Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/JRmyJvjV9zY3qW53hCmK-0O4Ppk.roa
File:                     JRmyJvjV9zY3qW53hCmK-0O4Ppk.roa (raw, json)
Hash identifier:          4X/INGAPkC3yVtoG+zshxMbswXYxmkp2vBzXzr+Ly50=
Subject key identifier:   25:19:B2:26:F8:D5:F7:36:37:A9:6E:77:84:29:8A:FB:43:B8:3E:99
Certificate issuer:       /CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
Certificate serial:       018CC726DD8861C62218BB7872E3791EBB92
Authority key identifier: 65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/JRmyJvjV9zY3qW53hCmK-0O4Ppk.roa
Signing time:             Mon 01 Jan 2024 22:31:02 +0000
ROA not before:           Mon 01 Jan 2024 22:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31742
IP address blocks:        195.153.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:dd:88:61:c6:22:18:bb:78:72:e3:79:1e:bb:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
        Validity
            Not Before: Jan  1 22:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2519b226f8d5f73637a96e7784298afb43b83e99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:99:30:95:d0:78:0d:6d:44:63:bc:5d:27:7f:
                    e0:d4:d8:61:7c:bf:8c:26:6a:d0:16:e0:d5:62:35:
                    09:46:c6:53:2d:ea:34:a1:94:15:bc:16:bf:bc:53:
                    05:93:33:2c:62:a6:80:e7:69:3f:e5:16:30:3b:e2:
                    7e:f7:dd:30:99:16:78:8c:85:05:20:62:12:ba:53:
                    19:1d:de:77:e9:a6:05:f5:cb:a9:3a:80:9d:e3:79:
                    3a:b7:a7:b5:be:c0:2f:35:a0:04:28:a7:e3:2a:4a:
                    d0:66:9c:b5:18:fc:2a:83:32:41:bf:dc:54:da:dc:
                    5e:20:06:11:7b:3b:b1:94:66:58:06:9b:9c:af:ce:
                    ed:8b:dc:45:bb:ca:05:7e:3b:96:f5:02:58:1d:e3:
                    dc:61:d4:05:7d:4b:58:0c:aa:71:5d:1f:7c:f7:12:
                    76:7d:c9:2f:dd:42:82:79:08:54:ff:77:0e:9d:77:
                    2f:a3:e1:20:f9:26:bb:38:b6:18:e4:a2:61:2b:76:
                    75:72:6b:89:85:84:8a:56:00:1f:60:b7:0c:30:de:
                    f4:b7:22:46:fb:6b:12:a2:94:22:d1:d9:49:4f:42:
                    fa:11:5e:23:bd:a6:b3:ac:03:d4:23:7d:f9:6b:e2:
                    07:dc:f9:76:21:ed:0a:27:1d:4e:c2:72:d7:38:8c:
                    f2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:19:B2:26:F8:D5:F7:36:37:A9:6E:77:84:29:8A:FB:43:B8:3E:99
            X509v3 Authority Key Identifier:
                keyid:65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/JRmyJvjV9zY3qW53hCmK-0O4Ppk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.153.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:51:20:9b:43:fd:5f:2c:dc:58:a6:64:26:d2:a9:4e:33:4d:
         33:d5:f8:13:09:2e:5f:8d:90:dc:e1:d5:d3:b1:10:53:67:f6:
         7e:a0:aa:01:54:13:c3:de:93:6c:26:ca:e5:68:ea:a2:d8:df:
         59:59:83:bd:9e:65:7d:8f:8d:c9:29:f8:8c:a0:7e:c1:f2:c3:
         99:59:62:aa:5e:33:73:90:0d:85:17:4d:d6:17:0c:8b:d8:a9:
         b9:e7:48:b0:d7:c1:7e:92:2e:01:9a:71:23:23:75:7a:5e:64:
         c4:e5:df:d2:46:c6:dd:f5:a6:e8:58:80:d7:94:bb:0e:9e:09:
         36:d8:93:a0:97:ea:b0:5f:33:23:5d:52:d5:28:61:f3:da:ac:
         c9:24:19:7d:d2:5f:6b:8e:eb:92:2c:29:5d:2e:28:98:ed:fb:
         2d:05:69:88:3b:bc:61:6d:da:ed:bd:62:6a:c1:f0:21:a8:6c:
         17:54:8d:86:9e:7e:d2:00:7c:86:ef:9b:80:e2:94:6f:25:03:
         61:85:aa:b8:46:66:79:29:18:32:d2:e9:62:c0:8d:f5:91:99:
         1c:7c:f4:aa:fa:3b:88:83:76:77:d9:a7:0e:d5:fa:08:d1:9b:
         68:0e:8e:6a:a7:24:54:5e:7b:14:e8:76:92:60:06:9b:6c:83:
         55:50:61:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJt2IYcYiGLt4cuN5HruSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1M2Y1NTYyOTEyMWI2MGZiMTljOTdmOTljNzVkZDZmMDE1
ZGQ2ZTgwHhcNMjQwMTAxMjIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTE5YjIyNmY4ZDVmNzM2MzdhOTZlNzc4NDI5OGFmYjQzYjgzZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpkwldB4DW1EY7xdJ3/g1NhhfL+M
JmrQFuDVYjUJRsZTLeo0oZQVvBa/vFMFkzMsYqaA52k/5RYwO+J+990wmRZ4jIUF
IGISulMZHd536aYF9cupOoCd43k6t6e1vsAvNaAEKKfjKkrQZpy1GPwqgzJBv9xU
2txeIAYRezuxlGZYBpucr87ti9xFu8oFfjuW9QJYHePcYdQFfUtYDKpxXR989xJ2
fckv3UKCeQhU/3cOnXcvo+Eg+Sa7OLYY5KJhK3Z1cmuJhYSKVgAfYLcMMN70tyJG
+2sSopQi0dlJT0L6EV4jvaazrAPUI335a+IH3Pl2Ie0KJx1OwnLXOIzy+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUZsib41fc2N6lud4QpivtDuD6ZMB8GA1UdIwQY
MBaAFGU/VWKRIbYPsZyX+Zx13W8BXdboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQt
MjkyNmQyODFiNTE0LzEvSlJteUp2alY5elkzcVc1M2hDbUstME80UHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQtMjkyNmQyODFiNTE0
LzEvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5l8MA0G
CSqGSIb3DQEBCwUAA4IBAQB8USCbQ/1fLNxYpmQm0qlOM00z1fgTCS5fjZDc4dXT
sRBTZ/Z+oKoBVBPD3pNsJsrlaOqi2N9ZWYO9nmV9j43JKfiMoH7B8sOZWWKqXjNz
kA2FF03WFwyL2Km550iw18F+ki4BmnEjI3V6XmTE5d/SRsbd9aboWIDXlLsOngk2
2JOgl+qwXzMjXVLVKGHz2qzJJBl90l9rjuuSLCldLiiY7fstBWmIO7xhbdrtvWJq
wfAhqGwXVI2Gnn7SAHyG75uA4pRvJQNhhaq4RmZ5KRgy0uliwI31kZkcfPSq+juI
g3Z32acO1foI0ZtoDo5qpyRUXnsU6HaSYAabbINVUGGu
-----END CERTIFICATE-----