Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/jpXabWjOOXfOEWEJvhaXaZdb2mI.roa
File:                     jpXabWjOOXfOEWEJvhaXaZdb2mI.roa (raw, json)
Hash identifier:          bGeS3nnwnLp0nLIlmZMWjnvEpETrzZF2dfHfQgMQmg8=
Subject key identifier:   8E:95:DA:6D:68:CE:39:77:CE:11:61:09:BE:16:97:69:97:5B:DA:62
Certificate issuer:       /CN=41a59b0960ea65d6b92393ee0347a1a832f9b984
Certificate serial:       018CC493836ED5D0B6F683B7D991D5C458C5
Authority key identifier: 41:A5:9B:09:60:EA:65:D6:B9:23:93:EE:03:47:A1:A8:32:F9:B9:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/jpXabWjOOXfOEWEJvhaXaZdb2mI.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29668
IP address blocks:        2a01:90:200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:83:6e:d5:d0:b6:f6:83:b7:d9:91:d5:c4:58:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41a59b0960ea65d6b92393ee0347a1a832f9b984
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e95da6d68ce3977ce116109be169769975bda62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8a:2f:c6:6a:a4:8f:59:3b:20:bb:01:7f:34:
                    7d:ca:9e:96:32:8e:59:f4:3b:76:c4:03:cd:2c:00:
                    1b:1d:9c:c2:80:2f:13:91:ef:90:24:58:25:28:d5:
                    2a:b2:85:28:d3:f5:ac:42:7b:3e:4d:c6:d0:3d:85:
                    21:e0:1b:37:37:e4:21:5a:10:81:91:fb:2e:6b:a4:
                    1f:72:e4:ce:1d:fa:23:05:32:a2:33:ec:36:62:80:
                    e1:d9:95:f2:89:82:33:aa:7b:cb:ae:0d:ad:17:6d:
                    56:8f:b8:f5:8b:30:cf:23:75:18:bb:e7:79:92:97:
                    fc:4a:df:80:7a:62:f7:61:52:b8:08:ff:e9:88:c6:
                    dd:65:18:6e:20:a4:03:fe:00:6f:6e:cb:0a:ca:ef:
                    38:24:1a:ff:ed:7f:97:6f:08:23:23:45:1a:a3:f9:
                    0b:92:23:6b:e4:dc:d1:6c:a6:3c:bc:a9:c6:0b:46:
                    86:7c:14:48:c7:9b:a0:ef:db:08:b3:f8:1f:d3:e1:
                    01:19:09:fb:8d:8d:2d:95:35:49:5b:8a:b8:b5:14:
                    9c:3c:d8:1e:bf:d6:80:d0:74:04:d0:ea:45:18:e1:
                    14:6f:f3:a7:9e:ea:6a:a7:9f:2c:1f:f7:7f:7d:08:
                    f9:8f:76:24:b7:b5:ab:48:ea:1f:d6:61:a6:4c:60:
                    e2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:95:DA:6D:68:CE:39:77:CE:11:61:09:BE:16:97:69:97:5B:DA:62
            X509v3 Authority Key Identifier:
                keyid:41:A5:9B:09:60:EA:65:D6:B9:23:93:EE:03:47:A1:A8:32:F9:B9:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/jpXabWjOOXfOEWEJvhaXaZdb2mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:90:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:84:b0:73:ec:97:d3:f3:2f:91:34:c4:fe:c5:6c:c9:b4:27:
