Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Jnx_I--V3lJlwA0kXUVh1xwpJwo.roa
File:                     Jnx_I--V3lJlwA0kXUVh1xwpJwo.roa (raw, json)
Hash identifier:          /uMG9gIi8gplzQiXfbxZugvRfOc2pXBas7DDvpqRh40=
Subject key identifier:   26:7C:7F:23:EF:95:DE:52:65:C0:0D:24:5D:45:61:D7:1C:29:27:0A
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5FE9D0D97B9AFF78A12C55EE646D
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Jnx_I--V3lJlwA0kXUVh1xwpJwo.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197304
IP address blocks:        213.91.136.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5f:e9:d0:d9:7b:9a:ff:78:a1:2c:55:ee:64:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=267c7f23ef95de5265c00d245d4561d71c29270a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:a4:94:70:b0:8a:c8:f0:ee:75:5b:7d:3c:
                    b4:75:30:9f:f2:7b:e6:55:ee:80:35:46:b9:dc:db:
                    87:26:71:6a:b3:50:66:08:ed:bc:6c:cb:d0:7a:ef:
                    b7:05:21:70:de:65:d6:c7:49:34:97:f7:c8:18:4c:
                    3b:e0:0c:34:33:ea:3a:c9:06:c9:81:d8:a5:f8:73:
                    52:81:75:87:a9:ed:c0:21:5d:47:a0:b3:c4:b8:46:
                    97:6b:46:cb:6c:f8:56:55:7b:ea:42:e1:a1:ba:89:
                    76:f7:a6:6a:12:1f:9d:2e:7d:35:98:75:38:ef:70:
                    72:87:f1:ff:a1:6a:c2:4a:4f:92:4d:49:0c:c9:7f:
                    9c:30:ac:31:1b:f5:4a:5a:2e:dd:1e:ab:f8:69:c7:
                    3b:6f:f1:29:4e:df:3c:cf:09:f4:1d:a3:9a:50:74:
                    d2:7b:87:21:de:7c:e4:f7:ba:72:f9:40:ee:b1:d1:
                    18:aa:06:47:b0:0c:e5:2a:ff:16:91:d5:77:c9:4d:
                    51:21:a5:08:52:4e:f9:15:f5:eb:c7:be:47:4f:d0:
                    94:cb:9e:95:6c:5f:8d:d2:01:8f:d0:03:94:a7:eb:
                    19:54:ba:5a:36:9b:a9:e3:b2:5d:cd:98:9b:b5:d0:
                    66:84:1d:ca:2e:27:c6:31:79:7a:f3:73:81:4b:4d:
                    b1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7C:7F:23:EF:95:DE:52:65:C0:0D:24:5D:45:61:D7:1C:29:27:0A
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Jnx_I--V3lJlwA0kXUVh1xwpJwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:83:62:f1:e3:30:24:29:04:d5:3f:98:9b:6b:0b:ec:47:82:
         ca:e5:6a:cc:1a:be:8d:a6:3b:4a:84:3f:3f:94:06:0c:f6:4c:
         76:3c:14:61:b1:c7:a5:2b:4d:9c:0d:e0:55:aa:08:26:82:ef:
         54:ec:bf:fe:79:6a:69:34:c1:b2:6b:67:67:ed:27:f2:91:c3:
         6d:b7:5a:9a:81:4c:35:1b:b1:cc:05:c2:01:5b:88:a5:08:1a:
         dc:e2:71:82:32:c5:8e:af:95:7d:d5:0c:20:f9:44:e2:39:71:
         0d:1a:37:d0:4a:d7:78:7e:f8:9e:e3:b9:17:46:80:e1:04:cd:
         de:9a:8a:da:1e:28:a7:13:a7:79:b4:42:38:9e:ef:0b:a6:b9:
         db:2d:d1:06:3c:44:02:a7:ba:18:c4:69:dc:4e:e7:6f:b7:ca:
         0d:d4:76:75:46:01:78:3b:75:66:44:b0:70:c6:84:78:aa:62:
         c9:1f:3a:9e:ed:b4:2f:37:bb:27:e0:f1:d2:dd:e2:c8:50:89:
         68:34:51:10:32:e5:a1:81:e1:93:63:25:72:2c:00:37:88:c0:
         0a:36:55:82:fa:81:d9:22:18:b1:d2:a5:89:70:d7:19:05:97:
         38:29:c6:55:67:11:5f:9b:d5:5f:f0:e2:ad:0c:43:e7:a2:a6:
         ac:4f:ba:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbV/p0Nl7mv94oSxV7mRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdjN2YyM2VmOTVkZTUyNjVjMDBkMjQ1ZDQ1NjFkNzFjMjkyNzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL2klHCwisjw7nVbfTy0dTCf8nvm
Ve6ANUa53NuHJnFqs1BmCO28bMvQeu+3BSFw3mXWx0k0l/fIGEw74Aw0M+o6yQbJ
gdil+HNSgXWHqe3AIV1HoLPEuEaXa0bLbPhWVXvqQuGhuol296ZqEh+dLn01mHU4
73Byh/H/oWrCSk+STUkMyX+cMKwxG/VKWi7dHqv4acc7b/EpTt88zwn0HaOaUHTS
e4ch3nzk97py+UDusdEYqgZHsAzlKv8WkdV3yU1RIaUIUk75FfXrx75HT9CUy56V
bF+N0gGP0AOUp+sZVLpaNpup47JdzZibtdBmhB3KLifGMXl683OBS02xLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZ8fyPvld5SZcANJF1FYdccKScKMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvSm54X0ktLVYzbEpsd0Ewa1hVVmgxeHdwSndvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1VuIMA0G
CSqGSIb3DQEBCwUAA4IBAQCpg2Lx4zAkKQTVP5ibawvsR4LK5WrMGr6NpjtKhD8/
lAYM9kx2PBRhscelK02cDeBVqggmgu9U7L/+eWppNMGya2dn7SfykcNtt1qagUw1
G7HMBcIBW4ilCBrc4nGCMsWOr5V91Qwg+UTiOXENGjfQStd4fvie47kXRoDhBM3e
moraHiinE6d5tEI4nu8LprnbLdEGPEQCp7oYxGncTudvt8oN1HZ1RgF4O3VmRLBw
xoR4qmLJHzqe7bQvN7sn4PHS3eLIUIloNFEQMuWhgeGTYyVyLAA3iMAKNlWC+oHZ
Ihix0qWJcNcZBZc4KcZVZxFfm9Vf8OKtDEPnoqasT7pj
-----END CERTIFICATE-----