Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/439285-722a-42df-b185-303151d76ace/1/J1F-UaHfYAClgmD-n-h_bemva1g.roa
File:                     J1F-UaHfYAClgmD-n-h_bemva1g.roa (raw, json)
Hash identifier:          LkkLFeCVLkb+GZvSdm+hQS9Yt//NS73l5BEh3ajjGOM=
Subject key identifier:   27:51:7E:51:A1:DF:60:00:A5:82:60:FE:9F:E8:7F:6D:E9:AF:6B:58
Certificate issuer:       /CN=5476c3ca780cc57744adbe90a0f394f1d1cd72f3
Certificate serial:       01942444C4C4B9E1FE98088E5021239A088A
Authority key identifier: 54:76:C3:CA:78:0C:C5:77:44:AD:BE:90:A0:F3:94:F1:D1:CD:72:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VHbDyngMxXdErb6QoPOU8dHNcvM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/439285-722a-42df-b185-303151d76ace/1/J1F-UaHfYAClgmD-n-h_bemva1g.roa
Signing time:             Wed 01 Jan 2025 23:47:54 +0000
ROA not before:           Wed 01 Jan 2025 23:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13023
IP address blocks:        2a0b:2bc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/439285-722a-42df-b185-303151d76ace/1/VHbDyngMxXdErb6QoPOU8dHNcvM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/439285-722a-42df-b185-303151d76ace/1/VHbDyngMxXdErb6QoPOU8dHNcvM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VHbDyngMxXdErb6QoPOU8dHNcvM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:c4:c4:b9:e1:fe:98:08:8e:50:21:23:9a:08:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5476c3ca780cc57744adbe90a0f394f1d1cd72f3
        Validity
            Not Before: Jan  1 23:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27517e51a1df6000a58260fe9fe87f6de9af6b58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0f:c7:40:4a:33:9b:40:d2:5e:27:2c:35:6a:
                    5c:f6:dc:ad:3b:00:65:c7:a5:1c:26:e4:37:98:04:
                    e4:b0:8f:33:dc:8e:0d:ef:4e:99:b6:30:dc:59:c7:
                    f8:f5:70:6c:84:71:21:4f:79:57:32:6d:8b:18:3f:
                    84:3d:8f:93:08:67:25:6c:bc:b9:8c:9d:9b:7b:36:
                    f8:a9:ee:d1:2e:fb:3b:f0:ac:81:ba:42:a8:8d:f8:
                    a3:b8:c9:0c:12:0b:f2:dd:7e:b6:ff:0d:3f:24:f8:
                    03:40:13:ff:18:14:6a:c2:88:a3:99:63:61:58:b3:
                    5a:ed:9c:14:3b:69:d2:dc:a4:52:c1:50:ce:0d:b1:
                    a9:d1:4e:f5:63:f3:18:d2:01:f0:b1:d3:46:ac:07:
                    df:35:0d:7e:91:f3:06:bb:6f:00:9d:9a:8a:90:05:
                    f0:88:27:c2:e3:93:e3:51:a0:5a:99:3a:a5:22:63:
                    af:89:7b:7d:85:b9:00:9e:45:2b:8d:6b:64:b3:a0:
                    7d:52:8b:1e:71:cb:eb:32:07:cb:17:4f:16:6d:f6:
                    f3:11:b8:ee:bf:12:1c:b1:75:57:5e:73:a7:5d:93:
                    d5:3e:76:7c:e2:c4:a3:f8:f1:09:9b:9c:e0:64:ec:
                    aa:68:8c:ec:7d:bb:54:db:a3:05:9e:b0:79:a3:c4:
                    31:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:51:7E:51:A1:DF:60:00:A5:82:60:FE:9F:E8:7F:6D:E9:AF:6B:58
            X509v3 Authority Key Identifier:
