Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/bJdAGHl0a8RzydhgD9x1FLbziaI.roa
File:                     bJdAGHl0a8RzydhgD9x1FLbziaI.roa (raw, json)
Hash identifier:          mdEfodWfJ1oyMNpMvHkSA5UEXTW6dH15v7k8GbPPUdA=
Subject key identifier:   6C:97:40:18:79:74:6B:C4:73:C9:D8:60:0F:DC:75:14:B6:F3:89:A2
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC727552C3F069FC5C566A670973963D8
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/bJdAGHl0a8RzydhgD9x1FLbziaI.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51391
IP address blocks:        2a0b:6b86:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:55:2c:3f:06:9f:c5:c5:66:a6:70:97:39:63:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c97401879746bc473c9d8600fdc7514b6f389a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:44:b2:fa:4c:bd:60:56:1f:dc:d8:ac:39:1b:
                    c1:cc:45:76:15:04:24:41:d9:c5:75:6f:3c:eb:c7:
                    ba:ba:b7:2b:f8:7e:c3:1f:17:e6:88:52:59:4d:04:
                    52:a4:2c:06:d9:af:cf:c0:60:98:64:48:f5:01:3d:
                    55:aa:16:9c:b1:bb:51:bc:30:07:f6:07:dd:f8:e0:
                    8e:e0:ee:16:51:97:0e:bb:13:56:f8:f3:8a:7e:c6:
                    4d:0f:28:e4:9a:9f:31:e9:6b:02:1b:f1:5f:ee:2d:
                    96:48:b3:72:52:ee:54:b7:1e:af:cb:f6:2e:f7:e6:
                    c9:eb:9e:b7:01:47:fc:7c:2d:43:13:fa:9e:88:4c:
                    aa:07:fc:07:d7:65:07:95:5f:3a:e1:f9:08:45:ab:
                    b7:1d:2a:02:b2:e1:f9:56:14:60:4d:97:8d:4e:f8:
                    15:65:36:8c:b9:93:ea:9b:76:06:a3:00:4b:10:33:
                    db:20:03:59:dd:19:bc:be:79:a2:17:cd:18:b1:a6:
                    3a:b3:43:a0:6b:50:cf:d3:8f:e0:9b:06:a6:c6:3a:
                    4b:83:1e:12:87:56:57:39:8b:fe:ed:0e:ae:cd:e8:
                    01:dc:25:c3:9f:c6:b4:2f:2c:79:91:d9:96:f7:69:
                    c5:2c:8b:f0:80:86:ed:c6:d8:6b:10:99:77:7f:85:
                    40:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:97:40:18:79:74:6B:C4:73:C9:D8:60:0F:DC:75:14:B6:F3:89:A2
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/bJdAGHl0a8RzydhgD9x1FLbziaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         b4:c8:0e:02:a5:4b:80:e6:e1:07:ea:9a:48:e9:af:3d:2f:8d:
         4c:64:2d:69:d3:19:4d:b1:5e:d2:e7:73:e5:7b:0d:ff:31:71:
         9e:a1:d3:43:25:57:99:9a:12:d9:44:b7:9d:00:c7:c0:ea:f0:
         15:5a:d3:55:01:2e:bd:93:c4:c8:f9:99:6a:d0:9f:8d:b1:35:
         ba:ff:05:e0:3c:17:db:2c:93:87:90:4b:8d:2e:cd:1d:6e:15:
         5f:d1:4b:47:9e:4c:a6:18:66:ba:18:fc:d9:50:02:21:09:68:
         1d:aa:aa:28:42:0b:8f:51:49:f7:78:31:26:d5:d3:63:3f:6d:
         4f:9e:73:c9:ff:21:5c:62:be:07:c0:f0:82:77:98:36:48:8c:
         e0:a6:36:70:2b:1e:e3:38:9b:de:a8:72:e0:3b:80:a4:09:88:
         bb:56:fe:b6:ba:d2:8c:fb:9a:af:b5:31:d4:89:b3:47:e7:34:
         6b:08:91:82:78:84:ff:10:46:f4:0c:86:bd:7f:4e:49:10:ca:
         da:78:aa:fc:01:84:b5:4d:15:59:99:46:a0:3f:ca:7f:2e:e6:
         c3:ff:5c:32:29:87:d5:89:c0:57:97:f6:50:12:d8:af:ca:b8:
         d2:97:41:42:68:64:8f:e6:2b:e2:74:e1:c5:a9:aa:e4:d7:66:
         05:de:f8:53
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1UsPwafxcVmpnCXOWPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzk3NDAxODc5NzQ2YmM0NzNjOWQ4NjAwZmRjNzUxNGI2ZjM4OWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjESy+ky9YFYf3NisORvBzEV2FQQk
QdnFdW8868e6urcr+H7DHxfmiFJZTQRSpCwG2a/PwGCYZEj1AT1VqhacsbtRvDAH
9gfd+OCO4O4WUZcOuxNW+POKfsZNDyjkmp8x6WsCG/Ff7i2WSLNyUu5Utx6vy/Yu
9+bJ6563AUf8fC1DE/qeiEyqB/wH12UHlV864fkIRau3HSoCsuH5VhRgTZeNTvgV
ZTaMuZPqm3YGowBLEDPbIANZ3Rm8vnmiF80YsaY6s0Oga1DP04/gmwamxjpLgx4S
h1ZXOYv+7Q6uzegB3CXDn8a0Lyx5kdmW92nFLIvwgIbtxthrEJl3f4VAlQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGyXQBh5dGvEc8nYYA/cdRS284miMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvYkpkQUdIbDBhOFJ6eWRoZ0Q5eDFGTGJ6aWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgEw
DQYJKoZIhvcNAQELBQADggEBALTIDgKlS4Dm4Qfqmkjprz0vjUxkLWnTGU2xXtLn
c+V7Df8xcZ6h00MlV5maEtlEt50Ax8Dq8BVa01UBLr2TxMj5mWrQn42xNbr/BeA8
F9ssk4eQS40uzR1uFV/RS0eeTKYYZroY/NlQAiEJaB2qqihCC49RSfd4MSbV02M/
bU+ec8n/IVxivgfA8IJ3mDZIjOCmNnArHuM4m96ocuA7gKQJiLtW/ra60oz7mq+1
MdSJs0fnNGsIkYJ4hP8QRvQMhr1/TkkQytp4qvwBhLVNFVmZRqA/yn8u5sP/XDIp
h9WJwFeX9lAS2K/KuNKXQUJoZI/mK+J04cWpquTXZgXe+FM=
-----END CERTIFICATE-----