Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/JjrYCPcnWybFvmUi2RgJ7bf6B4c.roa
File:                     JjrYCPcnWybFvmUi2RgJ7bf6B4c.roa (raw, json)
Hash identifier:          Is5x1M5p142khOTYdvSgqyq5yhlejZT/Cl0j2np4Kk8=
Subject key identifier:   26:3A:D8:08:F7:27:5B:26:C5:BE:65:22:D9:18:09:ED:B7:FA:07:87
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018FEF34D4DD2C153A245F65AE4469CF810E
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/JjrYCPcnWybFvmUi2RgJ7bf6B4c.roa
Signing time:             Thu 06 Jun 2024 20:19:27 +0000
ROA not before:           Thu 06 Jun 2024 20:19:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     401297
IP address blocks:        2a0b:6b82::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ef:34:d4:dd:2c:15:3a:24:5f:65:ae:44:69:cf:81:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jun  6 20:19:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=263ad808f7275b26c5be6522d91809edb7fa0787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:61:72:10:ec:af:77:2d:3c:7a:9f:ac:fa:71:
                    bc:63:57:16:75:f3:44:10:7f:25:3e:2e:22:23:a4:
                    b8:18:43:51:8d:74:55:c0:a6:84:2f:df:a1:6a:a7:
                    1e:c9:ad:b8:35:8f:3b:52:6f:04:e0:e8:e0:4e:d9:
                    f0:76:4d:95:e4:69:84:0d:30:d4:e5:59:90:0d:1e:
                    8a:62:1b:6b:a0:89:a0:c9:0f:c5:14:68:7d:c8:4b:
                    ff:07:b2:88:a1:39:1a:d4:ec:a3:73:c7:3a:a8:28:
                    83:fc:0d:ca:06:62:59:5d:cb:31:bd:ec:d5:89:ea:
                    98:66:c7:92:4e:4e:01:71:77:92:0b:3b:bd:e2:3f:
                    69:3d:ea:d5:b4:13:d5:fa:c1:cd:26:65:fa:72:12:
                    05:9d:9a:92:3f:84:c2:69:13:a1:96:0e:fc:dc:f0:
                    5c:ad:23:9e:c4:78:de:32:35:66:9a:fa:69:12:e4:
                    72:db:2f:fb:9f:33:fd:53:29:34:e9:51:84:e9:a4:
                    14:e0:90:d1:6e:e4:f2:b3:05:1b:d1:ec:24:31:4b:
                    86:9c:d9:5c:8b:f5:03:5e:e7:09:96:b5:ba:d7:bb:
                    bd:30:02:a3:ef:9b:b1:ba:e0:a7:7e:2a:b3:57:77:
                    10:82:71:3c:bc:25:54:1b:45:b5:2a:f9:10:01:b0:
                    a8:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:3A:D8:08:F7:27:5B:26:C5:BE:65:22:D9:18:09:ED:B7:FA:07:87
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/JjrYCPcnWybFvmUi2RgJ7bf6B4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b82::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:8c:87:13:39:21:f3:48:fe:89:a0:f8:ba:ee:7c:7f:0f:76:
         de:76:d0:c6:6d:1b:42:b7:07:f7:83:bc:4b:b9:a4:16:27:14:
         3e:f7:af:5a:55:08:18:f8:4c:d2:37:82:87:bd:d7:a5:61:f7:
         6c:87:8b:dc:c7:b5:c6:d2:2a:ba:5d:ff:8d:d4:b8:68:cd:4a:
         0d:e9:89:5b:0c:b3:67:03:e6:96:6f:4e:b5:26:75:92:b9:bb:
         d4:bf:34:86:36:62:06:4d:e4:64:cd:56:08:e1:fb:64:ab:5b:
         00:c0:7a:5c:0f:b7:4d:d6:fe:2b:3e:c9:0f:21:74:12:fc:95:
         59:2e:6b:90:b4:4f:a5:26:0c:22:86:0a:68:36:ca:24:52:8f:
         eb:ca:e4:2f:d6:f2:c4:40:5b:32:db:57:64:c6:8f:57:ed:35:
         c7:9a:51:7b:9c:a8:82:8a:a7:90:9b:e7:a2:8c:26:95:47:ea:
         1a:d6:9b:b4:56:90:7a:b0:f7:60:b9:c0:21:2e:c1:88:15:43:
         57:aa:5e:63:62:4c:32:27:bd:13:6d:56:6b:b3:4f:0f:a9:24:
         01:05:1c:20:87:40:d9:48:4e:ae:f7:61:dc:0d:e5:1b:0c:5b:
         bf:ff:4d:f2:aa:80:a6:63:31:2b:dd:d0:fd:25:46:4c:b6:e8:
         05:37:dd:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/vNNTdLBU6JF9lrkRpz4EOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwNjA2MjAxOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjNhZDgwOGY3Mjc1YjI2YzViZTY1MjJkOTE4MDllZGI3ZmEwNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2FyEOyvdy08ep+s+nG8Y1cWdfNE
EH8lPi4iI6S4GENRjXRVwKaEL9+haqceya24NY87Um8E4OjgTtnwdk2V5GmEDTDU
5VmQDR6KYhtroImgyQ/FFGh9yEv/B7KIoTka1Oyjc8c6qCiD/A3KBmJZXcsxvezV
ieqYZseSTk4BcXeSCzu94j9pPerVtBPV+sHNJmX6chIFnZqSP4TCaROhlg783PBc
rSOexHjeMjVmmvppEuRy2y/7nzP9Uyk06VGE6aQU4JDRbuTyswUb0ewkMUuGnNlc
i/UDXucJlrW617u9MAKj75uxuuCnfiqzV3cQgnE8vCVUG0W1KvkQAbCofQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCY62Aj3J1smxb5lItkYCe23+geHMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvSmpyWUNQY25XeWJGdm1VaTJSZ0o3YmY2QjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtrgjAN
BgkqhkiG9w0BAQsFAAOCAQEAoIyHEzkh80j+iaD4uu58fw923nbQxm0bQrcH94O8
S7mkFicUPvevWlUIGPhM0jeCh73XpWH3bIeL3Me1xtIqul3/jdS4aM1KDemJWwyz
ZwPmlm9OtSZ1krm71L80hjZiBk3kZM1WCOH7ZKtbAMB6XA+3Tdb+Kz7JDyF0EvyV
WS5rkLRPpSYMIoYKaDbKJFKP68rkL9byxEBbMttXZMaPV+01x5pRe5yogoqnkJvn
oowmlUfqGtabtFaQerD3YLnAIS7BiBVDV6peY2JMMie9E21Wa7NPD6kkAQUcIIdA
2UhOrvdh3A3lGwxbv/9N8qqApmMxK93Q/SVGTLboBTfdkQ==
-----END CERTIFICATE-----