Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/Jt0Zox4TVq6eTdr_aHK5XmDBpkc.roa
File:                     Jt0Zox4TVq6eTdr_aHK5XmDBpkc.roa (raw, json)
Hash identifier:          sxHUKq/HBPI3LK1mqa+1qHAcM5ocqZS9m1aAc2kAv6Q=
Subject key identifier:   26:DD:19:A3:1E:13:56:AE:9E:4D:DA:FF:68:72:B9:5E:60:C1:A6:47
Certificate issuer:       /CN=0a108a28c707b0e5c2c2e6c2137d45879114bb92
Certificate serial:       018CC493951DDE72E805818247CF62393842
Authority key identifier: 0A:10:8A:28:C7:07:B0:E5:C2:C2:E6:C2:13:7D:45:87:91:14:BB:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ChCKKMcHsOXCwubCE31Fh5EUu5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/Jt0Zox4TVq6eTdr_aHK5XmDBpkc.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204946
IP address blocks:        2001:678:b0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/ChCKKMcHsOXCwubCE31Fh5EUu5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/ChCKKMcHsOXCwubCE31Fh5EUu5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ChCKKMcHsOXCwubCE31Fh5EUu5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:1d:de:72:e8:05:81:82:47:cf:62:39:38:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a108a28c707b0e5c2c2e6c2137d45879114bb92
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26dd19a31e1356ae9e4ddaff6872b95e60c1a647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3c:e0:7a:96:99:a5:39:72:e1:90:c5:e4:e7:
                    3d:ff:ee:79:8a:fe:e9:5e:42:7a:b2:48:9c:61:50:
                    06:49:02:64:f7:f2:b8:7b:9a:48:ce:71:26:f3:5f:
                    c7:1a:98:30:a9:60:7a:d6:73:10:ca:9b:41:84:fe:
                    2d:2f:0a:bc:49:b5:58:34:d8:27:5a:e3:d0:45:97:
                    e4:4c:cf:ef:c6:5b:1f:e4:55:c6:98:56:d1:10:51:
                    3e:1d:a4:31:3f:e4:d7:55:34:c4:d5:ed:a1:eb:85:
                    b8:e1:6b:81:92:c5:f8:15:82:ed:5f:58:84:bb:a3:
                    ea:7c:6d:cc:3a:6e:49:2e:3b:ad:6a:ca:ad:e6:23:
                    c7:82:39:e0:df:bf:33:1e:ab:76:79:a3:a1:68:7d:
                    8d:d3:71:0b:1d:23:54:e5:ea:64:b6:ec:70:03:56:
                    fe:bc:14:98:ea:b5:05:be:7e:66:80:24:92:68:30:
                    13:ff:12:ad:33:98:ef:09:59:47:e4:3e:7d:c0:0d:
                    eb:86:9f:e0:a4:9a:bc:3e:4b:59:0b:dc:eb:59:ce:
                    f1:9f:e5:b3:a8:7a:f6:80:66:aa:f2:84:a2:93:8f:
                    ef:9d:1c:be:cc:16:49:48:f9:a2:5f:df:15:2d:26:
                    63:46:b4:15:c3:31:f6:32:11:45:ca:d8:2f:4b:d7:
                    98:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DD:19:A3:1E:13:56:AE:9E:4D:DA:FF:68:72:B9:5E:60:C1:A6:47
            X509v3 Authority Key Identifier:
