Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/j7PzXo_C9wrJS3cCrUgQVgE5aq4.roa
File:                     j7PzXo_C9wrJS3cCrUgQVgE5aq4.roa (raw, json)
Hash identifier:          TpwUYrkVwIBKmq3kWfm1uZapg5jg9Q9t+zAXqND6e3k=
Subject key identifier:   8F:B3:F3:5E:8F:C2:F7:0A:C9:4B:77:02:AD:48:10:56:01:39:6A:AE
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       018CC4930A8D77291E3C87E50C9D5E6D814B
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/j7PzXo_C9wrJS3cCrUgQVgE5aq4.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51454
IP address blocks:        2a01:190:15f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0a:8d:77:29:1e:3c:87:e5:0c:9d:5e:6d:81:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fb3f35e8fc2f70ac94b7702ad48105601396aae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ef:63:5a:7b:84:d0:d1:1f:78:b1:c6:96:6d:
                    20:8c:5c:32:5a:a8:60:7b:df:0c:92:d8:2e:b9:36:
                    fd:20:f9:98:27:97:7b:9e:7a:62:fb:de:15:6b:81:
                    41:8a:e8:cf:0b:47:ab:72:d8:f2:9e:03:e8:4d:49:
                    51:ca:37:e9:35:af:ab:6c:55:a4:ff:25:20:4f:18:
                    a8:84:c8:d1:71:3c:8a:c9:da:ff:c9:5f:c8:41:0c:
                    1f:a2:61:22:29:33:53:c7:4f:cb:15:69:d2:d9:cf:
                    ee:2f:60:b8:82:51:2f:85:5b:c3:00:44:a5:73:15:
                    98:7b:2e:54:68:b6:57:35:7a:be:1c:f7:9b:02:33:
                    1b:38:f4:39:35:99:2f:08:e5:bf:16:d7:cf:2c:c5:
                    e8:58:17:17:5f:3a:ab:35:e4:b9:8b:ef:15:5a:5a:
                    cb:49:e6:1b:dd:f6:aa:0b:8e:33:f2:b7:82:f4:4c:
                    1a:b2:5c:46:bb:c7:74:02:93:7f:f1:10:87:c7:38:
                    f3:84:85:1b:a8:19:9a:3a:10:7e:74:b8:5c:83:91:
                    d5:df:0b:bc:68:0d:90:5a:58:eb:1f:25:0a:1c:f5:
                    d0:37:53:cb:31:d3:c0:22:84:fa:b7:2b:71:37:ab:
                    6e:77:3d:95:52:7d:cf:a6:95:ff:83:dc:f1:c7:b2:
                    cc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B3:F3:5E:8F:C2:F7:0A:C9:4B:77:02:AD:48:10:56:01:39:6A:AE
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/j7PzXo_C9wrJS3cCrUgQVgE5aq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:190:15f::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:c2:c2:97:1d:9b:58:c6:a8:46:5a:a0:ca:75:84:cb:0b:ae:
         1f:d5:4f:18:7a:75:36:92:3b:9c:ff:47:21:a7:27:e8:13:d6:
         7c:c5:b6:c6:ff:c1:4d:52:bc:05:f1:79:2b:2e:53:04:46:f9:
         83:67:12:b8:bc:6c:38:2b:a8:79:1e:0a:d3:19:b7:c7:fe:6d:
         4c:1d:24:55:aa:4b:22:00:0b:5d:19:f8:25:ba:58:5c:31:03:
         1c:62:c1:d7:16:07:fa:9e:f8:fe:08:e7:ef:00:7b:cf:0f:1b:
         54:3b:ad:50:3d:3d:43:a1:49:23:c1:47:40:a5:d4:2f:b8:5c:
         ee:7c:e1:70:1a:97:03:eb:04:94:03:2d:01:e1:a9:57:67:bd:
         98:da:c9:b2:27:df:b5:11:85:61:bf:94:e9:a6:a9:48:81:ca:
         d8:f3:3b:a9:2b:66:26:f5:6e:01:a8:16:3f:55:3c:02:02:1b:
         4f:48:28:3f:88:97:ba:ef:b9:c8:8f:7c:21:f1:c7:84:43:70:
         f6:db:78:15:c1:fc:0f:6f:b9:4c:73:7c:77:13:e6:72:6e:79:
         e1:3c:b1:36:65:a1:ce:62:98:25:03:12:f1:4e:33:ed:e6:be:
         3e:1e:9b:a4:c1:0f:a1:24:29:d0:e6:3b:35:a0:b0:7a:cd:f4:
         9f:48:e8:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkwqNdykePIflDJ1ebYFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIzZjM1ZThmYzJmNzBhYzk0Yjc3MDJhZDQ4MTA1NjAxMzk2YWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO9jWnuE0NEfeLHGlm0gjFwyWqhg
e98MktguuTb9IPmYJ5d7nnpi+94Va4FBiujPC0erctjyngPoTUlRyjfpNa+rbFWk
/yUgTxiohMjRcTyKydr/yV/IQQwfomEiKTNTx0/LFWnS2c/uL2C4glEvhVvDAESl
cxWYey5UaLZXNXq+HPebAjMbOPQ5NZkvCOW/FtfPLMXoWBcXXzqrNeS5i+8VWlrL
SeYb3faqC44z8reC9EwaslxGu8d0ApN/8RCHxzjzhIUbqBmaOhB+dLhcg5HV3wu8
aA2QWljrHyUKHPXQN1PLMdPAIoT6tytxN6tudz2VUn3PppX/g9zxx7LMXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI+z816PwvcKyUt3Aq1IEFYBOWquMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEvajdQelhvX0M5d3JKUzNjQ3JVZ1FWZ0U1YXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEBkAFf
MA0GCSqGSIb3DQEBCwUAA4IBAQCVwsKXHZtYxqhGWqDKdYTLC64f1U8YenU2kjuc
/0chpyfoE9Z8xbbG/8FNUrwF8XkrLlMERvmDZxK4vGw4K6h5HgrTGbfH/m1MHSRV
qksiAAtdGfglulhcMQMcYsHXFgf6nvj+COfvAHvPDxtUO61QPT1DoUkjwUdApdQv
uFzufOFwGpcD6wSUAy0B4alXZ72Y2smyJ9+1EYVhv5TppqlIgcrY8zupK2Ym9W4B
qBY/VTwCAhtPSCg/iJe677nIj3wh8ceEQ3D223gVwfwPb7lMc3x3E+ZybnnhPLE2
ZaHOYpglAxLxTjPt5r4+HpukwQ+hJCnQ5js1oLB6zfSfSOgw
-----END CERTIFICATE-----