Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/RJInEpAoLSD2uxFVcSPZ9sJAS3A.roa
File:                     RJInEpAoLSD2uxFVcSPZ9sJAS3A.roa (raw, json)
Hash identifier:          v2wib2oNegGGmWhr7dpYZCvUVqXKjVGXSA6OWM+NdiA=
Subject key identifier:   44:92:27:12:90:28:2D:20:F6:BB:11:55:71:23:D9:F6:C2:40:4B:70
Certificate issuer:       /CN=813e051cb831d1989607bb76c0bc5693ff947b53
Certificate serial:       018F2993CADF3E0BDE6301B911BC4A77C9E0
Authority key identifier: 81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/RJInEpAoLSD2uxFVcSPZ9sJAS3A.roa
Signing time:             Mon 29 Apr 2024 11:18:22 +0000
ROA not before:           Mon 29 Apr 2024 11:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35372
IP address blocks:        2a0c:b100::/48 maxlen: 48
                          2a0c:b100:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:93:ca:df:3e:0b:de:63:01:b9:11:bc:4a:77:c9:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=813e051cb831d1989607bb76c0bc5693ff947b53
        Validity
            Not Before: Apr 29 11:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4492271290282d20f6bb11557123d9f6c2404b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7b:67:4a:23:24:af:fa:4d:90:eb:39:2d:12:
                    b1:6a:04:2b:93:d0:9a:df:5a:12:9e:d2:64:73:5b:
                    30:96:5b:b7:82:fc:e3:83:44:b5:70:87:55:fa:b7:
                    64:e2:be:77:ff:89:61:ee:3e:c1:53:95:03:25:e1:
                    5a:76:31:1f:96:ec:b5:a8:de:d8:da:b6:4e:3a:00:
                    2d:18:b2:97:08:3a:ae:84:48:18:87:6e:ac:79:f0:
                    11:d5:f3:c5:9c:d8:4e:cc:09:68:63:b0:3c:07:1b:
                    f0:64:74:f0:ce:80:57:ff:e4:3a:1a:49:b4:45:24:
                    2b:c8:03:d9:d9:a4:a7:01:f1:78:d0:57:af:4f:72:
                    ea:1f:d9:3c:c3:2e:01:f8:37:17:fc:e4:dc:35:04:
                    d0:1f:a9:22:3f:7a:b9:54:87:13:b2:f8:56:2e:33:
                    01:2b:33:c6:81:1f:49:4a:05:18:66:a6:39:b7:73:
                    0c:aa:4c:90:48:98:60:0a:08:3d:48:cc:5b:0e:c0:
                    e2:31:fc:69:e7:b1:eb:61:68:5e:72:bf:a1:2d:c2:
                    3c:c4:8e:b8:35:00:36:7e:05:0c:e8:6f:0e:c2:72:
                    8d:6f:5e:58:7b:cb:79:9e:38:79:65:d1:8a:50:70:
                    11:b2:54:ce:a5:ef:4d:c6:bd:c2:1d:39:6c:d0:cd:
                    38:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:92:27:12:90:28:2D:20:F6:BB:11:55:71:23:D9:F6:C2:40:4B:70
            X509v3 Authority Key Identifier:
                keyid:81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/RJInEpAoLSD2uxFVcSPZ9sJAS3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b100::/48
                  2a0c:b100:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:94:a5:92:7a:fe:5a:6b:0e:bd:f8:21:26:e1:89:cc:94:4f:
         5d:56:2a:5d:cc:0d:ba:2a:9f:d8:a2:d8:03:96:89:b0:30:ca:
         0c:ae:0c:64:53:6f:cf:aa:60:1a:bf:4a:4b:93:8a:2d:41:3f:
         37:a7:70:70:b5:22:7b:f3:20:64:39:b1:f4:31:c2:00:8e:0c:
         55:e9:fb:52:0b:d9:08:c9:ed:4c:d3:60:ea:0b:bc:e0:94:98:
         7f:0c:9f:8e:78:eb:79:ae:d6:0e:10:ae:83:50:ac:28:7c:73:
         17:00:a9:02:24:6b:79:81:89:fe:bd:23:66:88:9f:01:66:7b:
         45:52:3f:09:ef:27:b0:a5:99:a5:1c:27:8a:e3:28:bc:a2:75:
         d3:1b:40:0a:0c:ad:ef:fe:ce:83:80:66:07:b6:cb:b5:a9:72:
         b5:61:d1:9a:90:41:d1:72:0b:2e:3b:77:7a:3e:13:01:de:ea:
         04:81:e3:ce:0b:4b:3e:e6:a4:60:f4:8b:32:95:c5:4d:96:96:
         4b:c5:ab:5d:82:7a:48:d6:36:62:a9:2f:e6:1f:ab:51:e7:06:
         f3:bd:c9:9a:39:09:32:90:b3:84:5f:02:6e:2e:46:25:80:03:
         23:84:12:2b:3f:82:aa:45:27:5b:c1:22:c1:4d:93:b5:6f:56:
         69:04:03:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8pk8rfPgveYwG5EbxKd8ngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxM2UwNTFjYjgzMWQxOTg5NjA3YmI3NmMwYmM1NjkzZmY5
NDdiNTMwHhcNMjQwNDI5MTExODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDkyMjcxMjkwMjgyZDIwZjZiYjExNTU3MTIzZDlmNmMyNDA0YjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkntnSiMkr/pNkOs5LRKxagQrk9Ca
31oSntJkc1swllu3gvzjg0S1cIdV+rdk4r53/4lh7j7BU5UDJeFadjEfluy1qN7Y
2rZOOgAtGLKXCDquhEgYh26sefAR1fPFnNhOzAloY7A8BxvwZHTwzoBX/+Q6Gkm0
RSQryAPZ2aSnAfF40FevT3LqH9k8wy4B+DcX/OTcNQTQH6kiP3q5VIcTsvhWLjMB
KzPGgR9JSgUYZqY5t3MMqkyQSJhgCgg9SMxbDsDiMfxp57HrYWhecr+hLcI8xI64
NQA2fgUM6G8OwnKNb15Ye8t5njh5ZdGKUHARslTOpe9Nxr3CHTls0M04JwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFESSJxKQKC0g9rsRVXEj2fbCQEtwMB8GA1UdIwQY
MBaAFIE+BRy4MdGYlge7dsC8VpP/lHtTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQt
ZjU3N2FhNDZkZTgzLzEvUkpJbkVwQW9MU0QydXhGVmNTUFo5c0pBUzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQtZjU3N2FhNDZkZTgz
LzEvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgyxAAAA
AwcAKgyxAAACMA0GCSqGSIb3DQEBCwUAA4IBAQAMlKWSev5aaw69+CEm4YnMlE9d
VipdzA26Kp/YotgDlomwMMoMrgxkU2/PqmAav0pLk4otQT83p3BwtSJ78yBkObH0
McIAjgxV6ftSC9kIye1M02DqC7zglJh/DJ+OeOt5rtYOEK6DUKwofHMXAKkCJGt5
gYn+vSNmiJ8BZntFUj8J7yewpZmlHCeK4yi8onXTG0AKDK3v/s6DgGYHtsu1qXK1
YdGakEHRcgsuO3d6PhMB3uoEgePOC0s+5qRg9IsylcVNlpZLxatdgnpI1jZiqS/m
H6tR5wbzvcmaOQkykLOEXwJuLkYlgAMjhBIrP4KqRSdbwSLBTZO1b1ZpBAPO
-----END CERTIFICATE-----