Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/d7KDzD0QjyzlowpKd39DE-cU8OQ.roa
File:                     d7KDzD0QjyzlowpKd39DE-cU8OQ.roa (raw, json)
Hash identifier:          dlpE9YlDg/nLOQvxYu005lyh6h1sbx29iHsQEjIkXQo=
Subject key identifier:   77:B2:83:CC:3D:10:8F:2C:E5:A3:0A:4A:77:7F:43:13:E7:14:F0:E4
Certificate issuer:       /CN=25a89539520004270d34253bdc16d87784156e1a
Certificate serial:       018CC7276504B9F9ED4497A4857A05B882CB
Authority key identifier: 25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/d7KDzD0QjyzlowpKd39DE-cU8OQ.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39227
IP address blocks:        2a00:1f78:fffe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:65:04:b9:f9:ed:44:97:a4:85:7a:05:b8:82:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a89539520004270d34253bdc16d87784156e1a
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77b283cc3d108f2ce5a30a4a777f4313e714f0e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1e:07:dc:3f:24:58:9c:fa:1b:87:3e:c8:d4:
                    9d:f4:50:d8:26:86:b5:85:4d:e5:81:82:59:eb:f1:
                    13:f9:63:4d:36:7e:13:6e:81:c2:94:11:4f:c1:de:
                    36:07:cc:0f:db:f8:d9:14:5e:09:7d:a9:b1:cd:bc:
                    45:8d:76:e1:6b:36:7e:f0:1d:a0:e8:a5:64:c3:47:
                    21:4f:64:9b:ee:67:f8:48:2b:c1:af:25:6c:48:e0:
                    7d:a4:c9:59:71:70:b3:4c:1d:2b:56:20:e8:f6:70:
                    c6:85:1a:e1:41:8e:b0:ba:d6:cd:2e:c2:dc:43:bc:
                    85:ce:89:87:c8:1a:37:de:17:a7:29:08:55:e2:cc:
                    45:4f:aa:15:2d:49:0e:e7:fb:99:f0:43:3e:57:bb:
                    41:86:4a:36:5e:b2:c7:57:34:2a:f1:86:27:3f:ab:
                    aa:6f:16:9d:86:44:60:33:a2:56:db:14:5a:bf:80:
                    21:ae:1c:54:14:03:67:d0:ff:ff:da:80:57:6b:69:
                    b3:fa:98:01:c8:dc:4a:f4:24:99:99:ee:b5:71:2b:
                    d3:00:d4:df:7e:66:c5:56:11:e0:46:6d:22:c3:5c:
                    e2:22:99:dc:43:7d:9d:0d:3f:ce:04:d1:7f:a5:be:
                    c0:d3:0c:7d:e9:68:e5:ad:0a:64:11:06:85:5b:40:
                    06:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B2:83:CC:3D:10:8F:2C:E5:A3:0A:4A:77:7F:43:13:E7:14:F0:E4
            X509v3 Authority Key Identifier:
                keyid:25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/d7KDzD0QjyzlowpKd39DE-cU8OQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1f78:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:a0:a2:e8:f0:63:d5:fe:bd:53:01:37:e8:fd:2e:96:39:ba:
         6e:12:8f:e5:38:e1:80:fd:52:ed:88:f0:ec:e4:04:02:f9:5b:
         04:0d:3f:eb:fd:7b:bd:30:7f:1c:2f:eb:ec:35:23:59:19:a5:
         e5:7a:9a:45:9a:7e:bc:f8:7e:54:7e:cf:09:61:2d:80:9a:d5:
         94:1d:ec:99:5b:a1:f4:b6:81:9c:5e:1a:92:4f:49:12:0b:fe:
         ad:32:14:a3:93:ee:97:4e:15:31:cc:67:c0:d9:b7:7c:1c:cd:
         df:d2:c3:0c:18:0e:4e:9d:09:6b:16:a6:70:47:2b:93:c5:7b:
         93:d0:54:d6:df:05:5b:80:9b:d9:e6:68:d1:c5:45:19:a1:2a:
         2d:4c:82:c9:00:65:84:06:6b:c6:5b:d4:65:5a:40:c3:fd:63:
         f2:aa:6d:8f:43:bd:41:13:8e:54:64:85:7f:90:31:c1:a6:05:
         77:b0:44:30:72:83:3b:49:df:f0:21:d8:5e:7a:bd:8a:de:86:
         36:ca:f7:0e:03:0f:88:ff:c3:f5:da:3f:db:ac:e7:62:27:7e:
         e7:a6:33:54:46:5e:1a:e4:75:4a:13:c3:21:2b:3c:f2:2b:9f:
         e7:e1:81:c1:b6:77:bf:b3:11:87:2a:83:a5:1a:65:37:14:88:
         07:6f:af:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ2UEufntRJekhXoFuILLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTg5NTM5NTIwMDA0MjcwZDM0MjUzYmRjMTZkODc3ODQx
NTZlMWEwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2IyODNjYzNkMTA4ZjJjZTVhMzBhNGE3NzdmNDMxM2U3MTRmMGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx4H3D8kWJz6G4c+yNSd9FDYJoa1
hU3lgYJZ6/ET+WNNNn4TboHClBFPwd42B8wP2/jZFF4JfamxzbxFjXbhazZ+8B2g
6KVkw0chT2Sb7mf4SCvBryVsSOB9pMlZcXCzTB0rViDo9nDGhRrhQY6wutbNLsLc
Q7yFzomHyBo33henKQhV4sxFT6oVLUkO5/uZ8EM+V7tBhko2XrLHVzQq8YYnP6uq
bxadhkRgM6JW2xRav4AhrhxUFANn0P//2oBXa2mz+pgByNxK9CSZme61cSvTANTf
fmbFVhHgRm0iw1ziIpncQ32dDT/OBNF/pb7A0wx96WjlrQpkEQaFW0AGgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHeyg8w9EI8s5aMKSnd/QxPnFPDkMB8GA1UdIwQY
MBaAFCWolTlSAAQnDTQlO9wW2HeEFW4aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgt
ZDAwNTI2YjkxNjA1LzEvZDdLRHpEMFFqeXpsb3dwS2QzOURFLWNVOE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgtZDAwNTI2YjkxNjA1
LzEvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAfeP/+
MA0GCSqGSIb3DQEBCwUAA4IBAQBNoKLo8GPV/r1TATfo/S6WObpuEo/lOOGA/VLt
iPDs5AQC+VsEDT/r/Xu9MH8cL+vsNSNZGaXleppFmn68+H5Ufs8JYS2AmtWUHeyZ
W6H0toGcXhqST0kSC/6tMhSjk+6XThUxzGfA2bd8HM3f0sMMGA5OnQlrFqZwRyuT
xXuT0FTW3wVbgJvZ5mjRxUUZoSotTILJAGWEBmvGW9RlWkDD/WPyqm2PQ71BE45U
ZIV/kDHBpgV3sEQwcoM7Sd/wIdheer2K3oY2yvcOAw+I/8P12j/brOdiJ37npjNU
Rl4a5HVKE8MhKzzyK5/n4YHBtne/sxGHKoOlGmU3FIgHb6/N
-----END CERTIFICATE-----