Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/jVVts-H0C4rep8lfQJEAV1jsgfI.roa
File:                     jVVts-H0C4rep8lfQJEAV1jsgfI.roa (raw, json)
Hash identifier:          qoeoqgoFbg3cTZBgT1+JH3LD8lX7qLnyMngxiVAplqQ=
Subject key identifier:   8D:55:6D:B3:E1:F4:0B:8A:DE:A7:C9:5F:40:91:00:57:58:EC:81:F2
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01931D68D6FC329B25A0B676B661FF72C985
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/jVVts-H0C4rep8lfQJEAV1jsgfI.roa
Signing time:             Mon 11 Nov 2024 22:47:10 +0000
ROA not before:           Mon 11 Nov 2024 22:47:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20485
IP address blocks:        2a0a:3543::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1d:68:d6:fc:32:9b:25:a0:b6:76:b6:61:ff:72:c9:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Nov 11 22:47:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d556db3e1f40b8adea7c95f4091005758ec81f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:76:94:6a:70:bc:c4:54:53:76:9b:68:64:0f:
                    b4:6a:f9:ad:7a:ab:47:c7:ad:fa:4f:14:66:45:1a:
                    8a:a9:ab:d0:84:d6:88:a9:ed:c2:1b:e5:90:cc:e7:
                    7c:85:b1:56:cc:3b:a2:d6:75:86:c7:85:15:54:68:
                    56:c0:c2:d0:d5:4a:36:10:8a:08:ad:61:33:a1:cc:
                    5d:85:31:68:51:50:ef:42:47:c6:74:3e:81:a8:2f:
                    a7:8f:35:0e:a5:1d:bd:d9:62:19:0b:08:72:06:fd:
                    3c:12:e0:a0:f3:2f:6d:f1:7f:64:b5:6e:b3:92:e5:
                    5a:38:cc:6e:fa:7b:79:94:6c:1f:e4:b8:1b:d2:56:
                    b6:39:34:6a:60:98:5d:83:6f:f9:2f:53:79:85:57:
                    0f:54:63:0a:2f:4b:e4:d6:0a:ae:55:72:d9:da:43:
                    f8:32:2d:bc:21:8f:85:ac:42:f1:b3:f2:ca:d1:a6:
                    65:17:f1:49:12:26:61:89:7a:48:10:c9:aa:18:61:
                    2d:27:7c:62:ce:46:a2:53:a6:d9:d9:32:f6:be:26:
                    f5:e7:7b:7b:0a:d2:3d:25:1a:d5:a7:f1:82:12:89:
                    a4:9c:3d:b9:6b:f4:42:4b:92:3c:80:69:22:2d:71:
                    fc:6a:58:b4:2d:e9:39:68:4e:7f:c7:91:ad:55:c5:
                    04:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:55:6D:B3:E1:F4:0B:8A:DE:A7:C9:5F:40:91:00:57:58:EC:81:F2
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/jVVts-H0C4rep8lfQJEAV1jsgfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:3543::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:9f:23:a0:c7:15:04:25:3b:8e:c9:f1:3a:ca:10:29:97:23:
         c2:bf:47:25:2a:ea:15:bc:94:2f:7f:fe:9f:51:bb:94:d2:93:
         aa:a4:b4:a2:c9:d8:88:c2:0b:f7:2b:4e:ae:dc:11:41:f6:65:
         df:4b:19:26:91:f9:59:af:f4:a0:27:1e:d4:dd:85:a1:c0:09:
         96:64:1b:5d:f3:1d:53:5e:c1:95:86:f4:42:ac:87:c6:6d:ff:
         21:9d:b5:23:ed:f0:1c:e9:48:80:d8:2d:f6:34:25:4b:d7:eb:
         12:d3:46:45:61:5d:61:8c:7b:94:91:f4:0e:ba:f9:6b:41:7b:
         fb:57:c3:db:e3:c0:3d:7d:01:02:3a:08:97:85:18:f1:30:be:
         76:fb:1b:1f:66:59:eb:e1:45:70:8e:90:cc:9b:80:b2:5f:19:
         6f:ea:db:38:b2:23:46:9f:c5:65:36:35:78:c7:ce:28:6a:71:
         8d:24:9c:36:77:80:2d:e5:99:70:6a:14:19:dd:95:44:cf:f9:
         9f:6a:fb:8e:ec:e3:9a:90:32:75:a9:9b:38:91:8e:76:2c:40:
         5f:90:e4:70:28:19:51:bc:44:31:0c:2a:52:27:46:4b:47:bd:
         be:9b:e2:e2:8e:22:53:4f:9b:8e:0d:68:84:c3:e8:7c:0e:0a:
         44:ec:85:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMdaNb8MpsloLZ2tmH/csmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQxMTExMjI0NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDU1NmRiM2UxZjQwYjhhZGVhN2M5NWY0MDkxMDA1NzU4ZWM4MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3aUanC8xFRTdptoZA+0avmteqtH
x636TxRmRRqKqavQhNaIqe3CG+WQzOd8hbFWzDui1nWGx4UVVGhWwMLQ1Uo2EIoI
rWEzocxdhTFoUVDvQkfGdD6BqC+njzUOpR292WIZCwhyBv08EuCg8y9t8X9ktW6z
kuVaOMxu+nt5lGwf5Lgb0la2OTRqYJhdg2/5L1N5hVcPVGMKL0vk1gquVXLZ2kP4
Mi28IY+FrELxs/LK0aZlF/FJEiZhiXpIEMmqGGEtJ3xizkaiU6bZ2TL2vib153t7
CtI9JRrVp/GCEomknD25a/RCS5I8gGkiLXH8ali0Lek5aE5/x5GtVcUE3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI1VbbPh9AuK3qfJX0CRAFdY7IHyMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvalZWdHMtSDBDNHJlcDhsZlFKRUFWMWpzZ2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgo1QzAN
BgkqhkiG9w0BAQsFAAOCAQEAUZ8joMcVBCU7jsnxOsoQKZcjwr9HJSrqFbyUL3/+
n1G7lNKTqqS0osnYiMIL9ytOrtwRQfZl30sZJpH5Wa/0oCce1N2FocAJlmQbXfMd
U17BlYb0QqyHxm3/IZ21I+3wHOlIgNgt9jQlS9frEtNGRWFdYYx7lJH0Drr5a0F7
+1fD2+PAPX0BAjoIl4UY8TC+dvsbH2ZZ6+FFcI6QzJuAsl8Zb+rbOLIjRp/FZTY1
eMfOKGpxjSScNneALeWZcGoUGd2VRM/5n2r7juzjmpAydambOJGOdixAX5DkcCgZ
UbxEMQwqUidGS0e9vpvi4o4iU0+bjg1ohMPofA4KROyFnQ==
-----END CERTIFICATE-----