                keyid:54:76:C3:CA:78:0C:C5:77:44:AD:BE:90:A0:F3:94:F1:D1:CD:72:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHbDyngMxXdErb6QoPOU8dHNcvM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/439285-722a-42df-b185-303151d76ace/1/J1F-UaHfYAClgmD-n-h_bemva1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/439285-722a-42df-b185-303151d76ace/1/VHbDyngMxXdErb6QoPOU8dHNcvM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:c2:5d:23:82:63:57:e5:8d:be:40:5c:02:9a:45:d7:e8:0c:
         c7:1c:49:2b:9a:01:9b:c3:20:ec:b0:23:c5:0b:09:c5:20:2f:
         86:d1:fb:8f:51:26:fd:22:f5:5e:b5:d9:04:0a:dc:d5:bc:00:
         72:0a:56:7e:44:34:60:9e:b4:53:f7:28:7d:5a:f9:c0:f7:3e:
         b4:9c:d2:11:d7:31:63:4f:65:ca:3a:96:a7:87:e9:05:81:61:
         d3:09:ea:d9:ba:60:a4:f3:3d:3e:a6:7a:dc:7b:a0:69:e0:3a:
         7d:72:6b:a7:76:d0:ba:d8:b4:9f:bd:48:bc:69:9f:45:9b:9e:
         f7:a2:bd:41:4c:f8:73:9c:59:49:df:51:90:22:3c:d3:84:07:
         5a:7d:6a:6b:9a:4c:35:4c:b3:eb:b1:e9:c8:92:3a:d6:72:60:
         43:3d:17:b2:7b:4f:15:bc:98:a1:09:7d:ff:6b:c1:67:e3:d6:
         f9:4b:67:1d:96:a9:f9:63:7c:f2:3e:60:27:a3:e9:b2:09:59:
         60:a1:bf:59:1d:b5:86:bd:b4:f5:83:fc:d4:44:b2:9f:d6:e7:
         eb:4b:c6:1a:8b:da:7c:13:91:e9:b1:0e:85:b8:08:a1:d5:f6:
         35:dd:f6:8c:8d:0e:42:48:4e:cb:31:a7:ce:e3:73:b3:c2:4d:
         34:30:36:76
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRMTEueH+mAiOUCEjmgiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NzZjM2NhNzgwY2M1Nzc0NGFkYmU5MGEwZjM5NGYxZDFj
ZDcyZjMwHhcNMjUwMTAxMjM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzUxN2U1MWExZGY2MDAwYTU4MjYwZmU5ZmU4N2Y2ZGU5YWY2YjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ/HQEozm0DSXicsNWpc9tytOwBl
x6UcJuQ3mATksI8z3I4N706ZtjDcWcf49XBshHEhT3lXMm2LGD+EPY+TCGclbLy5
jJ2bezb4qe7RLvs78KyBukKojfijuMkMEgvy3X62/w0/JPgDQBP/GBRqwoijmWNh
WLNa7ZwUO2nS3KRSwVDODbGp0U71Y/MY0gHwsdNGrAffNQ1+kfMGu28AnZqKkAXw
iCfC45PjUaBamTqlImOviXt9hbkAnkUrjWtks6B9UoseccvrMgfLF08WbfbzEbju
vxIcsXVXXnOnXZPVPnZ84sSj+PEJm5zgZOyqaIzsfbtU26MFnrB5o8QxZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCdRflGh32AApYJg/p/of23pr2tYMB8GA1UdIwQY
MBaAFFR2w8p4DMV3RK2+kKDzlPHRzXLzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkhiRHluZ014WGRFcmI2UW9QT1U4ZEhOY3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi80MzkyODUtNzIyYS00MmRmLWIxODUt
MzAzMTUxZDc2YWNlLzEvSjFGLVVhSGZZQUNsZ21ELW4taF9iZW12YTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi80MzkyODUtNzIyYS00MmRmLWIxODUtMzAzMTUxZDc2YWNl
LzEvVkhiRHluZ014WGRFcmI2UW9QT1U4ZEhOY3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsrwDAN
BgkqhkiG9w0BAQsFAAOCAQEAO8JdI4JjV+WNvkBcAppF1+gMxxxJK5oBm8Mg7LAj
xQsJxSAvhtH7j1Em/SL1XrXZBArc1bwAcgpWfkQ0YJ60U/cofVr5wPc+tJzSEdcx
Y09lyjqWp4fpBYFh0wnq2bpgpPM9PqZ63HugaeA6fXJrp3bQuti0n71IvGmfRZue
96K9QUz4c5xZSd9RkCI804QHWn1qa5pMNUyz67HpyJI61nJgQz0XsntPFbyYoQl9
/2vBZ+PW+UtnHZap+WN88j5gJ6PpsglZYKG/WR21hr209YP81ESyn9bn60vGGova
fBOR6bEOhbgIodX2Nd32jI0OQkhOyzGnzuNzs8JNNDA2dg==
-----END CERTIFICATE-----