc:3f:f5:ae:f8:d8:63:73:2d:a3:25:4f:dc:a3:c1:c3:aa:
         df:f8:06:07:45:f7:60:89:60:14:0e:e1:58:cd:93:a5:7c:09:
         9a:42:87:1c:10:0b:8c:a2:1b:52:e4:96:fc:d5:55:17:11:12:
         51:00:aa:c1:4d:e8:36:87:e5:9f:eb:6d:54:23:58:a7:34:81:
         6e:f0:23:2b:bc:48:9d:2c:3a:38:24:35:3d:52:db:70:77:60:
         3f:ef:7b:b2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3AmK71svvqJBBU8HX3gNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJiMzY1ZDY3MTdiY2QyZGViNDFhZmU2OGMzMjc1M2M4ODAxYjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrK7IojJ6r5Sf7grM/eJ8PM9t7iS
WmRGxUdN1xx/pz/tj9SaFIP500prrz658f3unDDIG+aN8+Y+tEPm9ndfsUehhiCQ
rNe0rVn13yOlQCUqg8KF7Gtz8rgN4GFNqR8nUGdbAUO4zmJZyM4ytWGy/yYhZNCm
sj+VxyzeC1JMogCdK0jkBhLhrzruwidDGAu9PktC3B7DSd8puUuFgIhhlcsx2vdV
FJl7Y66yjye7Nr/kJgpDKnYjMXd7Zi8BWng+fMtd2HVUgkFIN/v+/HYbiJbrwCq0
lzQymzw6yhObJkO76vxDSvp7/LdvxdW6bCRC0/M9YL4WQ0qaHGRARzKooQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCUrNl1nF7zS3rQa/mjDJ1PIgBtKMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvSlNzMlhXY1h2TkxldEJyLWFNTW5VOGlBRzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgWwx3Aw
DQYJKoZIhvcNAQELBQADggEBAG1VeSe08GovRYo2cwWwl4EVaRbSJ1EgVdzYFEVT
f4jg9amWoIETACmjdsO6JM6xMrW45NiIAbT4JMCoEvHoDr+ZMBZ71bQ3Vx7h57Dh
2y4j4iXrXHd1diooUTBCjhRTEBEEurO1POr/8u2qNYF3u5pVwQ7PbkGXEZ/KeMeP
hQOxB6BmsdMggFQEAkX8C9qQeqXXlXtpNDs6L0uIWHVQdAVo3qO8P/Wu+Nhjcy2j
JU/co8HDqt/4BgdF92CJYBQO4VjNk6V8CZpChxwQC4yiG1LklvzVVRcRElEAqsFN
6DaH5Z/rbVQjWKc0gW7wIyu8SJ0sOjgkNT1S23B3YD/ve7I=
-----END CERTIFICATE-----