Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/c0fef9-afff-49de-808a-e4478c55308a/1/JoRjS4XhzhUr3abo1B93rPjtJZY.roa
File:                     JoRjS4XhzhUr3abo1B93rPjtJZY.roa (raw, json)
Hash identifier:          vqr9zuUfaRi+yK/ej6/XSUYmDxkFZKjWGIJy+GiuneQ=
Subject key identifier:   26:84:63:4B:85:E1:CE:15:2B:DD:A6:E8:D4:1F:77:AC:F8:ED:25:96
Certificate issuer:       /CN=f59adb0208a2d2a718d3064b4613fdc4320d28f9
Certificate serial:       018CC8DEA3BC64E502E657B252014D65FF81
Authority key identifier: F5:9A:DB:02:08:A2:D2:A7:18:D3:06:4B:46:13:FD:C4:32:0D:28:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ZrbAgii0qcY0wZLRhP9xDINKPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/c0fef9-afff-49de-808a-e4478c55308a/1/JoRjS4XhzhUr3abo1B93rPjtJZY.roa
Signing time:             Tue 02 Jan 2024 06:31:23 +0000
ROA not before:           Tue 02 Jan 2024 06:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197942
IP address blocks:        2001:678:70c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/c0fef9-afff-49de-808a-e4478c55308a/1/9ZrbAgii0qcY0wZLRhP9xDINKPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/c0fef9-afff-49de-808a-e4478c55308a/1/9ZrbAgii0qcY0wZLRhP9xDINKPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ZrbAgii0qcY0wZLRhP9xDINKPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a3:bc:64:e5:02:e6:57:b2:52:01:4d:65:ff:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f59adb0208a2d2a718d3064b4613fdc4320d28f9
        Validity
            Not Before: Jan  2 06:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2684634b85e1ce152bdda6e8d41f77acf8ed2596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:16:ce:ab:bd:2d:c3:9f:69:ab:52:50:2e:00:
                    79:1d:bc:50:8d:e7:9c:8a:a1:30:33:25:ce:fd:8c:
                    7a:cf:c1:29:bb:91:e1:f7:10:32:cc:84:de:83:d4:
                    91:be:de:76:c5:3b:41:ba:b0:81:02:e1:ba:29:b4:
                    6f:77:3e:8d:63:31:12:b3:98:18:e7:27:b9:5b:28:
                    77:e4:1d:20:92:aa:30:21:c9:23:ea:1d:d5:4f:76:
                    a3:03:b0:6b:a3:c6:83:71:40:b6:aa:ac:26:c8:10:
                    1b:12:c1:a0:c3:0d:40:63:9e:61:e8:34:b6:5d:10:
                    ec:e8:8f:7e:ca:c7:31:71:8c:4e:1e:74:5f:a0:e4:
                    2d:ad:ac:92:a2:e8:2b:45:a3:45:89:ac:6b:fd:ab:
                    2e:0d:ef:10:cb:36:78:b9:68:a6:2c:2a:8d:6b:96:
                    f5:2c:b5:db:4a:5f:65:32:b2:44:b4:c7:bf:36:07:
                    9b:9d:a6:73:57:f0:02:c9:3c:55:e0:a3:a8:20:32:
                    59:19:de:5c:0a:f1:e0:0d:e4:7a:5e:dc:c7:43:db:
                    95:b8:6d:ae:55:ef:ad:e7:18:96:f4:bb:fd:68:f9:
                    3a:5f:03:9d:e8:1d:c0:ed:d9:9c:51:e5:80:94:3f:
                    a8:bd:aa:57:0d:d4:0a:6b:06:11:b7:97:72:c2:03:
                    6a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:84:63:4B:85:E1:CE:15:2B:DD:A6:E8:D4:1F:77:AC:F8:ED:25:96
            X509v3 Authority Key Identifier:
