Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/rjbV41lR6EOyfkY_YsIQ-sPDDvo.roa
File:                     rjbV41lR6EOyfkY_YsIQ-sPDDvo.roa (raw, json)
Hash identifier:          EIUxqdNUs3PAo4BMMEfz7+9eQYPu/7gRCumD9Ywtv/4=
Subject key identifier:   AE:36:D5:E3:59:51:E8:43:B2:7E:46:3F:62:C2:10:FA:C3:C3:0E:FA
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941B99D89CD81D1891DD9A10A12E17
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/rjbV41lR6EOyfkY_YsIQ-sPDDvo.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51032
IP address blocks:        2001:146a::/32 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1b:99:d8:9c:d8:1d:18:91:dd:9a:10:a1:2e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae36d5e35951e843b27e463f62c210fac3c30efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a1:2b:38:77:49:05:c1:6c:d8:47:16:01:b7:
                    9e:fe:56:16:7f:1c:de:ef:36:17:6a:44:d9:5a:82:
                    f7:95:1e:40:e1:09:51:40:eb:b2:84:0d:ba:d8:c9:
                    25:c0:a1:3f:6c:c8:6e:cd:3a:0f:e4:a7:c1:03:05:
                    1e:74:ef:10:0d:dc:b4:1b:4d:3a:98:12:40:dc:38:
                    b2:51:da:3d:78:6c:cf:f2:9b:37:c4:f9:7b:0f:27:
                    aa:79:2e:19:e8:d3:9c:15:e5:dd:6f:5f:5d:19:a0:
                    28:5e:6b:a8:19:d9:57:80:40:c8:5a:9f:28:81:cb:
                    7b:8c:d3:27:38:fd:4e:0f:50:f5:81:a3:b6:0a:c5:
                    34:4a:83:78:2c:c3:db:c4:18:b2:f0:f8:39:3a:14:
                    7d:7d:31:83:2a:91:02:d1:1d:8d:02:c0:3e:87:31:
                    8a:85:6f:89:3a:7d:b6:6b:f6:be:7a:fa:5a:4b:fd:
                    46:ae:82:58:7e:16:ef:89:87:ef:87:a8:08:1d:f6:
                    6b:d8:68:1b:a9:bc:8b:53:55:df:07:62:d9:58:46:
                    cc:bd:05:1d:fd:99:2a:93:fd:96:bb:6b:0b:67:a6:
                    49:f2:28:37:96:96:38:18:32:fb:88:52:3b:cf:10:
                    df:ab:b1:9c:0f:be:b0:bf:32:04:cc:4b:33:56:96:
                    0d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:36:D5:E3:59:51:E8:43:B2:7E:46:3F:62:C2:10:FA:C3:C3:0E:FA
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/rjbV41lR6EOyfkY_YsIQ-sPDDvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:146a::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:d9:5d:7e:88:1e:ae:bf:72:bc:91:1e:a9:e7:31:5f:19:9f:
         47:24:8c:bd:66:3a:34:b8:8b:9d:9e:0e:7c:60:82:8a:a7:fb:
         50:30:7a:78:dc:43:3e:68:c6:88:12:e6:c9:d7:3f:5e:3b:c6:
         7b:a7:37:e6:bb:c5:f6:ce:3f:42:3a:81:7d:ee:36:d3:5d:17:
         ff:84:ab:00:c3:a3:0c:4d:da:32:ba:2b:b4:32:09:33:7c:5d:
         c9:49:86:b4:1b:b9:75:5e:8e:53:83:2a:19:85:6e:19:ad:59:
         3a:a8:64:d2:ad:73:78:a7:3a:9d:45:10:c2:af:63:c4:41:00:
         a4:75:59:27:bd:da:c4:17:81:dd:17:e0:e5:ff:a7:0f:fa:ea:
         c1:71:98:68:12:79:a4:2c:52:fc:92:8f:a9:ac:2b:53:93:ae:
         05:ed:73:53:6b:db:22:b4:4c:ca:7d:3b:bc:56:40:9d:c1:f3:
         b4:82:cb:a0:cc:2d:57:6f:77:f1:eb:ff:e2:62:ac:08:34:92:
         40:d0:7a:a3:ed:a0:ab:ed:9b:26:93:8c:9d:a3:fb:19:78:35:
         46:29:27:73:62:c4:8a:e4:32:aa:ef:8b:2a:7c:51:39:94:c1:
         5a:e4:75:2b:29:2b:de:ee:37:3d:3f:a3:90:c2:e7:42:4e:e1:
         aa:29:9f:36
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlBuZ2JzYHRiR3ZoQoS4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTM2ZDVlMzU5NTFlODQzYjI3ZTQ2M2Y2MmMyMTBmYWMzYzMwZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6ErOHdJBcFs2EcWAbee/lYWfxze
7zYXakTZWoL3lR5A4QlRQOuyhA262MklwKE/bMhuzToP5KfBAwUedO8QDdy0G006
mBJA3DiyUdo9eGzP8ps3xPl7DyeqeS4Z6NOcFeXdb19dGaAoXmuoGdlXgEDIWp8o
gct7jNMnOP1OD1D1gaO2CsU0SoN4LMPbxBiy8Pg5OhR9fTGDKpEC0R2NAsA+hzGK
hW+JOn22a/a+evpaS/1GroJYfhbviYfvh6gIHfZr2GgbqbyLU1XfB2LZWEbMvQUd
/Zkqk/2Wu2sLZ6ZJ8ig3lpY4GDL7iFI7zxDfq7GcD76wvzIEzEszVpYNXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK421eNZUehDsn5GP2LCEPrDww76MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvcmpiVjQxbFI2RU95ZmtZX1lzSVEtc1BERHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAEUajAN
BgkqhkiG9w0BAQsFAAOCAQEAa9ldfogerr9yvJEeqecxXxmfRySMvWY6NLiLnZ4O
fGCCiqf7UDB6eNxDPmjGiBLmydc/XjvGe6c35rvF9s4/QjqBfe42010X/4SrAMOj
DE3aMrortDIJM3xdyUmGtBu5dV6OU4MqGYVuGa1ZOqhk0q1zeKc6nUUQwq9jxEEA
pHVZJ73axBeB3Rfg5f+nD/rqwXGYaBJ5pCxS/JKPqawrU5OuBe1zU2vbIrRMyn07
vFZAncHztILLoMwtV2938ev/4mKsCDSSQNB6o+2gq+2bJpOMnaP7GXg1Riknc2LE
iuQyqu+LKnxROZTBWuR1Kykr3u43PT+jkMLnQk7hqimfNg==
-----END CERTIFICATE-----