Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/jFbAcQ2434P_an_poD7av-SwOb0.roa
File:                     jFbAcQ2434P_an_poD7av-SwOb0.roa (raw, json)
Hash identifier:          QoTbflhi1TYLTWg185WrbpJoRJ28O9TLO9VTAsrljmw=
Subject key identifier:   8C:56:C0:71:0D:B8:DF:83:FF:6A:7F:E9:A0:3E:DA:BF:E4:B0:39:BD
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       018F8788407560B697EE5335E71B841B1CC9
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/jFbAcQ2434P_an_poD7av-SwOb0.roa
Signing time:             Fri 17 May 2024 17:10:04 +0000
ROA not before:           Fri 17 May 2024 17:10:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0d:c980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 14:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:87:88:40:75:60:b6:97:ee:53:35:e7:1b:84:1b:1c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: May 17 17:10:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c56c0710db8df83ff6a7fe9a03edabfe4b039bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:7c:ba:0d:fd:41:e5:c1:1e:43:21:f1:1c:
                    f2:84:a7:5c:8d:77:52:e6:59:e1:56:f2:75:bb:61:
                    93:ee:06:58:45:0d:f1:f8:a7:0e:78:05:47:a6:66:
                    0c:fb:09:f8:d2:bf:35:72:e0:33:8f:0b:3c:07:85:
                    d1:19:0f:37:c6:bc:b5:aa:23:3c:12:2a:43:f7:04:
                    e8:e3:5b:28:3f:54:96:35:3e:bd:e3:04:38:d7:36:
                    b9:45:bb:b6:5c:b2:1f:87:da:0a:b2:95:30:01:dd:
                    d4:51:66:00:60:d3:87:b2:c3:3c:64:72:1c:d9:f0:
                    25:cf:6b:33:eb:cc:35:fd:0a:32:a4:f1:45:72:ee:
                    36:48:f2:69:77:95:30:0f:83:92:03:cd:dd:e3:28:
                    79:49:6f:e4:01:37:4e:82:39:37:25:0a:20:71:93:
                    2e:67:d7:3c:64:30:66:06:4c:2e:0c:74:09:8b:8e:
                    6f:6a:30:77:80:40:49:1b:42:ce:ea:1d:e6:fe:d0:
                    c9:fb:c2:73:e1:a6:27:05:0f:e6:56:2e:5b:2d:88:
                    f2:72:1d:df:b5:82:e3:bd:9c:dc:9f:d1:7c:9e:28:
                    f3:11:14:e7:e0:a8:f3:29:00:57:bf:7f:5d:ab:5b:
                    63:6f:90:d2:19:4f:84:29:e9:7a:d8:8f:bf:2f:ed:
                    44:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:56:C0:71:0D:B8:DF:83:FF:6A:7F:E9:A0:3E:DA:BF:E4:B0:39:BD
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/jFbAcQ2434P_an_poD7av-SwOb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:c980::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:c5:9f:41:2c:b5:2c:e5:1b:05:98:4d:71:e0:71:e8:9b:e4:
         42:24:98:3b:c6:8d:93:90:99:f9:ec:32:e0:40:c8:58:6d:f6:
         de:ed:1b:c4:ed:58:09:62:9c:77:79:ad:90:89:d4:17:c4:39:
         4f:8a:aa:96:62:23:83:4f:c3:86:0f:43:27:20:35:a3:9b:0f:
         95:16:0b:aa:34:38:fe:d3:82:3e:23:93:15:1e:57:51:e9:d2:
         27:31:e2:06:9c:fd:05:86:69:bd:11:2a:9e:0d:88:58:c2:08:
         7e:2f:93:02:92:d2:a7:73:38:17:66:b5:5c:9e:39:b4:04:82:
         a8:27:3d:b6:d0:68:63:52:19:4a:b1:9e:f0:a0:b9:f7:58:cd:
         d8:4f:44:70:cc:61:f4:d4:16:17:be:e7:e7:84:9e:c1:e8:7e:
         d9:ea:85:bd:8c:ca:e0:71:aa:8f:fb:e8:d8:88:61:ab:90:e2:
         6d:f9:ed:63:69:78:28:0e:98:6c:ad:0c:3a:4f:32:61:5d:bc:
         27:90:c2:14:da:7c:10:87:bc:51:5e:4f:b6:4a:f5:11:98:1d:
         2a:5b:38:94:2f:3a:04:5f:13:71:8c:41:ac:08:c0:be:3e:ce:
         cd:63:40:34:69:8f:6f:4d:3d:7b:0e:4e:7c:74:c8:ea:94:8e:
         b2:35:af:14
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY+HiEB1YLaX7lM15xuEGxzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjQwNTE3MTcxMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzU2YzA3MTBkYjhkZjgzZmY2YTdmZTlhMDNlZGFiZmU0YjAzOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1h8ug39QeXBHkMh8RzyhKdcjXdS
5lnhVvJ1u2GT7gZYRQ3x+KcOeAVHpmYM+wn40r81cuAzjws8B4XRGQ83xry1qiM8
EipD9wTo41soP1SWNT694wQ41za5Rbu2XLIfh9oKspUwAd3UUWYAYNOHssM8ZHIc
2fAlz2sz68w1/QoypPFFcu42SPJpd5UwD4OSA83d4yh5SW/kATdOgjk3JQogcZMu
Z9c8ZDBmBkwuDHQJi45vajB3gEBJG0LO6h3m/tDJ+8Jz4aYnBQ/mVi5bLYjych3f
tYLjvZzcn9F8nijzERTn4KjzKQBXv39dq1tjb5DSGU+EKel62I+/L+1EqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIxWwHENuN+D/2p/6aA+2r/ksDm9MB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvakZiQWNRMjQzNFBfYW5fcG9EN2F2LVN3T2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg3JgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJ8WfQSy1LOUbBZhNceBx6JvkQiSYO8aNk5CZ+ewy
4EDIWG323u0bxO1YCWKcd3mtkInUF8Q5T4qqlmIjg0/Dhg9DJyA1o5sPlRYLqjQ4
/tOCPiOTFR5XUenSJzHiBpz9BYZpvREqng2IWMIIfi+TApLSp3M4F2a1XJ45tASC
qCc9ttBoY1IZSrGe8KC591jN2E9EcMxh9NQWF77n54Seweh+2eqFvYzK4HGqj/vo
2Ihhq5DibfntY2l4KA6YbK0MOk8yYV28J5DCFNp8EIe8UV5Ptkr1EZgdKls4lC86
BF8TcYxBrAjAvj7OzWNANGmPb009ew5OfHTI6pSOsjWvFA==
-----END CERTIFICATE-----