Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Js79ETvW6dnRsBtPFqpjOcSsSn0.roa
File:                     Js79ETvW6dnRsBtPFqpjOcSsSn0.roa (raw, json)
Hash identifier:          p58z/w92xVGe/Ub4w3iujKegq4+BB+ODjfIZs55zPmU=
Subject key identifier:   26:CE:FD:11:3B:D6:E9:D9:D1:B0:1B:4F:16:AA:63:39:C4:AC:4A:7D
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018D182F077AC39864E48CEF9A17B6825893
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Js79ETvW6dnRsBtPFqpjOcSsSn0.roa
Signing time:             Wed 17 Jan 2024 16:09:11 +0000
ROA not before:           Wed 17 Jan 2024 16:09:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0d:b9c5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:2f:07:7a:c3:98:64:e4:8c:ef:9a:17:b6:82:58:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jan 17 16:09:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26cefd113bd6e9d9d1b01b4f16aa6339c4ac4a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:23:98:11:ef:f7:ee:bc:a5:48:ef:92:24:a4:
                    4f:c4:1c:7b:42:c1:4f:6d:b0:05:f8:7a:e3:7c:4d:
                    a0:61:e1:c1:cb:60:3b:41:e2:e3:88:e3:7c:07:20:
                    db:db:7d:a6:80:ab:2e:de:7f:10:47:e1:08:85:66:
                    9c:5c:1e:38:d2:65:3a:8b:12:0b:82:64:21:0a:c2:
                    21:c9:be:67:7c:9f:62:4c:fc:a2:4f:b7:88:22:2f:
                    a1:0f:63:ba:25:98:e7:80:c8:88:0e:38:aa:9d:b2:
                    8a:45:7a:86:bb:af:79:34:19:43:00:db:32:65:e2:
                    0a:c4:ad:87:21:fa:d9:97:42:17:9c:f5:8c:4c:8e:
                    e6:aa:1f:b0:44:cf:55:5c:d2:95:a4:0a:10:5a:ed:
                    c5:d6:f9:6e:17:ed:94:af:35:06:a1:5a:9d:16:b1:
                    b7:a6:6c:11:f7:1c:62:05:d1:b6:18:af:51:78:d9:
                    5a:6a:66:97:a5:dd:e5:e9:d9:46:84:16:71:65:54:
                    93:31:4f:70:48:0f:4c:8c:5e:f1:ef:82:6a:b7:98:
                    6f:4e:60:a9:d4:6a:5d:e0:2e:b5:a8:d9:19:a8:d0:
                    4a:12:48:e5:67:94:bb:be:5d:72:26:8a:96:a6:d4:
                    3b:c5:06:6e:e8:16:b1:f5:01:3d:7b:75:ca:43:21:
                    f3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:CE:FD:11:3B:D6:E9:D9:D1:B0:1B:4F:16:AA:63:39:C4:AC:4A:7D
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Js79ETvW6dnRsBtPFqpjOcSsSn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:a5:6d:09:34:23:ef:e9:b3:7a:1f:52:8a:36:16:ee:7f:a1:
         cb:e3:66:c6:44:20:27:b8:f1:70:b5:93:02:53:7c:06:6b:d2:
         72:f2:39:c0:8e:20:24:aa:ce:48:39:6f:a7:0d:55:6e:7c:ce:
         97:76:a4:ac:ca:07:6e:5a:7e:82:76:2c:b4:39:fe:2f:bb:5a:
         e1:7f:03:7d:e4:0b:08:a3:9c:b4:22:a0:ec:cd:84:7f:2c:6e:
         ce:c4:2d:90:a8:98:e5:b1:41:be:f7:0e:4f:e6:5f:8f:b0:07:
         e1:33:31:d8:4b:4a:ec:85:c8:f4:2b:67:f3:7f:8b:fe:c5:5c:
         80:57:16:f3:87:93:a5:60:bc:23:10:1c:fe:a0:aa:1a:88:4f:
         10:9b:23:62:f0:45:43:e3:12:96:29:40:b5:f4:b2:06:73:b5:
         9a:38:4d:61:92:ca:97:16:16:00:9c:b6:27:8d:f4:d3:86:fb:
         14:b6:80:32:e8:18:c4:39:51:73:40:fe:b2:f1:d7:c2:d0:e6:
         2c:13:88:86:7f:79:13:fa:02:d9:9d:eb:47:25:e0:34:07:69:
         48:c8:55:a4:e2:ac:9e:8c:9b:9d:ed:29:29:dd:2a:b6:0d:46:
         36:49:7b:38:15:d7:b6:7b:f6:24:85:68:c8:9b:a5:a2:5c:7d:
         d8:0b:5f:10
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0YLwd6w5hk5Izvmhe2gliTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwMTE3MTYwOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmNlZmQxMTNiZDZlOWQ5ZDFiMDFiNGYxNmFhNjMzOWM0YWM0YTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSOYEe/37rylSO+SJKRPxBx7QsFP
bbAF+HrjfE2gYeHBy2A7QeLjiON8ByDb232mgKsu3n8QR+EIhWacXB440mU6ixIL
gmQhCsIhyb5nfJ9iTPyiT7eIIi+hD2O6JZjngMiIDjiqnbKKRXqGu695NBlDANsy
ZeIKxK2HIfrZl0IXnPWMTI7mqh+wRM9VXNKVpAoQWu3F1vluF+2UrzUGoVqdFrG3
pmwR9xxiBdG2GK9ReNlaamaXpd3l6dlGhBZxZVSTMU9wSA9MjF7x74Jqt5hvTmCp
1Gpd4C61qNkZqNBKEkjlZ5S7vl1yJoqWptQ7xQZu6Bax9QE9e3XKQyHzEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCbO/RE71unZ0bAbTxaqYznErEp9MB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvSnM3OUVUdlc2ZG5Sc0J0UEZxcGpPY1NzU24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg25xTAN
BgkqhkiG9w0BAQsFAAOCAQEAj6VtCTQj7+mzeh9SijYW7n+hy+NmxkQgJ7jxcLWT
AlN8BmvScvI5wI4gJKrOSDlvpw1VbnzOl3akrMoHblp+gnYstDn+L7ta4X8DfeQL
CKOctCKg7M2EfyxuzsQtkKiY5bFBvvcOT+Zfj7AH4TMx2EtK7IXI9Ctn83+L/sVc
gFcW84eTpWC8IxAc/qCqGohPEJsjYvBFQ+MSlilAtfSyBnO1mjhNYZLKlxYWAJy2
J43004b7FLaAMugYxDlRc0D+svHXwtDmLBOIhn95E/oC2Z3rRyXgNAdpSMhVpOKs
noybne0pKd0qtg1GNkl7OBXXtnv2JIVoyJulolx92AtfEA==
-----END CERTIFICATE-----