                keyid:0A:10:8A:28:C7:07:B0:E5:C2:C2:E6:C2:13:7D:45:87:91:14:BB:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ChCKKMcHsOXCwubCE31Fh5EUu5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/Jt0Zox4TVq6eTdr_aHK5XmDBpkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/139d23-802d-4224-832e-1f8581421760/1/ChCKKMcHsOXCwubCE31Fh5EUu5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:f5:09:ec:84:4e:6b:9e:38:86:5c:79:43:a1:55:57:cc:0d:
         be:19:72:0e:9a:b4:76:47:01:d6:8a:cb:54:67:ea:e3:6b:10:
         7f:09:b7:46:a8:4a:23:c2:21:20:ef:2b:f9:f7:8b:2a:7f:1b:
         50:a2:4d:30:75:f0:49:9d:73:2b:e4:7e:b0:da:f6:34:54:3a:
         d8:da:23:97:02:a8:22:e9:90:38:d7:52:60:f4:ed:1b:f7:e9:
         6d:94:8e:20:a2:86:8f:37:d1:89:35:0c:50:c7:88:db:e7:89:
         d6:07:bc:7a:ff:7b:da:fb:f9:7a:cf:e1:40:2d:5d:07:12:66:
         a7:36:2c:e1:69:b0:a1:d9:8c:fb:7b:06:31:0d:66:eb:4c:1c:
         90:e8:c4:9f:7c:47:20:fc:22:89:aa:f9:46:57:a5:4d:9d:75:
         bc:f7:b8:9f:bc:3e:ae:fb:64:59:80:b0:4b:5d:8f:0e:96:e6:
         0f:42:94:b4:b2:6c:b1:62:c2:47:26:ce:38:a4:bf:d2:e6:e7:
         2b:e8:6c:9a:d4:81:99:81:4d:b8:33:e8:06:92:d8:c7:6c:eb:
         fb:8e:df:50:2c:85:4c:8a:ff:39:61:55:0f:98:cb:9f:19:8b:
         29:c8:60:f9:09:1e:63:fe:b8:b7:d5:df:3a:b3:18:92:7e:e5:
         ca:b8:4a:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk5Ud3nLoBYGCR89iOThCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMTA4YTI4YzcwN2IwZTVjMmMyZTZjMjEzN2Q0NTg3OTEx
NGJiOTIwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRkMTlhMzFlMTM1NmFlOWU0ZGRhZmY2ODcyYjk1ZTYwYzFhNjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDzgepaZpTly4ZDF5Oc9/+55iv7p
XkJ6skicYVAGSQJk9/K4e5pIznEm81/HGpgwqWB61nMQyptBhP4tLwq8SbVYNNgn
WuPQRZfkTM/vxlsf5FXGmFbREFE+HaQxP+TXVTTE1e2h64W44WuBksX4FYLtX1iE
u6PqfG3MOm5JLjutasqt5iPHgjng378zHqt2eaOhaH2N03ELHSNU5epktuxwA1b+
vBSY6rUFvn5mgCSSaDAT/xKtM5jvCVlH5D59wA3rhp/gpJq8PktZC9zrWc7xn+Wz
qHr2gGaq8oSik4/vnRy+zBZJSPmiX98VLSZjRrQVwzH2MhFFytgvS9eY9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCbdGaMeE1aunk3a/2hyuV5gwaZHMB8GA1UdIwQY
MBaAFAoQiijHB7DlwsLmwhN9RYeRFLuSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2hDS0tNY0hzT1hDd3ViQ0UzMUZoNUVVdTVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xMzlkMjMtODAyZC00MjI0LTgzMmUt
MWY4NTgxNDIxNzYwLzEvSnQwWm94NFRWcTZlVGRyX2FISzVYbURCcGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xMzlkMjMtODAyZC00MjI0LTgzMmUtMWY4NTgxNDIxNzYw
LzEvQ2hDS0tNY0hzT1hDd3ViQ0UzMUZoNUVVdTVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAsM
MA0GCSqGSIb3DQEBCwUAA4IBAQCE9QnshE5rnjiGXHlDoVVXzA2+GXIOmrR2RwHW
istUZ+rjaxB/CbdGqEojwiEg7yv594sqfxtQok0wdfBJnXMr5H6w2vY0VDrY2iOX
Aqgi6ZA411Jg9O0b9+ltlI4gooaPN9GJNQxQx4jb54nWB7x6/3va+/l6z+FALV0H
EmanNizhabCh2Yz7ewYxDWbrTByQ6MSffEcg/CKJqvlGV6VNnXW897ifvD6u+2RZ
gLBLXY8OluYPQpS0smyxYsJHJs44pL/S5ucr6Gya1IGZgU24M+gGktjHbOv7jt9Q
LIVMiv85YVUPmMufGYspyGD5CR5j/ri31d86sxiSfuXKuEob
-----END CERTIFICATE-----