Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/JFyMNggmUl0xfEZpt3nb7EyStwQ.roa
File:                     JFyMNggmUl0xfEZpt3nb7EyStwQ.roa (raw, json)
Hash identifier:          dfxocIqn7rUjXkDRloSWAT2UfkDKSNu4GiqvpBjMgBQ=
Subject key identifier:   24:5C:8C:36:08:26:52:5D:31:7C:46:69:B7:79:DB:EC:4C:92:B7:04
Certificate issuer:       /CN=d367d1635b46b3c2274b287505bbbd7d915dcaf5
Certificate serial:       018CC26D4A5EC3CFE0F34F2CE910D8E3C68A
Authority key identifier: D3:67:D1:63:5B:46:B3:C2:27:4B:28:75:05:BB:BD:7D:91:5D:CA:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02fRY1tGs8InSyh1Bbu9fZFdyvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/JFyMNggmUl0xfEZpt3nb7EyStwQ.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35838
IP address blocks:        2a02:1788::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/02fRY1tGs8InSyh1Bbu9fZFdyvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/02fRY1tGs8InSyh1Bbu9fZFdyvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02fRY1tGs8InSyh1Bbu9fZFdyvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4a:5e:c3:cf:e0:f3:4f:2c:e9:10:d8:e3:c6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d367d1635b46b3c2274b287505bbbd7d915dcaf5
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=245c8c360826525d317c4669b779dbec4c92b704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:28:51:7a:7f:b1:b4:ec:6b:ed:c1:7f:ce:86:
                    50:b3:34:dd:43:97:a2:d4:23:b6:39:7c:2c:73:ef:
                    c9:ab:ba:8a:38:48:99:75:f7:0e:4b:2d:c2:17:44:
                    75:19:19:78:b9:be:08:97:83:1e:84:2b:94:20:78:
                    23:95:e3:82:21:b2:53:0f:91:8a:a8:63:e2:b1:9f:
                    4d:c6:24:0c:43:81:8f:71:df:8f:84:c0:aa:5d:fd:
                    e3:71:8b:69:bf:77:d4:33:86:60:f3:5c:87:83:22:
                    94:4a:b7:13:04:dc:26:e9:64:f2:85:e7:45:c6:62:
                    3c:4b:74:ac:e8:d1:d5:5e:ea:d7:65:bb:b3:02:f8:
                    dc:3d:02:61:15:bf:4b:48:6c:f8:39:e5:44:ef:11:
                    db:2e:c2:13:f4:e1:86:76:ce:48:02:a5:cf:a3:44:
                    83:af:6f:0f:d1:5c:c2:5f:7e:bf:5c:44:20:93:18:
                    02:6f:3e:fe:8b:14:49:1e:06:d8:27:6b:e2:47:32:
                    09:b0:a3:ae:b6:84:71:ad:12:01:5d:f6:ad:4f:d5:
                    ad:9f:39:2f:ae:02:26:39:ea:1f:1c:68:bc:32:86:
                    e4:62:a6:26:25:87:96:8b:27:3f:29:22:13:2d:1a:
                    f3:61:c2:aa:dc:18:65:a0:09:1e:a4:ee:5c:98:59:
                    b8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:5C:8C:36:08:26:52:5D:31:7C:46:69:B7:79:DB:EC:4C:92:B7:04
            X509v3 Authority Key Identifier:
