Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Jpzaey7LirJhPevhW8fopFnmhxc.roa
File:                     Jpzaey7LirJhPevhW8fopFnmhxc.roa (raw, json)
Hash identifier:          N0jZCwXpCVIk+0GuMx33pyZoo0mYdC50jL5rN7Mk3ls=
Subject key identifier:   26:9C:DA:7B:2E:CB:8A:B2:61:3D:EB:E1:5B:C7:E8:A4:59:E6:87:17
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       018CC94CC8C289CA0797287FE88C3DFC751C
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Jpzaey7LirJhPevhW8fopFnmhxc.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59542
IP address blocks:        2a02:a43f:9800::/37 maxlen: 37
                          2a02:a43f:9000::/37 maxlen: 37
                          2a02:a43f:9000::/36 maxlen: 36
                          2a02:a43f:f000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c8:c2:89:ca:07:97:28:7f:e8:8c:3d:fc:75:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=269cda7b2ecb8ab2613debe15bc7e8a459e68717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:af:ff:37:8f:94:da:69:15:be:ee:5d:8b:3e:
                    2c:2a:10:62:96:ed:09:4f:04:7b:16:ef:4f:13:a0:
                    e3:aa:37:d4:e0:53:5b:24:7d:14:d2:20:76:02:97:
                    ef:9e:32:89:a2:3d:3b:f5:17:5d:e8:ee:fe:74:74:
                    9b:93:cf:90:04:8c:8a:31:db:d3:dd:d8:df:02:9f:
                    b0:c6:2a:84:62:b0:7c:0e:7f:69:ac:78:8a:95:2e:
                    40:65:14:b1:73:30:5e:8b:b4:9f:b8:3d:db:69:34:
                    f6:45:78:10:13:90:af:3b:b2:48:ef:e6:d0:61:7f:
                    50:a9:80:de:9f:3b:9f:b4:70:a5:e3:a4:32:ca:f2:
                    32:5f:fd:b4:08:d9:23:e7:2e:16:0d:c1:26:1d:73:
                    ea:d4:42:8d:d8:77:c3:03:51:b2:ab:e2:f0:97:b3:
                    d8:d8:71:6f:9a:1e:f2:07:13:31:b8:d4:ab:62:7a:
                    b1:ea:fb:dd:d4:ff:16:63:54:42:b1:0e:02:a8:2e:
                    5d:1a:9a:61:a1:80:58:a0:64:c2:c6:3c:33:97:60:
                    5f:42:66:5f:5f:d8:bb:cd:cb:4b:59:3b:27:fd:2f:
                    14:6a:12:8f:e5:c6:de:c6:3e:69:d5:54:1a:f0:1b:
                    76:e1:67:b4:4f:cf:5f:15:60:e6:5c:e9:9f:c6:8b:
                    58:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:9C:DA:7B:2E:CB:8A:B2:61:3D:EB:E1:5B:C7:E8:A4:59:E6:87:17
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Jpzaey7LirJhPevhW8fopFnmhxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:a43f:9000::/36
                  2a02:a43f:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0b:28:9b:f5:5e:a3:c7:b8:87:be:64:c6:d4:b8:b8:5f:72:11:
         81:d7:bb:fd:fb:74:d3:b9:ff:89:38:57:cd:5e:74:03:2f:80:
         51:b4:0d:88:fb:ff:09:a3:35:7e:26:13:43:49:0c:a1:6f:b2:
         2e:4a:ff:32:5e:d5:a9:8d:f8:d6:89:c1:0a:d3:21:94:04:45:
         b8:3b:25:3a:ae:28:e0:66:5c:b7:e2:93:19:76:85:b4:78:09:
         0f:b5:e3:d1:f3:db:70:23:ee:3a:7a:8a:f5:d0:2e:12:e9:76:
         01:f5:aa:76:f5:b0:9f:22:40:58:45:25:a1:fd:05:b2:13:d0:
         a9:90:1e:90:4e:fc:25:d8:6b:d9:9b:6b:a1:0d:9f:82:c0:19:
         86:f4:a9:12:ef:2e:eb:28:5d:fc:1c:ed:7a:02:a7:ac:f4:65:
         86:5d:cd:7f:80:70:9b:12:9b:65:fb:20:a7:c9:9f:c5:cf:3f:
         2c:35:c9:45:ef:87:b6:50:00:54:ba:46:d4:63:5c:88:0c:39:
         93:8e:26:92:e6:f6:89:d6:40:6d:51:6f:82:6c:26:18:ac:0f:
         1b:bc:56:1e:76:67:55:61:03:9e:54:0b:3b:41:2a:85:57:6f:
         f4:f5:eb:c9:65:a8:24:b8:10:de:81:dc:50:50:4e:14:5c:cb:
         fe:ec:11:fb
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzJTMjCicoHlyh/6Iw9/HUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjljZGE3YjJlY2I4YWIyNjEzZGViZTE1YmM3ZThhNDU5ZTY4NzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqK//N4+U2mkVvu5diz4sKhBilu0J
TwR7Fu9PE6DjqjfU4FNbJH0U0iB2ApfvnjKJoj079Rdd6O7+dHSbk8+QBIyKMdvT
3djfAp+wxiqEYrB8Dn9prHiKlS5AZRSxczBei7SfuD3baTT2RXgQE5CvO7JI7+bQ
YX9QqYDenzuftHCl46QyyvIyX/20CNkj5y4WDcEmHXPq1EKN2HfDA1Gyq+Lwl7PY
2HFvmh7yBxMxuNSrYnqx6vvd1P8WY1RCsQ4CqC5dGpphoYBYoGTCxjwzl2BfQmZf
X9i7zctLWTsn/S8UahKP5cbexj5p1VQa8Bt24We0T89fFWDmXOmfxotYOwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFCac2nsuy4qyYT3r4VvH6KRZ5ocXMB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvSnB6YWV5N0xpckpoUGV2aFc4Zm9wRm5taHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgKkP5AD
BgQqAqQ/8DANBgkqhkiG9w0BAQsFAAOCAQEACyib9V6jx7iHvmTG1Li4X3IRgde7
/ft007n/iThXzV50Ay+AUbQNiPv/CaM1fiYTQ0kMoW+yLkr/Ml7VqY341onBCtMh
lARFuDslOq4o4GZct+KTGXaFtHgJD7Xj0fPbcCPuOnqK9dAuEul2AfWqdvWwnyJA
WEUlof0FshPQqZAekE78Jdhr2ZtroQ2fgsAZhvSpEu8u6yhd/BztegKnrPRlhl3N
f4BwmxKbZfsgp8mfxc8/LDXJRe+HtlAAVLpG1GNciAw5k44mkub2idZAbVFvgmwm
GKwPG7xWHnZnVWEDnlQLO0EqhVdv9PXryWWoJLgQ3oHcUFBOFFzL/uwR+w==
-----END CERTIFICATE-----