Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/Jrge4SA3eXv1WTTR8HXR0KL0SPQ.roa
File:                     Jrge4SA3eXv1WTTR8HXR0KL0SPQ.roa (raw, json)
Hash identifier:          e+7QxUyJQWuzE4Q2M95Sn1cUvQR3gTp0yxhIUJ/4PGM=
Subject key identifier:   26:B8:1E:E1:20:37:79:7B:F5:59:34:D1:F0:75:D1:D0:A2:F4:48:F4
Certificate issuer:       /CN=a9d988d1df0a6ccab2e93614951059960bad4342
Certificate serial:       018CC86F1E3CE9B08BF1B2CB67E2FAF0CB85
Authority key identifier: A9:D9:88:D1:DF:0A:6C:CA:B2:E9:36:14:95:10:59:96:0B:AD:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/Jrge4SA3eXv1WTTR8HXR0KL0SPQ.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15557
IP address blocks:        129.104.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1e:3c:e9:b0:8b:f1:b2:cb:67:e2:fa:f0:cb:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9d988d1df0a6ccab2e93614951059960bad4342
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26b81ee12037797bf55934d1f075d1d0a2f448f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a3:fd:d3:33:a7:6c:0e:0d:b9:92:37:c9:63:
                    08:3e:c6:82:05:b3:94:36:ff:6d:2b:3d:25:d5:57:
                    d4:72:be:ff:03:99:3f:4c:00:68:93:f0:26:cd:c4:
                    b5:1c:54:71:1d:6d:fe:a8:52:d9:aa:7e:4d:fc:62:
                    01:6a:63:f9:54:4d:f7:c0:3e:2e:f7:d6:2f:37:72:
                    d1:d9:57:ee:d8:d4:92:c8:a4:7f:6f:27:eb:6d:ef:
                    ed:15:2a:2e:09:53:0a:79:25:8d:e3:0b:85:53:ac:
                    64:59:65:5e:00:0d:04:62:6a:df:8c:b8:4e:28:2d:
                    70:ac:82:66:9b:fd:42:60:aa:dc:e9:ca:9e:33:0e:
                    e4:f7:40:70:fa:6c:76:0c:26:c8:fc:14:55:6d:e7:
                    cf:b5:b8:0e:75:02:9a:01:13:81:ad:0b:e2:e6:23:
                    93:54:6b:0b:0d:77:d6:94:8e:34:3b:5e:5d:bc:1c:
                    4c:3f:88:c2:2f:1a:b1:a8:43:62:41:02:1b:30:22:
                    db:69:76:9d:e7:8e:74:69:8c:87:58:89:d7:90:8d:
                    cf:0a:24:67:0f:78:84:c9:dc:23:9c:ed:92:44:05:
                    cf:aa:ae:23:e8:26:20:a5:4b:01:12:97:b4:c2:f1:
                    2f:ad:52:a2:a2:20:c4:9a:04:79:5f:27:9f:ee:8d:
                    3d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B8:1E:E1:20:37:79:7B:F5:59:34:D1:F0:75:D1:D0:A2:F4:48:F4
            X509v3 Authority Key Identifier:
                keyid:A9:D9:88:D1:DF:0A:6C:CA:B2:E9:36:14:95:10:59:96:0B:AD:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/Jrge4SA3eXv1WTTR8HXR0KL0SPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.104.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         41:4d:95:f3:ce:1b:74:ba:cf:a3:94:b3:da:cc:29:63:97:41:
