Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/JnuJPNKDRlb2L0YKWt3K0sNgdFo.roa
File:                     JnuJPNKDRlb2L0YKWt3K0sNgdFo.roa (raw, json)
Hash identifier:          2Ts6H/mRjdivag20NSPyjt6eyqJLYL6XSUU64Mplv1c=
Subject key identifier:   26:7B:89:3C:D2:83:46:56:F6:2F:46:0A:5A:DD:CA:D2:C3:60:74:5A
Certificate issuer:       /CN=e04b28a19dbf534ad61cb049986e5424c3284de2
Certificate serial:       019044BBC434024A7789C17B3D7FDDE7EA36
Authority key identifier: E0:4B:28:A1:9D:BF:53:4A:D6:1C:B0:49:98:6E:54:24:C3:28:4D:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4EsooZ2_U0rWHLBJmG5UJMMoTeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/JnuJPNKDRlb2L0YKWt3K0sNgdFo.roa
Signing time:             Sun 23 Jun 2024 10:54:34 +0000
ROA not before:           Sun 23 Jun 2024 10:54:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212495
IP address blocks:        2001:678:e98::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/4EsooZ2_U0rWHLBJmG5UJMMoTeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/4EsooZ2_U0rWHLBJmG5UJMMoTeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4EsooZ2_U0rWHLBJmG5UJMMoTeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:44:bb:c4:34:02:4a:77:89:c1:7b:3d:7f:dd:e7:ea:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e04b28a19dbf534ad61cb049986e5424c3284de2
        Validity
            Not Before: Jun 23 10:54:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=267b893cd2834656f62f460a5addcad2c360745a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:21:8b:b5:89:d2:25:6c:3c:a3:57:d8:02:8d:
                    d1:9c:e8:9e:96:73:9a:39:82:b0:d5:41:26:b8:33:
                    0b:c7:60:ce:62:0d:87:87:2d:f7:7a:4f:f7:90:85:
                    8f:5f:af:df:e5:f7:e2:e8:09:e6:1f:e6:66:94:34:
                    8d:2e:e5:6d:e5:2f:03:68:73:60:56:bc:2c:d0:7f:
                    65:b4:85:2b:5e:46:2b:09:dc:87:30:b8:8a:ae:8a:
                    96:eb:ad:02:92:6a:f5:a9:88:da:e4:94:70:21:fb:
                    be:53:d8:21:30:8d:59:12:69:b2:6f:22:ab:5f:f0:
                    8d:8d:8c:02:da:04:75:e5:4c:90:5b:15:2b:57:d5:
                    f5:82:42:91:73:22:cb:38:4b:8c:fe:e1:1c:d0:eb:
                    a8:2f:36:83:f6:d8:3a:24:f8:39:d9:43:17:4a:6a:
                    ce:ca:9d:e9:ee:eb:23:f9:85:de:fa:2f:3b:45:1e:
                    d2:48:55:21:c2:05:1e:fc:e8:3d:b7:76:d2:bc:24:
                    3a:0b:5b:8f:d3:43:69:1d:7b:82:1c:cc:90:9d:e1:
                    59:8f:aa:33:5d:af:72:c3:6f:d4:b5:b4:71:d5:8b:
                    a8:69:e6:17:f8:65:73:f1:b7:3b:8e:34:24:34:48:
                    8b:18:6f:27:45:59:5b:05:39:34:07:40:83:47:57:
                    63:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7B:89:3C:D2:83:46:56:F6:2F:46:0A:5A:DD:CA:D2:C3:60:74:5A
            X509v3 Authority Key Identifier:
