Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/JitYuErrPrk5beI31a-vKbg9zGE.roa
File:                     JitYuErrPrk5beI31a-vKbg9zGE.roa (raw, json)
Hash identifier:          BrvYeRSwn5rRhuPTwElKClOqsvlKn9m77jKN4qLnHd4=
Subject key identifier:   26:2B:58:B8:4A:EB:3E:B9:39:6D:E2:37:D5:AF:AF:29:B8:3D:CC:61
Certificate issuer:       /CN=ccefffc15a83a38bdda8cfe120c335267dce50f3
Certificate serial:       018CC7275173F2FB883DEB298A9B27405085
Authority key identifier: CC:EF:FF:C1:5A:83:A3:8B:DD:A8:CF:E1:20:C3:35:26:7D:CE:50:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/JitYuErrPrk5beI31a-vKbg9zGE.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a02:fa8:c800::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:51:73:f2:fb:88:3d:eb:29:8a:9b:27:40:50:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccefffc15a83a38bdda8cfe120c335267dce50f3
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=262b58b84aeb3eb9396de237d5afaf29b83dcc61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cb:5f:fc:38:84:90:42:e6:b0:94:dc:33:1f:
                    f6:55:d8:e5:fc:ce:60:f6:0e:40:bd:7f:c9:cd:d5:
                    20:54:cf:75:6c:73:76:cd:20:cd:c8:a1:e9:30:51:
                    85:92:8d:da:0a:30:3a:aa:80:5b:c5:db:80:d1:54:
                    96:19:07:3c:ab:08:2d:20:0d:22:35:dd:c8:f4:fa:
                    f3:3f:60:ba:d8:a7:7b:d3:76:d6:83:19:62:a7:0c:
                    ad:1e:49:42:fa:35:9d:02:80:af:3a:74:df:02:88:
                    e7:89:a2:ab:0f:5b:bf:37:e6:b3:91:66:b3:b8:58:
                    9f:c8:2c:5c:e4:f1:be:db:b3:32:1a:e6:f9:f3:83:
                    ae:40:23:2f:ed:1b:04:5c:83:b0:e5:28:c0:e5:66:
                    3f:6c:ca:96:14:78:eb:99:59:6e:22:45:12:31:0e:
                    cc:1b:61:85:b5:99:64:04:cb:fc:e1:4d:13:ea:12:
                    00:0e:91:a3:0a:aa:d9:c6:c1:5a:76:79:82:ce:0f:
                    30:66:ec:ec:c9:c3:08:76:ce:a9:76:98:c2:42:14:
                    28:74:ce:42:eb:54:bf:5b:b5:9c:48:cf:8e:eb:53:
                    f5:53:8f:83:12:5a:a7:30:32:12:27:c5:31:b8:45:
                    0b:10:15:e4:ce:64:b8:07:2e:cb:79:30:14:1e:ed:
                    f3:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:2B:58:B8:4A:EB:3E:B9:39:6D:E2:37:D5:AF:AF:29:B8:3D:CC:61
            X509v3 Authority Key Identifier:
                keyid:CC:EF:FF:C1:5A:83:A3:8B:DD:A8:CF:E1:20:C3:35:26:7D:CE:50:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/JitYuErrPrk5beI31a-vKbg9zGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:fa8:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         5f:72:37:94:e7:f8:89:db:28:9b:ca:8f:93:8f:95:f9:16:ac:
         3b:27:55:98:be:47:20:12:fb:75:9d:4a:e0:f2:02:64:b0:b3:
         83:9e:4d:18:c2:55:dc:d3:d0:0f:a2:51:17:21:0d:ca:c7:b0:
         ae:d4:45:fa:da:dc:31:4c:3e:24:de:4a:bf:c5:ff:d7:47:01:
         0c:71:ca:09:69:e6:14:e4:18:e1:3a:45:63:fc:4d:a1:85:16:
         01:b9:8b:3a:e9:c0:74:98:24:74:ef:8b:cd:c2:bc:3f:f7:bd:
         4a:2e:04:02:be:67:40:15:de:27:bf:19:e5:88:c6:04:0f:2b:
         9b:45:2a:db:f8:44:ef:20:c1:fc:a2:71:f7:40:3a:85:a3:4b:
         49:76:74:cb:f1:00:98:df:a2:dd:2c:4b:5b:40:f3:ac:d8:45:
         12:37:91:ad:da:e1:ad:88:86:81:8f:32:bf:32:ae:11:3b:7f:
         9a:73:ab:a3:f3:3e:33:9b:77:2f:e8:1e:d5:3a:aa:68:0e:73:
         1e:da:1a:5e:37:20:55:53:16:3a:44:c7:0c:bf:c1:b4:8d:b5:
         9b:04:4e:b9:ae:25:2f:76:20:39:b3:21:49:f3:08:d6:4e:c0:
         e7:19:08:9f:17:99:1f:d9:c1:bc:78:7f:56:01:4b:ec:46:b5:
         9e:de:ca:76
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1Fz8vuIPespipsnQFCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZWZmZmMxNWE4M2EzOGJkZGE4Y2ZlMTIwYzMzNTI2N2Rj
ZTUwZjMwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjJiNThiODRhZWIzZWI5Mzk2ZGUyMzdkNWFmYWYyOWI4M2RjYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoctf/DiEkELmsJTcMx/2Vdjl/M5g
9g5AvX/JzdUgVM91bHN2zSDNyKHpMFGFko3aCjA6qoBbxduA0VSWGQc8qwgtIA0i
Nd3I9PrzP2C62Kd703bWgxlipwytHklC+jWdAoCvOnTfAojniaKrD1u/N+azkWaz
uFifyCxc5PG+27MyGub584OuQCMv7RsEXIOw5SjA5WY/bMqWFHjrmVluIkUSMQ7M
G2GFtZlkBMv84U0T6hIADpGjCqrZxsFadnmCzg8wZuzsycMIds6pdpjCQhQodM5C
61S/W7WcSM+O61P1U4+DElqnMDISJ8UxuEULEBXkzmS4By7LeTAUHu3z0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCYrWLhK6z65OW3iN9Wvrym4PcxhMB8GA1UdIwQY
MBaAFMzv/8Fag6OL3ajP4SDDNSZ9zlDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek9fX3dWcURvNHZkcU1faElNTTFKbjNPVVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9jZmQ0ODgtYTI1ZC00MzlhLWJkMTct
NGJlYjVkZmYxNzAxLzEvSml0WXVFcnJQcms1YmVJMzFhLXZLYmc5ekdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9jZmQ0ODgtYTI1ZC00MzlhLWJkMTctNGJlYjVkZmYxNzAx
LzEvek9fX3dWcURvNHZkcU1faElNTTFKbjNPVVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgIPqMgw
DQYJKoZIhvcNAQELBQADggEBAF9yN5Tn+InbKJvKj5OPlfkWrDsnVZi+RyAS+3Wd
SuDyAmSws4OeTRjCVdzT0A+iURchDcrHsK7URfra3DFMPiTeSr/F/9dHAQxxyglp
5hTkGOE6RWP8TaGFFgG5izrpwHSYJHTvi83CvD/3vUouBAK+Z0AV3ie/GeWIxgQP
K5tFKtv4RO8gwfyicfdAOoWjS0l2dMvxAJjfot0sS1tA86zYRRI3ka3a4a2IhoGP
Mr8yrhE7f5pzq6PzPjObdy/oHtU6qmgOcx7aGl43IFVTFjpExwy/wbSNtZsETrmu
JS92IDmzIUnzCNZOwOcZCJ8XmR/Zwbx4f1YBS+xGtZ7eynY=
-----END CERTIFICATE-----