Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/JK5dBkqsG4C8M2ttw7JiFgUdZew.roa
File:                     JK5dBkqsG4C8M2ttw7JiFgUdZew.roa (raw, json)
Hash identifier:          vMhSi46i8JCqRLgPeW41NRu360WeGbF0LT7pGWnTq7U=
Subject key identifier:   24:AE:5D:06:4A:AC:1B:80:BC:33:6B:6D:C3:B2:62:16:05:1D:65:EC
Certificate issuer:       /CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
Certificate serial:       01942747A8DD1DD16F4A42C4D5D95A5089FD
Authority key identifier: 20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/JK5dBkqsG4C8M2ttw7JiFgUdZew.roa
Signing time:             Thu 02 Jan 2025 13:49:55 +0000
ROA not before:           Thu 02 Jan 2025 13:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48659
IP address blocks:        2a03:ae40:fa00::/40 maxlen: 40
                          2a03:ae40:fb00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 07:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a8:dd:1d:d1:6f:4a:42:c4:d5:d9:5a:50:89:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
        Validity
            Not Before: Jan  2 13:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24ae5d064aac1b80bc336b6dc3b26216051d65ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:7a:d8:0c:96:43:ba:4a:2b:c7:94:0e:44:c0:
                    2e:3b:8a:ba:34:9d:96:de:16:dc:21:a6:35:36:33:
                    b2:e6:d9:82:0e:c9:d9:65:11:16:ce:50:b3:1d:fe:
                    f2:8e:6f:9f:db:8d:3b:ff:bc:53:72:65:a8:5e:d0:
                    8a:fb:16:1f:9a:da:19:93:51:b4:7a:e0:97:12:84:
                    52:db:ba:79:60:32:5b:ad:f0:b1:1d:c3:f5:89:6b:
                    7c:e7:d5:af:56:89:c8:fe:a9:5a:e1:d7:eb:84:62:
                    98:bb:2f:7b:17:ec:32:e4:2a:92:ff:98:7d:e6:06:
                    b0:64:55:76:65:ee:43:24:73:d6:a6:98:b9:f5:87:
                    b8:e8:f4:34:4a:5a:34:33:a4:7c:d9:bc:2a:4e:b2:
                    93:7e:7b:06:ee:6c:8e:4b:b3:10:fd:c5:c3:8f:86:
                    db:94:d1:0e:cc:b9:f7:7f:5f:3b:90:df:28:91:72:
                    78:9e:7c:92:b8:12:52:ad:fe:54:de:c8:50:a5:b4:
                    07:ad:d2:87:1c:04:1e:a2:2d:1f:ac:09:51:a4:b4:
                    04:6a:53:0b:7f:d6:f9:e2:ae:12:6a:6d:9e:80:1b:
                    d4:39:29:4b:26:a6:b8:38:a7:7c:b2:23:75:9d:7b:
                    de:9a:02:ba:4d:10:43:bb:ad:ae:7d:ab:76:45:23:
                    bc:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:AE:5D:06:4A:AC:1B:80:BC:33:6B:6D:C3:B2:62:16:05:1D:65:EC
            X509v3 Authority Key Identifier:
                keyid:20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/JK5dBkqsG4C8M2ttw7JiFgUdZew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:ae40:fa00::/39

    Signature Algorithm: sha256WithRSAEncryption
         40:9b:57:8c:7f:77:fa:26:c6:07:34:d0:74:f0:b4:79:ce:35:
         71:27:53:b3:4f:39:af:1b:f2:52:6e:a5:1b:9f:37:7b:64:bd:
         2c:29:a7:a9:c7:03:98:ef:77:f0:1b:a9:7a:b7:32:4f:5b:4b:
         7d:25:6d:97:50:0b:aa:1f:b7:c7:f6:e8:7b:c0:dd:06:4a:34:
         c4:18:9b:d1:6a:3d:bf:8c:9f:6c:26:09:2e:a1:8b:39:84:e8:
         ae:68:96:12:22:d8:33:d1:44:aa:69:68:9e:a5:00:42:da:05:
         1d:00:d8:29:e7:d4:47:ca:3b:9d:6b:6c:e5:a8:c4:08:56:7b:
         10:55:1d:8c:d1:89:ec:95:ad:97:ac:dc:13:b0:e8:0a:70:74:
         b6:e2:8a:14:00:81:91:8e:9b:02:07:cf:47:8d:da:55:07:eb:
         b7:e3:93:e5:41:0b:54:c1:c2:4c:51:dd:0f:57:dd:e7:d4:2e:
         a3:7e:fc:e4:77:42:fd:5d:12:3e:0a:a8:1c:3e:29:45:9d:c0:
         40:5c:84:d4:f1:c9:04:30:7b:8e:85:db:56:73:5d:33:f8:37:
         17:15:b5:df:a8:32:0f:0a:b2:a6:83:09:78:7e:e2:bb:0d:70:
         0c:33:98:3f:8a:1c:d5:0d:e2:70:03:d2:cb:16:9e:a3:31:e5:
         f1:d6:50:dd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnR6jdHdFvSkLE1dlaUIn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjYzODEwN2FiYjg0YWU2ZmIwM2NjMWRiMmNmZDFiYzQ0
ODdmOGQwHhcNMjUwMTAyMTM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGFlNWQwNjRhYWMxYjgwYmMzMzZiNmRjM2IyNjIxNjA1MWQ2NWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+3rYDJZDukorx5QORMAuO4q6NJ2W
3hbcIaY1NjOy5tmCDsnZZREWzlCzHf7yjm+f2407/7xTcmWoXtCK+xYfmtoZk1G0
euCXEoRS27p5YDJbrfCxHcP1iWt859WvVonI/qla4dfrhGKYuy97F+wy5CqS/5h9
5gawZFV2Ze5DJHPWppi59Ye46PQ0Slo0M6R82bwqTrKTfnsG7myOS7MQ/cXDj4bb
lNEOzLn3f187kN8okXJ4nnySuBJSrf5U3shQpbQHrdKHHAQeoi0frAlRpLQEalML
f9b54q4Sam2egBvUOSlLJqa4OKd8siN1nXvemgK6TRBDu62ufat2RSO8KwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCSuXQZKrBuAvDNrbcOyYhYFHWXsMB8GA1UdIwQY
MBaAFCD2OBB6u4Sub7A8wdss/RvESH+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQt
YTgyODM2ZGUwNWZjLzEvSks1ZEJrcXNHNEM4TTJ0dHc3SmlGZ1VkWmV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQtYTgyODM2ZGUwNWZj
LzEvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKgOuQPow
DQYJKoZIhvcNAQELBQADggEBAECbV4x/d/omxgc00HTwtHnONXEnU7NPOa8b8lJu
pRufN3tkvSwpp6nHA5jvd/AbqXq3Mk9bS30lbZdQC6oft8f26HvA3QZKNMQYm9Fq
Pb+Mn2wmCS6hizmE6K5olhIi2DPRRKppaJ6lAELaBR0A2Cnn1EfKO51rbOWoxAhW
exBVHYzRieyVrZes3BOw6ApwdLbiihQAgZGOmwIHz0eN2lUH67fjk+VBC1TBwkxR
3Q9X3efULqN+/OR3Qv1dEj4KqBw+KUWdwEBchNTxyQQwe46F21ZzXTP4NxcVtd+o
Mg8KsqaDCXh+4rsNcAwzmD+KHNUN4nAD0ssWnqMx5fHWUN0=
-----END CERTIFICATE-----