                keyid:F5:9A:DB:02:08:A2:D2:A7:18:D3:06:4B:46:13:FD:C4:32:0D:28:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ZrbAgii0qcY0wZLRhP9xDINKPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/c0fef9-afff-49de-808a-e4478c55308a/1/JoRjS4XhzhUr3abo1B93rPjtJZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/c0fef9-afff-49de-808a-e4478c55308a/1/9ZrbAgii0qcY0wZLRhP9xDINKPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:70c::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:e7:3b:e0:3c:94:39:dd:ce:74:5a:61:b9:62:c5:ea:ee:b4:
         b1:5a:13:5b:ae:f9:09:e1:10:80:7a:d2:f7:6c:c8:0a:90:6d:
         97:90:c9:3f:8d:7d:e7:a6:c0:73:e5:e7:83:98:a2:bd:75:f6:
         e6:09:ae:0c:88:10:80:38:ab:96:2d:54:e5:1d:54:ee:51:a9:
         ed:e7:ee:17:b8:5a:53:95:9b:24:30:d7:ca:a3:cc:6d:6a:b6:
         89:1f:77:a7:a8:3b:ae:7f:43:81:e8:a6:6b:1d:ea:d7:37:71:
         4f:aa:d0:d1:01:ab:fa:86:54:12:38:e1:d6:76:9f:91:a5:3e:
         b8:f9:0c:08:b1:90:21:7e:fc:9a:22:e3:d3:e4:94:21:c3:05:
         73:51:32:4b:96:00:1e:df:80:d4:de:68:b3:4a:b4:f1:ed:85:
         a6:c6:3d:de:e4:84:39:70:21:1b:96:6b:42:8a:13:4a:2a:ef:
         b5:73:f6:21:13:2e:d9:17:04:1f:31:3d:12:b4:07:39:08:bb:
         24:e7:a9:2b:4d:81:ad:ce:ff:4d:3f:5c:12:fd:45:57:6d:69:
         1a:21:e6:a0:1c:8c:93:bb:97:5e:58:25:3d:12:d8:34:a8:bc:
         1d:72:a6:7d:0d:d1:4e:3a:a5:e2:09:c2:d0:45:93:f4:8e:a9:
         34:f6:3c:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3qO8ZOUC5leyUgFNZf+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OWFkYjAyMDhhMmQyYTcxOGQzMDY0YjQ2MTNmZGM0MzIw
ZDI4ZjkwHhcNMjQwMTAyMDYzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjg0NjM0Yjg1ZTFjZTE1MmJkZGE2ZThkNDFmNzdhY2Y4ZWQyNTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRbOq70tw59pq1JQLgB5HbxQjeec
iqEwMyXO/Yx6z8Epu5Hh9xAyzITeg9SRvt52xTtBurCBAuG6KbRvdz6NYzESs5gY
5ye5Wyh35B0gkqowIckj6h3VT3ajA7Bro8aDcUC2qqwmyBAbEsGgww1AY55h6DS2
XRDs6I9+yscxcYxOHnRfoOQtraySougrRaNFiaxr/asuDe8QyzZ4uWimLCqNa5b1
LLXbSl9lMrJEtMe/NgebnaZzV/ACyTxV4KOoIDJZGd5cCvHgDeR6XtzHQ9uVuG2u
Ve+t5xiW9Lv9aPk6XwOd6B3A7dmcUeWAlD+ovapXDdQKawYRt5dywgNq7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCaEY0uF4c4VK92m6NQfd6z47SWWMB8GA1UdIwQY
MBaAFPWa2wIIotKnGNMGS0YT/cQyDSj5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVpyYkFnaWkwcWNZMHdaTFJoUDl4RElOS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9jMGZlZjktYWZmZi00OWRlLTgwOGEt
ZTQ0NzhjNTUzMDhhLzEvSm9SalM0WGh6aFVyM2FibzFCOTNyUGp0SlpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9jMGZlZjktYWZmZi00OWRlLTgwOGEtZTQ0NzhjNTUzMDhh
LzEvOVpyYkFnaWkwcWNZMHdaTFJoUDl4RElOS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAcM
MA0GCSqGSIb3DQEBCwUAA4IBAQA45zvgPJQ53c50WmG5YsXq7rSxWhNbrvkJ4RCA
etL3bMgKkG2XkMk/jX3npsBz5eeDmKK9dfbmCa4MiBCAOKuWLVTlHVTuUant5+4X
uFpTlZskMNfKo8xtaraJH3enqDuuf0OB6KZrHerXN3FPqtDRAav6hlQSOOHWdp+R
pT64+QwIsZAhfvyaIuPT5JQhwwVzUTJLlgAe34DU3mizSrTx7YWmxj3e5IQ5cCEb
lmtCihNKKu+1c/YhEy7ZFwQfMT0StAc5CLsk56krTYGtzv9NP1wS/UVXbWkaIeag
HIyTu5deWCU9Etg0qLwdcqZ9DdFOOqXiCcLQRZP0jqk09jwT
-----END CERTIFICATE-----