                keyid:D3:67:D1:63:5B:46:B3:C2:27:4B:28:75:05:BB:BD:7D:91:5D:CA:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02fRY1tGs8InSyh1Bbu9fZFdyvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/JFyMNggmUl0xfEZpt3nb7EyStwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/02fRY1tGs8InSyh1Bbu9fZFdyvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1788::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:3a:e0:0f:66:24:ee:79:3b:0d:15:04:80:8c:f3:ea:6d:fd:
         37:e7:85:35:df:81:b9:53:54:14:cf:83:5e:7a:90:15:5f:be:
         99:da:fa:1c:7b:70:f1:a8:09:07:13:48:fa:7a:b8:0a:8f:23:
         aa:ff:bb:01:13:f1:d4:71:73:b2:af:8d:95:5e:c3:2c:df:2b:
         fe:78:f7:6a:00:08:96:56:b2:2f:a0:f5:91:a1:55:f2:98:10:
         d2:90:94:bb:15:85:b1:7d:b7:6f:a8:a8:b7:7e:d1:09:c8:3b:
         e8:01:b4:43:ec:c6:a4:4e:9d:a6:ac:00:27:24:fd:12:08:a6:
         9f:06:2c:00:f4:e5:8f:a1:fd:fa:09:76:70:66:c4:a8:c4:df:
         31:f9:48:fb:8f:c9:22:97:a1:25:71:51:96:01:63:08:7d:cc:
         ab:e3:69:d3:1c:1e:ef:fc:8d:33:34:ea:a2:9c:9c:5d:d2:63:
         e3:98:e9:fb:a5:ec:a6:55:3f:e5:30:f2:46:46:0f:02:98:da:
         e4:5d:dc:d4:e1:6e:73:8c:e5:c0:ef:26:2f:ea:6d:ea:a7:c8:
         ad:d0:82:b9:f8:7e:5d:3c:4b:4d:92:36:fa:a1:4e:d6:35:78:
         13:62:ff:a7:16:89:ea:6d:bf:96:34:e8:c1:f1:0d:0e:dc:e6:
         e1:bb:d5:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbUpew8/g808s6RDY48aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjdkMTYzNWI0NmIzYzIyNzRiMjg3NTA1YmJiZDdkOTE1
ZGNhZjUwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDVjOGMzNjA4MjY1MjVkMzE3YzQ2NjliNzc5ZGJlYzRjOTJiNzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlChRen+xtOxr7cF/zoZQszTdQ5ei
1CO2OXwsc+/Jq7qKOEiZdfcOSy3CF0R1GRl4ub4Il4MehCuUIHgjleOCIbJTD5GK
qGPisZ9NxiQMQ4GPcd+PhMCqXf3jcYtpv3fUM4Zg81yHgyKUSrcTBNwm6WTyhedF
xmI8S3Ss6NHVXurXZbuzAvjcPQJhFb9LSGz4OeVE7xHbLsIT9OGGds5IAqXPo0SD
r28P0VzCX36/XEQgkxgCbz7+ixRJHgbYJ2viRzIJsKOutoRxrRIBXfatT9Wtnzkv
rgImOeofHGi8MobkYqYmJYeWiyc/KSITLRrzYcKq3BhloAkepO5cmFm4uwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCRcjDYIJlJdMXxGabd52+xMkrcEMB8GA1UdIwQY
MBaAFNNn0WNbRrPCJ0sodQW7vX2RXcr1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJmUlkxdEdzOEluU3loMUJidTlmWkZkeXZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy84YThiNGMtOGYxMi00YzhkLThiZTQt
NjliOGQ2YjUzZThjLzEvSkZ5TU5nZ21VbDB4ZkVacHQzbmI3RXlTdHdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy84YThiNGMtOGYxMi00YzhkLThiZTQtNjliOGQ2YjUzZThj
LzEvMDJmUlkxdEdzOEluU3loMUJidTlmWkZkeXZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIXiDAN
BgkqhkiG9w0BAQsFAAOCAQEAHDrgD2Yk7nk7DRUEgIzz6m39N+eFNd+BuVNUFM+D
XnqQFV++mdr6HHtw8agJBxNI+nq4Co8jqv+7ARPx1HFzsq+NlV7DLN8r/nj3agAI
llayL6D1kaFV8pgQ0pCUuxWFsX23b6iot37RCcg76AG0Q+zGpE6dpqwAJyT9Egim
nwYsAPTlj6H9+gl2cGbEqMTfMflI+4/JIpehJXFRlgFjCH3Mq+Np0xwe7/yNMzTq
opycXdJj45jp+6XsplU/5TDyRkYPApja5F3c1OFuc4zlwO8mL+pt6qfIrdCCufh+
XTxLTZI2+qFO1jV4E2L/pxaJ6m2/ljTowfENDtzm4bvVSw==
-----END CERTIFICATE-----