Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/JjcnCrAAiOsbtS7AQ5Vn8A4gz1M.roa
File:                     JjcnCrAAiOsbtS7AQ5Vn8A4gz1M.roa (raw, json)
Hash identifier:          Bl/z5aP7DAGwrycXozMkXlfeTf64sYGT5hnwhdq38jQ=
Subject key identifier:   26:37:27:0A:B0:00:88:EB:1B:B5:2E:C0:43:95:67:F0:0E:20:CF:53
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       019450126B6DEDB5D753C97C2BDB61BAC850
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/JjcnCrAAiOsbtS7AQ5Vn8A4gz1M.roa
Signing time:             Fri 10 Jan 2025 11:56:11 +0000
ROA not before:           Fri 10 Jan 2025 11:56:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212396
IP address blocks:        2a03:ee40:753::/48 maxlen: 48
                          2a03:ee40:7531::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:50:12:6b:6d:ed:b5:d7:53:c9:7c:2b:db:61:ba:c8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Jan 10 11:56:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2637270ab00088eb1bb52ec0439567f00e20cf53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5c:ce:32:cc:78:37:c3:25:8a:4a:95:a7:22:
                    a8:05:46:57:d5:d4:45:1b:b6:1b:9c:1c:7f:e8:05:
                    25:df:10:0f:3b:c2:29:29:7a:a6:9e:08:f8:68:ff:
                    79:05:aa:07:19:c4:4b:93:7a:8e:d5:7e:56:19:b7:
                    4c:e6:04:72:cd:6c:5e:3f:d3:f6:02:e2:82:1e:97:
                    36:f6:b1:fb:dd:72:b7:7f:83:7f:a3:7b:3e:ba:44:
                    7c:77:70:cc:d5:35:3f:88:69:f3:2b:25:3a:b3:15:
                    d7:b8:89:82:2e:7b:0a:68:c0:d6:91:11:88:92:97:
                    b9:77:47:26:53:a9:2a:35:2a:ed:14:02:4c:ec:e3:
                    03:3a:35:ec:6e:3c:50:b2:36:bd:9e:ec:d1:c3:66:
                    68:40:8f:23:fa:da:9a:e1:5e:8f:73:f6:ac:a6:84:
                    a7:fb:06:9f:c3:1e:ce:c5:4e:7b:3b:52:7c:97:d6:
                    1f:f8:41:45:fb:45:20:e8:2c:25:9e:ec:32:50:d8:
                    71:6e:86:59:6c:16:c5:e9:48:96:5e:6b:a2:c0:43:
                    45:86:f4:2b:46:76:39:0e:c8:83:bf:e3:64:98:3e:
                    52:53:0a:5a:5c:ab:30:5e:33:bc:18:2e:86:7b:1b:
                    0f:48:63:45:59:e6:e3:40:0f:d9:1f:4f:4e:81:0b:
                    df:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:37:27:0A:B0:00:88:EB:1B:B5:2E:C0:43:95:67:F0:0E:20:CF:53
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/JjcnCrAAiOsbtS7AQ5Vn8A4gz1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:ee40:753::/48
                  2a03:ee40:7531::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:47:64:82:b6:a9:f4:8b:7c:dc:62:2f:d6:d3:3a:d6:9a:2b:
         e0:92:18:29:22:13:35:cb:3c:67:4f:a5:b6:a0:12:26:a6:07:
         c7:ba:f6:df:dc:72:09:10:8c:e9:69:e5:21:08:fa:71:11:30:
         81:4c:e2:c1:da:b3:ef:5d:c3:99:45:71:46:45:a9:46:7f:e9:
         df:fd:09:9e:2b:83:e8:c8:41:ab:83:78:5d:90:22:29:35:35:
         32:b4:6d:d5:99:b7:4d:c0:cf:14:08:a0:8a:bf:95:aa:9d:d4:
         6e:09:5f:21:72:00:b2:cd:30:95:a8:09:f5:eb:96:7e:3e:7e:
         ef:01:a2:2b:cd:59:b1:fe:27:7b:80:fe:95:af:2b:e8:ad:90:
         4d:04:6a:d5:75:de:fb:54:57:28:39:6d:7a:4e:94:d3:26:0e:
         f9:f6:29:01:d3:c9:08:eb:de:b7:57:c4:00:f2:a9:a2:bb:db:
         04:1e:65:52:d7:30:1c:4b:2c:10:6e:fd:c2:87:c2:c0:40:21:
         38:d9:2b:14:ab:a6:29:c8:34:a5:e3:b7:12:57:e9:47:0d:07:
         9e:e1:48:78:76:19:80:87:be:62:cd:43:fe:cf:a8:07:40:db:
         ff:38:b6:86:2b:da:bd:47:08:74:c2:f3:7a:43:7c:dd:be:b5:
         a8:dd:56:36
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRQEmtt7bXXU8l8K9thushQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjUwMTEwMTE1NjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjM3MjcwYWIwMDA4OGViMWJiNTJlYzA0Mzk1NjdmMDBlMjBjZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VzOMsx4N8MlikqVpyKoBUZX1dRF
G7YbnBx/6AUl3xAPO8IpKXqmngj4aP95BaoHGcRLk3qO1X5WGbdM5gRyzWxeP9P2
AuKCHpc29rH73XK3f4N/o3s+ukR8d3DM1TU/iGnzKyU6sxXXuImCLnsKaMDWkRGI
kpe5d0cmU6kqNSrtFAJM7OMDOjXsbjxQsja9nuzRw2ZoQI8j+tqa4V6Pc/aspoSn
+wafwx7OxU57O1J8l9Yf+EFF+0Ug6CwlnuwyUNhxboZZbBbF6UiWXmuiwENFhvQr
RnY5DsiDv+NkmD5SUwpaXKswXjO8GC6GexsPSGNFWebjQA/ZH09OgQvfYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCY3JwqwAIjrG7UuwEOVZ/AOIM9TMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvSmpjbkNyQUFpT3NidFM3QVE1Vm44QTRnejFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgPuQAdT
AwcAKgPuQHUxMA0GCSqGSIb3DQEBCwUAA4IBAQARR2SCtqn0i3zcYi/W0zrWmivg
khgpIhM1yzxnT6W2oBImpgfHuvbf3HIJEIzpaeUhCPpxETCBTOLB2rPvXcOZRXFG
RalGf+nf/QmeK4PoyEGrg3hdkCIpNTUytG3VmbdNwM8UCKCKv5WqndRuCV8hcgCy
zTCVqAn165Z+Pn7vAaIrzVmx/id7gP6VryvorZBNBGrVdd77VFcoOW16TpTTJg75
9ikB08kI6963V8QA8qmiu9sEHmVS1zAcSywQbv3Ch8LAQCE42SsUq6YpyDSl47cS
V+lHDQee4Uh4dhmAh75izUP+z6gHQNv/OLaGK9q9Rwh0wvN6Q3zdvrWo3VY2
-----END CERTIFICATE-----