Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/dJa-2FiaALFLMBpDHuBQtmSlsBc.roa
File:                     dJa-2FiaALFLMBpDHuBQtmSlsBc.roa (raw, json)
Hash identifier:          CngtiWNygsdS36V8QM4wiI4ejTCC6rxhb91C4CA5J1k=
Subject key identifier:   74:96:BE:D8:58:9A:00:B1:4B:30:1A:43:1E:E0:50:B6:64:A5:B0:17
Certificate issuer:       /CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
Certificate serial:       018D88CC222A71CBDB877536798D130FD4A5
Authority key identifier: D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/dJa-2FiaALFLMBpDHuBQtmSlsBc.roa
Signing time:             Thu 08 Feb 2024 12:58:15 +0000
ROA not before:           Thu 08 Feb 2024 12:58:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:67c:21e4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:cc:22:2a:71:cb:db:87:75:36:79:8d:13:0f:d4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
        Validity
            Not Before: Feb  8 12:58:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7496bed8589a00b14b301a431ee050b664a5b017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:52:87:a2:3e:71:11:ed:aa:98:2d:da:86:a1:
                    b1:29:6d:b6:36:53:10:6e:0d:f9:dd:d4:d2:52:c1:
                    7c:64:a1:d9:a9:8b:46:56:97:96:21:a8:42:08:19:
                    41:0e:2c:05:40:2f:06:46:37:1f:30:27:dd:21:f9:
                    7f:87:00:11:d9:ab:73:3a:68:0b:62:08:5b:e8:12:
                    9b:96:5a:09:19:de:5d:59:75:cf:00:f4:7e:f8:12:
                    05:bd:da:a8:65:98:63:eb:c4:45:a8:83:a8:75:8e:
                    e6:ec:52:de:07:2c:62:f4:8f:e4:63:6f:5b:a1:dd:
                    9c:29:d9:34:1b:2b:08:0b:69:17:30:dd:6e:4c:13:
                    48:27:7e:56:1e:d7:01:6b:63:11:d6:68:f1:56:03:
                    c0:a1:8b:70:76:3c:f9:a0:83:fa:f3:fc:ab:31:b2:
                    c0:61:66:11:30:15:8a:1b:99:af:84:0c:ef:57:28:
                    b9:02:ca:28:39:b8:89:a4:6c:6a:aa:be:9f:77:6c:
                    e4:ab:80:15:1d:2d:bc:df:c8:08:74:75:b8:3e:1c:
                    18:0b:b2:7c:b7:75:84:20:97:56:aa:34:00:88:d7:
                    52:f7:01:80:5f:db:d6:5f:03:13:f3:3d:45:c8:8e:
                    00:e6:c5:c3:4a:d3:aa:42:02:74:c2:cf:4e:6d:48:
                    d2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:96:BE:D8:58:9A:00:B1:4B:30:1A:43:1E:E0:50:B6:64:A5:B0:17
            X509v3 Authority Key Identifier:
                keyid:D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/dJa-2FiaALFLMBpDHuBQtmSlsBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:4a:e2:83:37:87:a1:40:9d:7f:8b:c2:41:f9:14:7c:b9:66:
         ce:60:8d:d1:28:39:80:c3:46:a7:ca:e6:86:ed:3c:c9:ae:36:
         00:7a:8f:81:56:93:31:8c:70:87:5b:af:9c:ca:2e:f9:4e:e8:
         19:6c:fa:e3:70:06:05:29:81:c0:11:7c:1a:71:84:fc:01:e7:
         53:2f:20:b5:26:4c:5d:99:9a:58:8f:40:8e:b1:91:54:a0:9f:
         34:64:ba:fd:d1:a5:00:c9:15:16:97:d8:93:41:86:b3:7f:4c:
         bb:1b:38:83:5d:7f:73:23:a0:7a:9c:2c:7a:d2:84:f6:10:31:
         23:d2:87:85:1e:0c:90:06:c5:dc:3e:27:9d:2f:62:f1:a7:cf:
         f1:73:99:41:e8:79:0e:ed:98:68:51:f9:82:c3:23:72:49:c2:
         13:45:dd:df:a1:03:5c:d9:a6:10:ae:aa:c4:f1:6b:33:e8:56:
         bb:d3:dc:a2:be:3e:0c:2e:65:ca:5d:7b:23:36:ed:a5:00:a9:
         6c:0e:b7:ef:7f:41:c1:63:a4:29:24:78:0b:4d:64:b3:16:72:
         52:07:61:bf:85:e5:87:49:5d:4a:aa:08:4c:59:fa:5e:dc:17:
         8a:f5:5c:82:2f:3a:18:fd:be:e0:ae:8b:68:1e:99:88:14:6b:
         42:a1:4b:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2IzCIqccvbh3U2eY0TD9SlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNDMyMmIyZDBhNzk0ZmQwNzZiODVlOGRjNTc4YWJiMGQw
M2VjNDAwHhcNMjQwMjA4MTI1ODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDk2YmVkODU4OWEwMGIxNGIzMDFhNDMxZWUwNTBiNjY0YTViMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVKHoj5xEe2qmC3ahqGxKW22NlMQ
bg353dTSUsF8ZKHZqYtGVpeWIahCCBlBDiwFQC8GRjcfMCfdIfl/hwAR2atzOmgL
Yghb6BKblloJGd5dWXXPAPR++BIFvdqoZZhj68RFqIOodY7m7FLeByxi9I/kY29b
od2cKdk0GysIC2kXMN1uTBNIJ35WHtcBa2MR1mjxVgPAoYtwdjz5oIP68/yrMbLA
YWYRMBWKG5mvhAzvVyi5AsooObiJpGxqqr6fd2zkq4AVHS2838gIdHW4PhwYC7J8
t3WEIJdWqjQAiNdS9wGAX9vWXwMT8z1FyI4A5sXDStOqQgJ0ws9ObUjSzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHSWvthYmgCxSzAaQx7gULZkpbAXMB8GA1UdIwQY
MBaAFNJDIrLQp5T9B2uF6NxXirsNA+xAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmIt
MTM5YTQ5NmNkNTljLzEvZEphLTJGaWFBTEZMTUJwREh1QlF0bVNsc0JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmItMTM5YTQ5NmNkNTlj
LzEvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCHk
MA0GCSqGSIb3DQEBCwUAA4IBAQArSuKDN4ehQJ1/i8JB+RR8uWbOYI3RKDmAw0an
yuaG7TzJrjYAeo+BVpMxjHCHW6+cyi75TugZbPrjcAYFKYHAEXwacYT8AedTLyC1
JkxdmZpYj0COsZFUoJ80ZLr90aUAyRUWl9iTQYazf0y7GziDXX9zI6B6nCx60oT2
EDEj0oeFHgyQBsXcPiedL2Lxp8/xc5lB6HkO7ZhoUfmCwyNyScITRd3foQNc2aYQ
rqrE8Wsz6Fa709yivj4MLmXKXXsjNu2lAKlsDrfvf0HBY6QpJHgLTWSzFnJSB2G/
heWHSV1KqghMWfpe3BeK9VyCLzoY/b7grotoHpmIFGtCoUtF
-----END CERTIFICATE-----