Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/kJYD4o7CpchknBnqVcEKAmnCsaM.roa
File:                     kJYD4o7CpchknBnqVcEKAmnCsaM.roa (raw, json)
Hash identifier:          +DLNZo8qfMANqKeP8GAARy12eQ/T7PPV/Mliey8pkKc=
Subject key identifier:   90:96:03:E2:8E:C2:A5:C8:64:9C:19:EA:55:C1:0A:02:69:C2:B1:A3
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       018FE86FBCBFACCF8FB80EC2F005B164E8FE
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/kJYD4o7CpchknBnqVcEKAmnCsaM.roa
Signing time:             Wed 05 Jun 2024 12:46:27 +0000
ROA not before:           Wed 05 Jun 2024 12:46:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        2a06:1301:4050::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:6f:bc:bf:ac:cf:8f:b8:0e:c2:f0:05:b1:64:e8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Jun  5 12:46:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=909603e28ec2a5c8649c19ea55c10a0269c2b1a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:95:96:d0:06:e2:fa:49:69:23:01:17:39:3d:
                    fb:ed:e6:85:a5:3d:ab:55:dc:6e:5e:47:5c:40:c7:
                    6b:c0:33:9a:4a:fa:bc:00:b4:66:1a:b7:9a:8c:3e:
                    93:f8:c0:56:cd:52:44:bd:3c:c9:5c:3b:dc:9f:91:
                    74:1d:36:8f:63:b7:aa:86:b5:54:93:dd:50:46:d0:
                    cc:cd:d7:03:dc:ae:cc:80:1f:8d:43:bc:70:1c:e4:
                    ec:d6:40:d6:d5:b2:81:a1:8e:12:d2:e2:cc:80:0f:
                    ea:24:1d:87:c2:22:c4:31:db:5f:f4:6f:9d:54:57:
                    99:27:ea:cc:95:dc:74:4e:2e:2e:99:d3:6f:ac:bf:
                    0b:b5:12:1e:c6:44:58:55:88:4f:25:e8:16:51:81:
                    22:4f:15:c6:72:b4:19:59:f4:4f:9c:ed:c4:c9:68:
                    8c:9e:81:6f:d2:f2:7e:0c:b0:c0:d9:80:5b:87:06:
                    56:9e:30:5b:91:ef:81:a9:d7:74:47:d5:db:9d:41:
                    1b:7b:20:c6:d5:d5:e3:2b:c1:f5:df:71:b1:de:08:
                    cd:14:8a:2c:34:91:59:a7:61:e3:9b:1c:a7:05:65:
                    f6:d1:05:61:b4:37:4f:27:50:c8:0f:85:82:5c:22:
                    76:58:b1:53:80:96:54:a1:9d:05:1b:d2:3d:80:b5:
                    15:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:96:03:E2:8E:C2:A5:C8:64:9C:19:EA:55:C1:0A:02:69:C2:B1:A3
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/kJYD4o7CpchknBnqVcEKAmnCsaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1301:4050::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:21:ab:71:ce:7f:22:00:89:ff:3d:bf:3b:34:e0:f7:e2:3c:
         e0:4c:26:de:e8:59:64:cb:22:b8:8b:eb:71:50:d6:72:c9:66:
         a4:85:03:a6:32:a5:6f:a8:37:4b:bb:82:2a:8b:5d:cd:0f:7c:
         8e:c0:c8:be:d0:ec:58:e9:54:89:d0:c0:98:24:31:76:c1:71:
         54:48:2d:7c:ee:43:a4:f1:f8:99:d7:7e:5e:6b:55:3a:ad:5e:
         40:fd:45:d9:69:be:4b:4a:17:dc:5a:75:67:84:6d:f4:ce:1b:
         08:76:3a:69:b8:ff:b2:b2:76:62:fc:b1:fd:d7:5c:a7:f8:b7:
         56:89:1c:c1:9a:74:45:77:b0:e2:b8:93:0e:b7:7f:5f:e7:fd:
         3d:c9:82:06:43:75:81:3f:b3:2b:2f:b1:49:24:2d:b5:b1:41:
         10:99:70:9e:05:3c:49:05:dc:d0:be:c9:fd:da:f8:5e:65:83:
         7b:00:e9:c2:72:f8:bb:60:cb:72:ee:05:e5:b1:4a:e5:30:3c:
         b6:7a:22:c9:2f:12:15:50:ec:45:34:a4:60:fb:da:92:c2:aa:
         a2:e5:bc:25:e3:8c:42:44:e2:58:e5:37:95:94:91:23:f6:c4:
         4d:88:aa:1c:74:23:eb:d3:c6:91:f6:63:89:43:01:31:6b:d7:
         a5:05:ac:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/ob7y/rM+PuA7C8AWxZOj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwNjA1MTI0NjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk2MDNlMjhlYzJhNWM4NjQ5YzE5ZWE1NWMxMGEwMjY5YzJiMWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJWW0Abi+klpIwEXOT377eaFpT2r
VdxuXkdcQMdrwDOaSvq8ALRmGreajD6T+MBWzVJEvTzJXDvcn5F0HTaPY7eqhrVU
k91QRtDMzdcD3K7MgB+NQ7xwHOTs1kDW1bKBoY4S0uLMgA/qJB2HwiLEMdtf9G+d
VFeZJ+rMldx0Ti4umdNvrL8LtRIexkRYVYhPJegWUYEiTxXGcrQZWfRPnO3EyWiM
noFv0vJ+DLDA2YBbhwZWnjBbke+Bqdd0R9XbnUEbeyDG1dXjK8H133Gx3gjNFIos
NJFZp2HjmxynBWX20QVhtDdPJ1DID4WCXCJ2WLFTgJZUoZ0FG9I9gLUVpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJCWA+KOwqXIZJwZ6lXBCgJpwrGjMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEva0pZRDRvN0NwY2hrbkJucVZjRUtBbW5Dc2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYTAUBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBJIatxzn8iAIn/Pb87NOD34jzgTCbe6FlkyyK4
i+txUNZyyWakhQOmMqVvqDdLu4Iqi13ND3yOwMi+0OxY6VSJ0MCYJDF2wXFUSC18
7kOk8fiZ135ea1U6rV5A/UXZab5LShfcWnVnhG30zhsIdjppuP+ysnZi/LH911yn
+LdWiRzBmnRFd7DiuJMOt39f5/09yYIGQ3WBP7MrL7FJJC21sUEQmXCeBTxJBdzQ
vsn92vheZYN7AOnCcvi7YMty7gXlsUrlMDy2eiLJLxIVUOxFNKRg+9qSwqqi5bwl
44xCROJY5TeVlJEj9sRNiKocdCPr08aR9mOJQwExa9elBawP
-----END CERTIFICATE-----