Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/JHuhKatMJbEWDjhPdzJcsyiWUUw.roa
File:                     JHuhKatMJbEWDjhPdzJcsyiWUUw.roa (raw, json)
Hash identifier:          6ngNDiFFa331NSPXYPWaY2H+X27VH69OEQm3fSh9SaE=
Subject key identifier:   24:7B:A1:29:AB:4C:25:B1:16:0E:38:4F:77:32:5C:B3:28:96:51:4C
Certificate issuer:       /CN=2ef957aba2ef00352850e202464c71d33ca81448
Certificate serial:       018CC493094C640995190A819DA66AE394E7
Authority key identifier: 2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/JHuhKatMJbEWDjhPdzJcsyiWUUw.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2486
IP address blocks:        2001:660:3005::/48 maxlen: 48
                          2001:660:3006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:09:4c:64:09:95:19:0a:81:9d:a6:6a:e3:94:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef957aba2ef00352850e202464c71d33ca81448
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=247ba129ab4c25b1160e384f77325cb32896514c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d0:d5:a6:16:1e:fd:d1:95:fa:88:38:6e:02:
                    0f:c2:30:90:aa:fa:49:0d:aa:cc:e0:7b:8c:db:e5:
                    d3:18:e0:37:06:04:c7:a8:2e:a7:a5:69:22:45:8e:
                    ec:9f:f2:aa:3f:a0:0f:04:a9:7d:b9:a0:96:65:d2:
                    a0:74:e0:b5:04:99:8f:7a:c6:69:ee:4d:5f:89:e9:
                    86:2d:62:a8:a5:73:e0:cf:4f:29:b3:ac:a5:95:a4:
                    54:4e:0d:10:ff:f9:74:f7:f6:4a:9b:9e:a7:73:e3:
                    05:5c:f9:8e:40:81:24:1c:74:7f:16:8e:76:d7:14:
                    c6:19:a4:ec:bf:c9:b1:03:9f:be:79:14:5c:7e:ff:
                    8f:a7:13:8e:50:eb:3f:48:51:a9:3f:62:cc:ee:e0:
                    d2:87:af:93:cb:d0:52:2a:ca:7a:d7:84:ec:09:de:
                    7e:34:42:47:00:22:3e:b1:b0:3f:ba:f4:51:d2:21:
                    89:2e:7d:73:93:7e:cf:d6:78:e8:d0:60:ff:03:0c:
                    c7:71:11:59:b6:44:e7:12:b6:d8:4c:96:fd:86:07:
                    01:1f:0b:b2:75:cf:e5:b3:ca:62:33:6b:e6:5b:c7:
                    0f:7b:a0:7f:f9:1d:d6:f0:24:b5:47:9c:6c:e4:8b:
                    fa:90:fe:60:9f:aa:4d:70:d5:1c:17:f6:15:47:9b:
                    ca:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:7B:A1:29:AB:4C:25:B1:16:0E:38:4F:77:32:5C:B3:28:96:51:4C
            X509v3 Authority Key Identifier:
                keyid:2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/JHuhKatMJbEWDjhPdzJcsyiWUUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:660:3005::-2001:660:3006:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         88:c3:48:bd:30:6f:22:2b:de:9f:d3:95:89:6f:e4:84:e3:a5:
         a0:f5:5a:ba:d0:f9:a1:00:ac:1d:04:fd:f6:af:b7:a7:35:20:
         66:37:ae:1a:e0:60:83:ad:98:4a:82:2e:1f:e1:71:ab:e8:d2:
         8e:6b:1a:6d:36:3e:13:fc:ea:8e:c5:64:f3:34:f4:19:b7:69:
         96:22:a1:7f:a0:d0:84:fe:05:27:14:40:0e:8c:d0:68:ee:9e:
         a8:26:67:31:6a:d5:d1:e2:3b:9e:ef:46:93:8f:e3:fa:ad:a3:
         ac:7e:06:30:e9:21:49:09:19:ec:c2:fa:c2:b1:e0:a4:b7:52:
         96:b8:be:64:38:dc:54:b8:dc:e3:a4:33:36:39:e2:90:ba:e1:
         a5:58:74:24:e7:a6:23:fa:94:03:e1:a7:ca:48:84:d5:83:4a:
         d6:4d:76:29:88:c1:aa:34:a9:47:57:90:30:93:58:70:0d:9e:
         8b:1a:c5:93:51:78:25:51:90:8f:7d:01:9e:94:1e:91:de:80:
         ee:02:54:14:97:96:0f:87:fb:66:46:b6:98:27:4a:e7:0e:b9:
         d1:9b:18:02:3f:bf:6c:51:22:49:8a:20:10:e5:b5:47:68:a6:
         b9:2a:79:04:6b:b7:c7:1b:e3:e5:5a:9c:25:02:94:b6:c0:ed:
         d6:01:30:25
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEkwlMZAmVGQqBnaZq45TnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjk1N2FiYTJlZjAwMzUyODUwZTIwMjQ2NGM3MWQzM2Nh
ODE0NDgwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDdiYTEyOWFiNGMyNWIxMTYwZTM4NGY3NzMyNWNiMzI4OTY1MTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdDVphYe/dGV+og4bgIPwjCQqvpJ
DarM4HuM2+XTGOA3BgTHqC6npWkiRY7sn/KqP6APBKl9uaCWZdKgdOC1BJmPesZp
7k1fiemGLWKopXPgz08ps6yllaRUTg0Q//l09/ZKm56nc+MFXPmOQIEkHHR/Fo52
1xTGGaTsv8mxA5++eRRcfv+PpxOOUOs/SFGpP2LM7uDSh6+Ty9BSKsp614TsCd5+
NEJHACI+sbA/uvRR0iGJLn1zk37P1njo0GD/AwzHcRFZtkTnErbYTJb9hgcBHwuy
dc/ls8piM2vmW8cPe6B/+R3W8CS1R5xs5Iv6kP5gn6pNcNUcF/YVR5vKAwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCR7oSmrTCWxFg44T3cyXLMollFMMB8GA1UdIwQY
MBaAFC75V6ui7wA1KFDiAkZMcdM8qBRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYt
MDRhMjdjNGQ1NDUzLzEvSkh1aEthdE1KYkVXRGpoUGR6SmNzeWlXVVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYtMDRhMjdjNGQ1NDUz
LzEvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAgAQZg
MAUDBwAgAQZgMAYwDQYJKoZIhvcNAQELBQADggEBAIjDSL0wbyIr3p/TlYlv5ITj
paD1WrrQ+aEArB0E/favt6c1IGY3rhrgYIOtmEqCLh/hcavo0o5rGm02PhP86o7F
ZPM09Bm3aZYioX+g0IT+BScUQA6M0GjunqgmZzFq1dHiO57vRpOP4/qto6x+BjDp
IUkJGezC+sKx4KS3Upa4vmQ43FS43OOkMzY54pC64aVYdCTnpiP6lAPhp8pIhNWD
StZNdimIwao0qUdXkDCTWHANnosaxZNReCVRkI99AZ6UHpHegO4CVBSXlg+H+2ZG
tpgnSucOudGbGAI/v2xRIkmKIBDltUdoprkqeQRrt8cb4+VanCUClLbA7dYBMCU=
-----END CERTIFICATE-----