                keyid:E0:4B:28:A1:9D:BF:53:4A:D6:1C:B0:49:98:6E:54:24:C3:28:4D:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4EsooZ2_U0rWHLBJmG5UJMMoTeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/JnuJPNKDRlb2L0YKWt3K0sNgdFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/cda8f7-8b87-4c6e-bd56-acf04481064d/1/4EsooZ2_U0rWHLBJmG5UJMMoTeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e98::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:6a:b0:d0:7a:16:fd:a7:fa:41:f2:77:d6:66:62:81:6c:65:
         bb:cd:7f:49:aa:ce:73:63:7f:00:38:62:31:87:89:6f:6d:61:
         f5:da:e0:e9:fe:ec:0b:fb:d1:a6:50:35:73:3e:c4:74:17:69:
         9a:0d:10:c1:28:e3:9e:95:ba:41:00:c7:b5:e7:9a:34:20:cc:
         78:56:ee:96:d8:ea:9a:2f:e6:1c:dd:82:d5:23:3e:17:30:1f:
         ce:51:f7:64:88:7f:f0:35:63:00:e6:4f:4b:71:16:4c:c1:b8:
         92:90:57:02:98:75:c5:d8:24:2b:58:f4:cb:d0:58:13:a2:0a:
         6e:84:eb:27:aa:94:f2:ab:eb:19:70:d3:e6:14:f1:b4:56:49:
         27:32:46:57:0f:a0:af:29:ac:8f:b9:e6:e3:8f:4a:18:2a:df:
         05:3e:ee:75:52:e7:89:1d:cf:13:d6:06:fd:8d:eb:9d:2a:d8:
         81:49:a7:3b:19:7d:8c:e3:64:47:a5:40:37:95:54:1e:ac:8d:
         19:72:47:7e:16:df:88:bb:f2:d9:a7:b6:fa:b1:74:6d:57:b9:
         d7:30:e1:cf:e4:e3:9c:6d:a9:63:36:9d:66:79:0f:06:8b:2c:
         f8:03:a5:30:3d:1d:46:09:f3:23:e4:0d:e6:eb:0a:e1:d6:dd:
         82:78:09:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBEu8Q0Akp3icF7PX/d5+o2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNGIyOGExOWRiZjUzNGFkNjFjYjA0OTk4NmU1NDI0YzMy
ODRkZTIwHhcNMjQwNjIzMTA1NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdiODkzY2QyODM0NjU2ZjYyZjQ2MGE1YWRkY2FkMmMzNjA3NDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyGLtYnSJWw8o1fYAo3RnOielnOa
OYKw1UEmuDMLx2DOYg2Hhy33ek/3kIWPX6/f5ffi6AnmH+ZmlDSNLuVt5S8DaHNg
Vrws0H9ltIUrXkYrCdyHMLiKroqW660Ckmr1qYja5JRwIfu+U9ghMI1ZEmmybyKr
X/CNjYwC2gR15UyQWxUrV9X1gkKRcyLLOEuM/uEc0OuoLzaD9tg6JPg52UMXSmrO
yp3p7usj+YXe+i87RR7SSFUhwgUe/Og9t3bSvCQ6C1uP00NpHXuCHMyQneFZj6oz
Xa9yw2/UtbRx1YuoaeYX+GVz8bc7jjQkNEiLGG8nRVlbBTk0B0CDR1djCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCZ7iTzSg0ZW9i9GClrdytLDYHRaMB8GA1UdIwQY
MBaAFOBLKKGdv1NK1hywSZhuVCTDKE3iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEVzb29aMl9VMHJXSExCSm1HNVVKTU1vVGVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9jZGE4ZjctOGI4Ny00YzZlLWJkNTYt
YWNmMDQ0ODEwNjRkLzEvSm51SlBOS0RSbGIyTDBZS1d0M0swc05nZEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9jZGE4ZjctOGI4Ny00YzZlLWJkNTYtYWNmMDQ0ODEwNjRk
LzEvNEVzb29aMl9VMHJXSExCSm1HNVVKTU1vVGVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA6Y
MA0GCSqGSIb3DQEBCwUAA4IBAQB/arDQehb9p/pB8nfWZmKBbGW7zX9Jqs5zY38A
OGIxh4lvbWH12uDp/uwL+9GmUDVzPsR0F2maDRDBKOOelbpBAMe155o0IMx4Vu6W
2OqaL+Yc3YLVIz4XMB/OUfdkiH/wNWMA5k9LcRZMwbiSkFcCmHXF2CQrWPTL0FgT
ogpuhOsnqpTyq+sZcNPmFPG0VkknMkZXD6CvKayPuebjj0oYKt8FPu51UueJHc8T
1gb9jeudKtiBSac7GX2M42RHpUA3lVQerI0Zckd+Ft+Iu/LZp7b6sXRtV7nXMOHP
5OOcbaljNp1meQ8Giyz4A6UwPR1GCfMj5A3m6wrh1t2CeAmY
-----END CERTIFICATE-----