         f0:09:6c:2c:a8:da:7f:3b:59:e1:4c:6c:47:66:a8:3f:47:de:
         80:17:10:cc:f9:22:95:e9:e9:e3:d3:c6:e5:fe:45:45:c8:8b:
         ef:17:35:b5:49:19:98:d8:8d:54:9e:8e:93:c9:87:c4:53:d9:
         f8:f6:ff:05:1c:28:e2:47:f9:77:ac:13:8f:19:58:6f:98:71:
         c4:ed:d7:71:ee:33:6f:9d:c0:68:53:89:c2:29:2b:03:bf:a9:
         38:47:33:40:69:8b:b8:df:1f:83:bb:36:66:8b:5f:85:16:90:
         e1:41:0d:42:4b:c1:bf:68:29:91:b8:ec:75:e8:c3:01:5b:de:
         26:14:78:b7:46:29:ed:0d:ba:e3:a5:e0:c2:c2:78:4a:8b:5d:
         be:dc:09:bb:c4:a5:60:e9:56:ad:be:33:9d:68:3d:02:75:83:
         0f:8b:14:ed:9e:8f:26:cb:29:83:06:8c:be:b9:43:fe:be:f7:
         c0:c1:24:6f:89:88:16:18:3b:08:d6:20:ca:0f:23:4d:33:e4:
         74:ec:81:e4:76:2e:91:78:75:6b:e5:7e:4a:1c:26:34:27:4d:
         c2:ef:f9:12:96:db:19:67:e9:18:c5:14:77:b2:4c:97:86:2e:
         a4:8d:25:4f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIbx486bCL8bLLZ+L68MuFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZDk4OGQxZGYwYTZjY2FiMmU5MzYxNDk1MTA1OTk2MGJh
ZDQzNDIwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmI4MWVlMTIwMzc3OTdiZjU1OTM0ZDFmMDc1ZDFkMGEyZjQ0OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6P90zOnbA4NuZI3yWMIPsaCBbOU
Nv9tKz0l1VfUcr7/A5k/TABok/AmzcS1HFRxHW3+qFLZqn5N/GIBamP5VE33wD4u
99YvN3LR2Vfu2NSSyKR/byfrbe/tFSouCVMKeSWN4wuFU6xkWWVeAA0EYmrfjLhO
KC1wrIJmm/1CYKrc6cqeMw7k90Bw+mx2DCbI/BRVbefPtbgOdQKaAROBrQvi5iOT
VGsLDXfWlI40O15dvBxMP4jCLxqxqENiQQIbMCLbaXad5450aYyHWInXkI3PCiRn
D3iEydwjnO2SRAXPqq4j6CYgpUsBEpe0wvEvrVKioiDEmgR5Xyef7o09gQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCa4HuEgN3l79Vk00fB10dCi9Ej0MB8GA1UdIwQY
MBaAFKnZiNHfCmzKsuk2FJUQWZYLrUNCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRtSTBkOEtiTXF5NlRZVWxSQlpsZ3V0UTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82NGNlOGItZmY3YS00NzQ0LTk3MTIt
ZDk3MzBmNWI1ODY3LzEvSnJnZTRTQTNlWHYxV1RUUjhIWFIwS0wwU1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82NGNlOGItZmY3YS00NzQ0LTk3MTItZDk3MzBmNWI1ODY3
LzEvcWRtSTBkOEtiTXF5NlRZVWxSQlpsZ3V0UTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgWgwDQYJ
KoZIhvcNAQELBQADggEBAEFNlfPOG3S6z6OUs9rMKWOXQfAJbCyo2n87WeFMbEdm
qD9H3oAXEMz5IpXp6ePTxuX+RUXIi+8XNbVJGZjYjVSejpPJh8RT2fj2/wUcKOJH
+XesE48ZWG+YccTt13HuM2+dwGhTicIpKwO/qThHM0Bpi7jfH4O7NmaLX4UWkOFB
DUJLwb9oKZG47HXowwFb3iYUeLdGKe0NuuOl4MLCeEqLXb7cCbvEpWDpVq2+M51o
PQJ1gw+LFO2ejybLKYMGjL65Q/6+98DBJG+JiBYYOwjWIMoPI00z5HTsgeR2LpF4
dWvlfkocJjQnTcLv+RKW2xln6RjFFHeyTJeGLqSNJU8=
-----END CERTIFICATE-----