Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/JU13NDDRrwLcrEM2tMUvzDJAyc0.roa
File:                     JU13NDDRrwLcrEM2tMUvzDJAyc0.roa (raw, json)
Hash identifier:          S0WPTZ6NGalkN6BHcnWL+0XIZ5jOjXejVo0fr7j/Jaw=
Subject key identifier:   25:4D:77:34:30:D1:AF:02:DC:AC:43:36:B4:C5:2F:CC:32:40:C9:CD
Certificate issuer:       /CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
Certificate serial:       018CC56E2EB363933C02AEEC2C06309E2A59
Authority key identifier: F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/JU13NDDRrwLcrEM2tMUvzDJAyc0.roa
Signing time:             Mon 01 Jan 2024 14:29:41 +0000
ROA not before:           Mon 01 Jan 2024 14:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        91.192.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:2e:b3:63:93:3c:02:ae:ec:2c:06:30:9e:2a:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
        Validity
            Not Before: Jan  1 14:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=254d773430d1af02dcac4336b4c52fcc3240c9cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:21:24:70:04:fb:b8:82:bc:2e:68:f3:7f:27:
                    0f:ab:b7:2f:6e:59:82:8c:5e:71:bb:15:4d:e2:ee:
                    e5:60:67:f0:b9:92:6c:53:9a:dd:2f:59:a1:b1:24:
                    16:af:55:c9:ec:01:34:b0:7f:f4:5a:80:a7:83:5e:
                    71:31:ef:92:e5:f8:da:25:96:39:f2:e1:6d:f9:b8:
                    ed:25:97:3c:88:87:ad:f9:3a:d7:72:87:9a:e7:68:
                    d8:94:02:21:eb:89:97:c2:80:bc:e9:c7:52:1e:e6:
                    53:2d:82:4d:cd:32:5e:6a:db:6c:23:af:d4:b0:7e:
                    aa:65:0c:aa:c3:db:ef:83:88:26:c2:83:cf:ee:80:
                    fe:61:88:1f:c7:c3:34:cd:c4:70:9e:84:ca:fb:ff:
                    0d:ac:f4:d4:e9:fd:7f:cd:14:7b:dd:18:25:69:1d:
                    74:b6:e1:d9:58:02:77:bc:36:e0:2e:db:a5:34:6b:
                    5b:d0:8c:bd:56:16:0b:24:61:37:95:85:a7:39:e4:
                    0f:90:ea:57:51:5b:73:93:b5:06:10:96:80:08:cb:
                    02:5b:2d:02:8f:59:a8:66:05:f1:57:46:8d:f2:61:
                    44:ac:8d:0f:b8:a9:3d:25:e5:7b:2b:4b:5a:0c:01:
                    9a:cc:9a:10:1f:06:d8:a6:74:50:67:e2:9d:a6:b8:
                    eb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4D:77:34:30:D1:AF:02:DC:AC:43:36:B4:C5:2F:CC:32:40:C9:CD
            X509v3 Authority Key Identifier:
                keyid:F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/JU13NDDRrwLcrEM2tMUvzDJAyc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:4e:cb:d8:b5:24:6b:c6:eb:3f:65:17:00:dd:23:a4:d7:eb:
         ab:64:a6:c9:d6:c7:58:50:51:51:03:bb:63:71:1d:2b:75:43:
         c0:ea:08:d9:82:b7:0e:31:31:19:28:e8:94:8e:f0:27:59:3d:
         fc:f8:cf:c4:e4:51:7b:2e:15:30:e5:cf:c0:ed:11:01:b7:c0:
         e5:16:af:bf:40:c5:38:81:41:11:3c:92:e3:bb:96:c8:8e:b1:
         10:bc:87:3d:9b:6a:6a:f8:68:12:5f:e9:7b:85:af:e0:ec:73:
         86:0b:7e:00:65:4b:70:7c:b8:c8:b3:b0:f7:82:fa:f5:0b:fd:
         f5:fb:bb:57:e3:3c:42:54:a9:3a:ef:25:6d:60:c6:36:2e:4f:
         47:96:c3:f2:4a:29:ac:d0:75:7d:08:3c:b3:f9:46:58:86:e7:
         83:f3:a7:2a:9c:f8:6d:fb:6d:98:b8:f9:14:7e:42:7a:df:79:
         ad:42:ee:65:6c:2e:59:12:a5:bf:22:fd:69:13:89:39:52:7e:
         02:d8:20:bd:67:65:1a:bb:12:eb:99:a0:da:3f:98:78:49:86:
         cc:2b:5f:f3:f5:45:c1:0b:30:55:80:2c:bd:79:82:36:74:97:
         34:fd:a6:80:64:67:b2:8f:b7:40:f0:f4:c0:81:bc:fd:04:43:
         57:f1:44:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbi6zY5M8Aq7sLAYwnipZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDBlNWViYTJmOGJmYzhmZThmZTU2Y2M4OGE0Mjg5NjUy
MzkwYmEwHhcNMjQwMTAxMTQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTRkNzczNDMwZDFhZjAyZGNhYzQzMzZiNGM1MmZjYzMyNDBjOWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyEkcAT7uIK8LmjzfycPq7cvblmC
jF5xuxVN4u7lYGfwuZJsU5rdL1mhsSQWr1XJ7AE0sH/0WoCng15xMe+S5fjaJZY5
8uFt+bjtJZc8iIet+TrXcoea52jYlAIh64mXwoC86cdSHuZTLYJNzTJeattsI6/U
sH6qZQyqw9vvg4gmwoPP7oD+YYgfx8M0zcRwnoTK+/8NrPTU6f1/zRR73RglaR10
tuHZWAJ3vDbgLtulNGtb0Iy9VhYLJGE3lYWnOeQPkOpXUVtzk7UGEJaACMsCWy0C
j1moZgXxV0aN8mFErI0PuKk9JeV7K0taDAGazJoQHwbYpnRQZ+KdprjrKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVNdzQw0a8C3KxDNrTFL8wyQMnNMB8GA1UdIwQY
MBaAFPRA5eui+L/I/o/lbMiKQollI5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2Yt
MDBiOTJjMWMxZWY0LzEvSlUxM05ERFJyd0xjckVNMnRNVXZ6REpBeWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2YtMDBiOTJjMWMxZWY0
LzEvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8DwMA0G
CSqGSIb3DQEBCwUAA4IBAQCkTsvYtSRrxus/ZRcA3SOk1+urZKbJ1sdYUFFRA7tj
cR0rdUPA6gjZgrcOMTEZKOiUjvAnWT38+M/E5FF7LhUw5c/A7REBt8DlFq+/QMU4
gUERPJLju5bIjrEQvIc9m2pq+GgSX+l7ha/g7HOGC34AZUtwfLjIs7D3gvr1C/31
+7tX4zxCVKk67yVtYMY2Lk9HlsPySims0HV9CDyz+UZYhueD86cqnPht+22YuPkU
fkJ633mtQu5lbC5ZEqW/Iv1pE4k5Un4C2CC9Z2UauxLrmaDaP5h4SYbMK1/z9UXB
CzBVgCy9eYI2dJc0/aaAZGeyj7dA8PTAgbz9BENX8UQU
-----END CERTIFICATE-----