Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/JVuvI043XSMhblkfYyCcLhqJGhk.roa
File:                     JVuvI043XSMhblkfYyCcLhqJGhk.roa (raw, json)
Hash identifier:          c8cT1Xr/ipKROxlH9uJ+iVVdSCmvUrzyyNHA361Wqa0=
Subject key identifier:   25:5B:AF:23:4E:37:5D:23:21:6E:59:1F:63:20:9C:2E:1A:89:1A:19
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       018CC80304049A3D14BC7B79371460E5BF96
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/JVuvI043XSMhblkfYyCcLhqJGhk.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197000
IP address blocks:        193.0.9.0/24 maxlen: 24
                          2001:67c:e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:04:04:9a:3d:14:bc:7b:79:37:14:60:e5:bf:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=255baf234e375d23216e591f63209c2e1a891a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ff:4a:b9:7f:03:73:71:f0:29:2a:bf:b3:f7:
                    be:6d:2d:54:92:c4:fa:b0:f5:bc:9d:9f:75:c0:d6:
                    26:55:34:2c:dc:67:cb:f2:26:4c:a2:5f:cc:72:60:
                    d4:9a:b8:b9:7a:e8:2b:9b:15:72:f9:9b:be:bb:9f:
                    55:01:ec:3b:e0:da:38:2e:15:4a:ee:14:c0:a4:6d:
                    6f:fe:14:66:62:34:29:da:79:19:15:7a:96:86:db:
                    0f:76:48:17:f8:3d:7c:36:b2:8b:6f:90:ff:c7:68:
                    c4:f9:06:c8:e7:a8:d0:bd:69:4f:e0:36:e2:36:2a:
                    11:05:ce:5c:eb:ac:9e:e8:9f:04:1a:e4:b3:1a:db:
                    42:6d:3b:e8:0c:15:c6:89:b9:41:f3:c7:a5:e5:01:
                    96:9f:59:f4:65:0b:8d:c0:76:e1:81:41:61:9b:14:
                    af:c7:96:83:94:8a:42:ff:91:82:57:61:4c:00:37:
                    23:e4:a7:79:47:17:1c:db:2a:ae:02:0c:08:73:0c:
                    e4:0a:9a:e6:06:4c:b8:50:bb:d9:0a:83:be:17:e4:
                    e0:6f:77:bf:71:96:1f:9f:97:2d:47:c5:ce:6f:60:
                    1c:d9:95:e5:88:a2:b2:f4:74:ef:c3:d5:68:59:46:
                    df:23:5b:4b:2a:a2:56:86:b5:06:d6:51:86:15:b2:
                    38:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:5B:AF:23:4E:37:5D:23:21:6E:59:1F:63:20:9C:2E:1A:89:1A:19
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/JVuvI043XSMhblkfYyCcLhqJGhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.9.0/24
                IPv6:
                  2001:67c:e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:88:7a:95:8e:e3:68:20:e1:b6:59:de:ef:21:f7:01:a8:c0:
         03:dd:83:1d:51:58:b6:a7:1c:04:f3:7c:f6:16:55:ba:49:7e:
         13:86:f6:3a:2f:52:d9:d1:4b:ac:b7:96:7d:76:6b:02:f3:5c:
         17:85:c3:60:fc:01:60:f0:4b:8f:3e:de:c4:ca:8c:fe:24:07:
         5d:c8:50:70:18:12:1f:99:21:b4:e0:27:b2:7a:e1:45:d7:ec:
         b7:a1:1f:46:b4:9f:4e:1d:67:9d:f8:e5:36:59:10:bb:07:f9:
         dc:8a:4c:e2:03:85:f2:91:52:99:ac:e3:e0:76:d2:96:78:8b:
         09:86:2c:c4:9a:96:32:66:b8:b4:13:76:60:c6:b9:59:1f:bd:
         b7:24:08:2d:a7:e0:12:5a:c9:4c:82:f1:cc:13:c8:54:fb:00:
         cb:e4:22:dd:72:c7:f2:9d:40:91:28:66:b2:01:91:68:ab:eb:
         89:37:cb:1d:c3:bb:19:09:ec:c5:1f:eb:1e:bd:70:54:d0:1b:
         df:c8:02:0e:86:c3:43:d0:01:dc:87:78:5b:6c:8a:03:a6:d7:
         60:ab:0b:69:38:c5:98:9b:78:b9:6e:7a:26:33:ce:5d:f0:9d:
         22:7d:aa:f4:dc:88:71:38:1b:f6:8e:e7:ee:63:71:f9:66:30:
         0a:4a:73:6d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAwQEmj0UvHt5NxRg5b+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTViYWYyMzRlMzc1ZDIzMjE2ZTU5MWY2MzIwOWMyZTFhODkxYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/9KuX8Dc3HwKSq/s/e+bS1UksT6
sPW8nZ91wNYmVTQs3GfL8iZMol/McmDUmri5eugrmxVy+Zu+u59VAew74No4LhVK
7hTApG1v/hRmYjQp2nkZFXqWhtsPdkgX+D18NrKLb5D/x2jE+QbI56jQvWlP4Dbi
NioRBc5c66ye6J8EGuSzGttCbTvoDBXGiblB88el5QGWn1n0ZQuNwHbhgUFhmxSv
x5aDlIpC/5GCV2FMADcj5Kd5Rxcc2yquAgwIcwzkCprmBky4ULvZCoO+F+Tgb3e/
cZYfn5ctR8XOb2Ac2ZXliKKy9HTvw9VoWUbfI1tLKqJWhrUG1lGGFbI4hQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCVbryNON10jIW5ZH2MgnC4aiRoZMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvSlZ1dkkwNDNYU01oYmxrZll5Q2NMaHFKR2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQAJMA8E
AgACMAkDBwAgAQZ8AOAwDQYJKoZIhvcNAQELBQADggEBAH+IepWO42gg4bZZ3u8h
9wGowAPdgx1RWLanHATzfPYWVbpJfhOG9jovUtnRS6y3ln12awLzXBeFw2D8AWDw
S48+3sTKjP4kB13IUHAYEh+ZIbTgJ7J64UXX7LehH0a0n04dZ5345TZZELsH+dyK
TOIDhfKRUpms4+B20pZ4iwmGLMSaljJmuLQTdmDGuVkfvbckCC2n4BJayUyC8cwT
yFT7AMvkIt1yx/KdQJEoZrIBkWir64k3yx3DuxkJ7MUf6x69cFTQG9/IAg6Gw0PQ
AdyHeFtsigOm12CrC2k4xZibeLlueiYzzl3wnSJ9qvTciHE4G/aO5+5jcflmMApK
c20=
-----END CERTIFICATE-----