         55:4b:d7:26:4e:c3:ef:06:f7:d8:7d:8e:35:bc:cf:5c:76:17:
         f8:77:4f:7d:b0:0b:30:b7:3f:12:07:27:d5:17:b5:ab:96:a4:
         85:16:7a:f8:11:50:3f:bc:36:39:74:e8:f8:ee:fe:49:d3:5a:
         b5:76:ec:e4:7f:26:38:cb:dc:bd:d4:10:fd:28:a9:e0:43:95:
         a7:04:8e:98:f6:ba:66:42:de:d8:e7:d6:83:b3:d0:65:38:2a:
         04:38:50:92:b9:7b:51:e2:9e:c4:4d:a4:34:5c:2e:cb:a1:46:
         e9:b2:a4:a6:c3:42:21:48:e8:21:8f:ab:46:07:36:52:d1:2e:
         e6:32:57:20:b2:17:e0:6f:e6:db:92:e5:f9:43:70:76:c5:87:
         31:29:d8:92:92:6d:21:63:d9:60:05:d5:70:f8:74:5d:29:00:
         22:23:5f:55:cc:4e:e2:ff:03:a0:01:b6:98:71:1c:70:24:a2:
         be:31:9d:8a:25:15:3d:f8:26:eb:65:30:9e:57:db:37:ca:fd:
         7e:e0:cf:10:23:ef:32:d4:3f:f8:72:83:b7:2f:a8:45:84:78:
         c8:f0:48:c4:64:8b:79:38:58:eb:47:39:ac:63:4b:bd:74:69:
         68:5c:33:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk4Nu1dC29oO32ZHVxFjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxYTU5YjA5NjBlYTY1ZDZiOTIzOTNlZTAzNDdhMWE4MzJm
OWI5ODQwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTk1ZGE2ZDY4Y2UzOTc3Y2UxMTYxMDliZTE2OTc2OTk3NWJkYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYovxmqkj1k7ILsBfzR9yp6WMo5Z
9Dt2xAPNLAAbHZzCgC8Tke+QJFglKNUqsoUo0/WsQns+TcbQPYUh4Bs3N+QhWhCB
kfsua6QfcuTOHfojBTKiM+w2YoDh2ZXyiYIzqnvLrg2tF21Wj7j1izDPI3UYu+d5
kpf8St+AemL3YVK4CP/piMbdZRhuIKQD/gBvbssKyu84JBr/7X+XbwgjI0Uao/kL
kiNr5NzRbKY8vKnGC0aGfBRIx5ug79sIs/gf0+EBGQn7jY0tlTVJW4q4tRScPNge
v9aA0HQE0OpFGOEUb/Onnupqp58sH/d/fQj5j3Ykt7WrSOof1mGmTGDiYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI6V2m1ozjl3zhFhCb4Wl2mXW9piMB8GA1UdIwQY
MBaAFEGlmwlg6mXWuSOT7gNHoagy+bmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWFXYkNXRHFaZGE1STVQdUEwZWhxREw1dVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wYTFiODMtODZiYS00MDFhLWE1NDMt
YmZkZWMwYzExMmUzLzEvanBYYWJXak9PWGZPRVdFSnZoYVhhWmRiMm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wYTFiODMtODZiYS00MDFhLWE1NDMtYmZkZWMwYzExMmUz
LzEvUWFXYkNXRHFaZGE1STVQdUEwZWhxREw1dVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgEAkAIw
DQYJKoZIhvcNAQELBQADggEBAH+EsHPsl9PzL5E0xP7FbMm0J1VL1yZOw+8G99h9
jjW8z1x2F/h3T32wCzC3PxIHJ9UXtauWpIUWevgRUD+8Njl06Pju/knTWrV27OR/
JjjL3L3UEP0oqeBDlacEjpj2umZC3tjn1oOz0GU4KgQ4UJK5e1HinsRNpDRcLsuh
RumypKbDQiFI6CGPq0YHNlLRLuYyVyCyF+Bv5tuS5flDcHbFhzEp2JKSbSFj2WAF
1XD4dF0pACIjX1XMTuL/A6ABtphxHHAkor4xnYolFT34JutlMJ5X2zfK/X7gzxAj
7zLUP/hyg7cvqEWEeMjwSMRki3k4WOtHOaxjS710aWhcM+k=
-----END CERTIFICATE-----