Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/JO560GUDw2NJPGamop04QqVhiAk.roa
File:                     JO560GUDw2NJPGamop04QqVhiAk.roa (raw, json)
Hash identifier:          9T2mPFkfis+ljwyCNfLWOFpbN5Jr32OBOFE1cJSZmhg=
Subject key identifier:   24:EE:7A:D0:65:03:C3:63:49:3C:66:A6:A2:9D:38:42:A5:61:88:09
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFDD305096BD3AC45FB49AD5E7CC1
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/JO560GUDw2NJPGamop04QqVhiAk.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139589
IP address blocks:        2a0f:5707:ac02::/48 maxlen: 48
                          2a0f:5707:ac01::/48 maxlen: 48
                          2a0f:5707:ac00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fd:d3:05:09:6b:d3:ac:45:fb:49:ad:5e:7c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24ee7ad06503c363493c66a6a29d3842a5618809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:62:df:66:d0:8e:fe:7e:5d:8c:3e:eb:ba:8d:
                    12:52:42:93:cc:1d:f9:f7:b2:4f:47:20:54:69:50:
                    49:3a:d9:6c:12:0e:6e:a3:73:b8:97:01:c3:9d:5c:
                    6d:c9:2d:9f:2b:8d:f4:7b:53:d2:43:4f:e3:99:79:
                    17:4c:44:92:87:fd:a2:30:93:28:77:37:17:80:7b:
                    52:b0:b7:9d:15:7e:b8:69:ef:53:71:09:e8:df:c1:
                    db:d2:b6:7e:0f:73:84:99:c5:e8:8c:e9:3c:5b:2a:
                    6d:16:4d:11:c0:c9:6d:f9:98:41:fc:cf:41:40:53:
                    d1:c1:b0:89:b4:b2:5b:2d:64:aa:c0:a2:2a:13:65:
                    2b:0b:6c:d4:5e:8f:a1:31:f2:4e:1a:86:dd:05:f1:
                    10:cb:90:7a:40:e8:30:f9:65:d0:63:ea:bf:a9:aa:
                    29:51:b8:53:71:33:c1:f6:e4:45:5a:37:09:09:17:
                    80:09:05:b8:1b:dd:fd:cd:09:76:21:e6:d3:16:99:
                    9b:01:86:b7:87:fd:67:1a:6f:ec:28:10:f0:e8:48:
                    71:1a:45:bf:aa:bd:53:40:c5:45:18:82:1c:7a:91:
                    54:aa:9e:bd:db:d8:19:d3:37:61:10:57:7b:d5:74:
                    1c:d3:34:08:d9:40:9b:1e:0a:a5:fe:50:35:2a:7d:
                    58:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:EE:7A:D0:65:03:C3:63:49:3C:66:A6:A2:9D:38:42:A5:61:88:09
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/JO560GUDw2NJPGamop04QqVhiAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ac00::-2a0f:5707:ac02:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a3:0f:fe:1f:4f:35:65:ae:bd:f5:56:26:4c:a9:a5:ca:97:a9:
         7d:5c:bd:bb:99:ab:b2:bd:d6:f3:1e:e0:7b:31:fd:2a:b2:c5:
         55:22:12:b9:bf:5b:9f:05:bd:3c:54:71:49:e3:f6:0e:8e:92:
         ee:7a:af:16:7c:f1:6f:cc:03:4a:c9:fd:f4:26:90:79:ea:3d:
         23:c7:e3:03:ee:6d:f0:65:42:33:ef:51:ef:cd:a1:2d:dc:44:
         2d:59:e8:5c:29:eb:2b:e8:95:d3:2c:a8:c4:c3:5a:ac:9c:fc:
         13:44:bd:32:4b:27:a2:39:48:4e:3e:68:74:83:46:2c:ac:fa:
         10:70:c2:88:99:da:2c:2b:3a:81:75:49:b1:e6:cc:84:67:71:
         76:a9:83:e6:4f:55:45:c4:94:73:bb:fd:e0:7e:ea:fc:38:9c:
         c5:d1:04:20:cf:4a:7c:c6:b9:37:c2:66:7d:fb:43:b1:27:4a:
         0a:ab:2f:5a:c8:1d:7f:54:f2:d9:ff:ee:05:66:3e:20:3a:8f:
         ea:f7:05:c5:e1:e0:fa:29:14:de:e6:98:b0:27:7d:29:d6:89:
         21:02:d4:d5:41:3c:15:80:99:f5:9c:24:0e:8b:b9:97:ad:4a:
         0a:e9:94:d0:00:4d:87:51:75:25:de:5a:89:cb:d9:7b:52:98:
         98:5c:58:c3
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzC2v3TBQlr06xF+0mtXnzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGVlN2FkMDY1MDNjMzYzNDkzYzY2YTZhMjlkMzg0MmE1NjE4ODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGLfZtCO/n5djD7ruo0SUkKTzB35
97JPRyBUaVBJOtlsEg5uo3O4lwHDnVxtyS2fK430e1PSQ0/jmXkXTESSh/2iMJMo
dzcXgHtSsLedFX64ae9TcQno38Hb0rZ+D3OEmcXojOk8WyptFk0RwMlt+ZhB/M9B
QFPRwbCJtLJbLWSqwKIqE2UrC2zUXo+hMfJOGobdBfEQy5B6QOgw+WXQY+q/qaop
UbhTcTPB9uRFWjcJCReACQW4G939zQl2IebTFpmbAYa3h/1nGm/sKBDw6EhxGkW/
qr1TQMVFGIIcepFUqp6929gZ0zdhEFd71XQc0zQI2UCbHgql/lA1Kn1YJQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFCTuetBlA8NjSTxmpqKdOEKlYYgJMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvSk81NjBHVUR3Mk5KUEdhbW9wMDRRcVZoaUFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATMBEDBgIqD1cH
rAMHACoPVwesAjANBgkqhkiG9w0BAQsFAAOCAQEAow/+H081Za699VYmTKmlypep
fVy9u5mrsr3W8x7gezH9KrLFVSISub9bnwW9PFRxSeP2Do6S7nqvFnzxb8wDSsn9
9CaQeeo9I8fjA+5t8GVCM+9R782hLdxELVnoXCnrK+iV0yyoxMNarJz8E0S9Mksn
ojlITj5odINGLKz6EHDCiJnaLCs6gXVJsebMhGdxdqmD5k9VRcSUc7v94H7q/Dic
xdEEIM9KfMa5N8JmfftDsSdKCqsvWsgdf1Ty2f/uBWY+IDqP6vcFxeHg+ikU3uaY
sCd9KdaJIQLU1UE8FYCZ9ZwkDou5l61KCumU0ABNh1F1Jd5aicvZe1KYmFxYww==
-----END CERTIFICATE-----