Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/j2u66JaywmoFYWfPIADVdkPFJQ0.roa
File:                     j2u66JaywmoFYWfPIADVdkPFJQ0.roa (raw, json)
Hash identifier:          Em5MQjkqzDdxE+eTy+VgcmbQciK3FMpXD4JxzeW/9JQ=
Subject key identifier:   8F:6B:BA:E8:96:B2:C2:6A:05:61:67:CF:20:00:D5:76:43:C5:25:0D
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF3508416492B3072421FC7E29363
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/j2u66JaywmoFYWfPIADVdkPFJQ0.roa
Signing time:             Mon 01 Jan 2024 16:30:40 +0000
ROA not before:           Mon 01 Jan 2024 16:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7603
IP address blocks:        2a0f:607:1300::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f3:50:84:16:49:2b:30:72:42:1f:c7:e2:93:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f6bbae896b2c26a056167cf2000d57643c5250d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6e:8e:b1:6d:f0:d0:89:14:9c:1e:a3:cc:4f:
                    32:a4:ad:0b:cc:53:6b:9e:a0:d0:3a:d0:13:fe:b9:
                    99:17:bb:1e:48:16:40:ad:f9:7e:1f:da:aa:fb:56:
                    e6:e6:0a:b8:50:f9:ed:b5:95:90:23:d2:10:d9:aa:
                    c2:5a:e0:17:78:d7:9e:c3:c3:c8:51:87:3c:3e:9c:
                    8c:49:ca:1f:9a:1f:01:0a:2e:8f:20:b1:64:4a:0e:
                    ca:1c:3c:6e:92:6d:1c:49:a0:bf:de:72:c8:51:b4:
                    81:83:87:dd:b7:58:85:ad:9a:81:54:79:63:85:a1:
                    bc:d2:0a:65:de:67:83:d3:27:e8:53:bd:16:23:f5:
                    4b:3b:3f:05:37:b2:2d:08:52:b2:31:6a:ab:05:d4:
                    37:84:3d:f0:68:63:0a:2f:76:39:f2:f9:f5:9c:78:
                    a7:95:27:9f:b1:1f:f5:58:43:52:a9:b7:87:81:dc:
                    07:8e:6b:32:db:f3:5a:9a:bc:72:8c:44:25:0c:57:
                    11:11:f5:4a:b5:7e:6b:57:3f:f1:7f:2c:d6:07:7e:
                    87:9c:e6:9f:a8:7b:b8:53:03:7e:cd:6f:4d:ad:73:
                    6c:98:df:62:7f:03:a8:ab:5f:17:61:4e:c6:f1:e6:
                    89:57:f6:8f:8a:d2:f5:ee:b3:78:2a:0f:98:49:e4:
                    6e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:6B:BA:E8:96:B2:C2:6A:05:61:67:CF:20:00:D5:76:43:C5:25:0D
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/j2u66JaywmoFYWfPIADVdkPFJQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1300::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:2e:2a:28:7d:7e:95:70:3e:9d:d6:f1:aa:1c:1b:2c:45:08:
         85:c7:f7:49:58:64:1d:30:8d:1e:30:f0:63:e1:ed:4e:79:a4:
         22:b8:96:a1:5e:a1:13:22:dc:b4:17:2e:19:28:44:4c:af:44:
         e8:cb:82:f1:54:5d:51:32:bb:7f:2d:1f:63:86:80:69:85:70:
         b9:9c:06:af:7c:8b:8e:83:35:09:1d:8d:14:ae:d7:17:1c:cc:
         fb:15:65:f0:e5:43:ef:cc:e2:c7:f3:a9:3e:27:da:8d:c9:e2:
         43:3a:4c:35:6f:ef:ed:3a:4a:97:b9:74:71:5a:9a:07:b7:9b:
         2e:45:5b:42:a4:a5:86:b3:af:b1:02:07:a1:9a:b3:db:2c:99:
         89:aa:03:1a:9e:96:2b:d7:9e:57:34:dd:5c:c4:48:2e:22:63:
         40:c7:d2:4a:32:14:ca:4a:a5:27:0f:3b:cc:01:39:30:02:39:
         a5:d4:01:22:11:08:d3:9b:ad:74:dd:09:f2:c8:ef:89:98:3e:
         0b:75:fd:6e:cd:b8:ad:d5:dd:cc:e3:23:af:29:51:f2:09:85:
         c7:e3:44:17:aa:09:1c:70:2e:18:1d:e1:c5:ec:21:22:53:63:
         47:c5:e9:6a:e2:9c:18:5f:ef:b0:e1:5d:fc:d5:e9:cd:65:bd:
         9f:ce:13:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PNQhBZJKzByQh/H4pNjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjZiYmFlODk2YjJjMjZhMDU2MTY3Y2YyMDAwZDU3NjQzYzUyNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG6OsW3w0IkUnB6jzE8ypK0LzFNr
nqDQOtAT/rmZF7seSBZArfl+H9qq+1bm5gq4UPnttZWQI9IQ2arCWuAXeNeew8PI
UYc8PpyMScofmh8BCi6PILFkSg7KHDxukm0cSaC/3nLIUbSBg4fdt1iFrZqBVHlj
haG80gpl3meD0yfoU70WI/VLOz8FN7ItCFKyMWqrBdQ3hD3waGMKL3Y58vn1nHin
lSefsR/1WENSqbeHgdwHjmsy2/NamrxyjEQlDFcREfVKtX5rVz/xfyzWB36HnOaf
qHu4UwN+zW9NrXNsmN9ifwOoq18XYU7G8eaJV/aPitL17rN4Kg+YSeRu7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI9ruuiWssJqBWFnzyAA1XZDxSUNMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvajJ1NjZKYXl3bW9GWVdmUElBRFZka1BGSlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxMA
MA0GCSqGSIb3DQEBCwUAA4IBAQAqLioofX6VcD6d1vGqHBssRQiFx/dJWGQdMI0e
MPBj4e1OeaQiuJahXqETIty0Fy4ZKERMr0Toy4LxVF1RMrt/LR9jhoBphXC5nAav
fIuOgzUJHY0UrtcXHMz7FWXw5UPvzOLH86k+J9qNyeJDOkw1b+/tOkqXuXRxWpoH
t5suRVtCpKWGs6+xAgehmrPbLJmJqgManpYr155XNN1cxEguImNAx9JKMhTKSqUn
DzvMATkwAjml1AEiEQjTm6103QnyyO+JmD4Ldf1uzbit1d3M4yOvKVHyCYXH40QX
qgkccC4YHeHF7CEiU2NHxelq4pwYX++w4V381enNZb2fzhOF
-----END CERTIFICATE-----