Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jdp-Kqvu8SUvKtTlHvMrIPwOz0o.roa
File:                     jdp-Kqvu8SUvKtTlHvMrIPwOz0o.roa (raw, json)
Hash identifier:          mBaPz7uAQ8q48lb9ttOzQTrxcarfJGCLDESNONnd1o0=
Subject key identifier:   8D:DA:7E:2A:AB:EE:F1:25:2F:2A:D4:E5:1E:F3:2B:20:FC:0E:CF:4A
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2CC2647459F73C3FC38CDECD2A0B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jdp-Kqvu8SUvKtTlHvMrIPwOz0o.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200021
IP address blocks:        2a0e:aa07:e060::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2c:c2:64:74:59:f7:3c:3f:c3:8c:de:cd:2a:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dda7e2aabeef1252f2ad4e51ef32b20fc0ecf4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:27:da:ed:e8:e0:3e:bc:f0:65:ce:12:d9:ed:
                    80:75:c5:d2:16:71:00:b9:c7:ac:52:05:be:ff:e9:
                    f8:66:63:70:f1:68:95:b2:e6:57:85:12:e6:5b:00:
                    a3:b3:bf:e1:9a:87:9d:8a:a7:2b:0a:15:ff:c6:09:
                    af:5b:ce:69:3b:48:e6:31:95:95:84:4d:b5:1f:51:
                    4b:2d:4d:9b:61:00:ed:02:a8:f9:5c:be:61:22:c3:
                    e8:fd:42:f6:d7:a2:14:09:34:c7:de:ce:4e:a7:f7:
                    f3:49:4a:27:fc:73:f4:c4:c6:ca:ee:b4:42:cf:92:
                    b1:45:04:91:ec:3d:14:60:7e:f4:2f:83:df:cb:95:
                    f0:42:d2:84:35:18:03:fb:da:92:4a:a8:f9:49:62:
                    61:1b:cf:cd:15:32:d6:24:77:18:43:22:0e:87:66:
                    e1:36:80:0e:aa:fe:35:a9:a7:8b:11:da:83:3a:b9:
                    69:ba:85:85:96:1f:3f:dd:76:a7:d9:16:f5:5e:c4:
                    c1:b8:39:5f:f6:68:49:40:26:fd:7f:4a:fe:07:bf:
                    8e:0c:c2:03:8e:f2:c6:cb:5b:b4:d9:88:f1:6f:df:
                    41:ff:1c:93:96:65:d4:6b:7d:0e:45:b3:c6:61:68:
                    9a:e2:53:8b:a4:12:d4:ce:bc:99:5e:64:f3:b5:34:
                    26:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:DA:7E:2A:AB:EE:F1:25:2F:2A:D4:E5:1E:F3:2B:20:FC:0E:CF:4A
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/jdp-Kqvu8SUvKtTlHvMrIPwOz0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e060::/44

    Signature Algorithm: sha256WithRSAEncryption
         10:41:17:7c:97:71:9c:56:59:9f:a8:1a:23:01:b5:0d:29:eb:
         34:9d:78:38:e3:ed:5b:37:ab:b8:a4:a9:de:f6:e6:1b:78:73:
         10:4a:5c:66:ff:ff:4f:61:30:79:0b:5e:5f:00:82:db:c3:c4:
         0d:bd:7a:3a:0a:ad:0a:75:9f:01:08:ac:81:b1:71:ef:44:11:
         b6:60:e7:ae:df:78:0d:f2:4b:02:89:07:7f:9f:67:dc:4a:eb:
         08:40:40:cc:25:71:d1:44:a0:f6:58:08:90:e2:f5:90:a7:7c:
         38:76:19:9f:22:43:70:3f:9b:8d:4e:56:ce:22:06:b3:0e:f3:
         3c:3a:a5:53:6c:0a:57:16:19:3a:55:6b:4a:a1:6e:61:e8:17:
         ab:bb:11:a2:7e:23:c3:c3:9e:13:36:65:13:aa:85:17:95:1a:
         4b:55:42:5a:eb:b5:89:d8:e8:92:98:15:89:c7:d1:27:6c:d3:
         64:ae:39:4c:da:72:14:fc:e7:f0:40:e4:59:47:3a:87:5d:d0:
         64:25:ce:63:72:2c:12:ef:21:e8:7a:d7:5c:a7:6b:7a:01:1e:
         c7:25:5b:b7:ae:12:98:a0:33:8c:5a:c7:83:e7:60:36:02:9a:
         e6:14:fc:67:bd:19:d4:d4:44:6a:57:03:d8:ea:7c:fe:b3:09:
         cd:7f:06:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSzCZHRZ9zw/w4zezSoLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGRhN2UyYWFiZWVmMTI1MmYyYWQ0ZTUxZWYzMmIyMGZjMGVjZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSfa7ejgPrzwZc4S2e2AdcXSFnEA
ucesUgW+/+n4ZmNw8WiVsuZXhRLmWwCjs7/hmoediqcrChX/xgmvW85pO0jmMZWV
hE21H1FLLU2bYQDtAqj5XL5hIsPo/UL216IUCTTH3s5Op/fzSUon/HP0xMbK7rRC
z5KxRQSR7D0UYH70L4Pfy5XwQtKENRgD+9qSSqj5SWJhG8/NFTLWJHcYQyIOh2bh
NoAOqv41qaeLEdqDOrlpuoWFlh8/3Xan2Rb1XsTBuDlf9mhJQCb9f0r+B7+ODMID
jvLGy1u02Yjxb99B/xyTlmXUa30ORbPGYWia4lOLpBLUzryZXmTztTQmWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI3afiqr7vElLyrU5R7zKyD8Ds9KMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvamRwLUtxdnU4U1V2S3RUbEh2TXJJUHdPejBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Bg
MA0GCSqGSIb3DQEBCwUAA4IBAQAQQRd8l3GcVlmfqBojAbUNKes0nXg44+1bN6u4
pKne9uYbeHMQSlxm//9PYTB5C15fAILbw8QNvXo6Cq0KdZ8BCKyBsXHvRBG2YOeu
33gN8ksCiQd/n2fcSusIQEDMJXHRRKD2WAiQ4vWQp3w4dhmfIkNwP5uNTlbOIgaz
DvM8OqVTbApXFhk6VWtKoW5h6BeruxGifiPDw54TNmUTqoUXlRpLVUJa67WJ2OiS
mBWJx9EnbNNkrjlM2nIU/OfwQORZRzqHXdBkJc5jciwS7yHoetdcp2t6AR7HJVu3
rhKYoDOMWseD52A2AprmFPxnvRnU1ERqVwPY6nz+swnNfwbW
-----END CERTIFICATE-----