Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/JMljoxR3uRIRkjjClCzqCVHT3y8.roa
File:                     JMljoxR3uRIRkjjClCzqCVHT3y8.roa (raw, json)
Hash identifier:          2HmhE0aDYKQwbwmyOeef4veCK5BVsIvqv3DlfMlokds=
Subject key identifier:   24:C9:63:A3:14:77:B9:12:11:92:38:C2:94:2C:EA:09:51:D3:DF:2F
Certificate issuer:       /CN=715b885c3b302fd50e6c22647a33dc47727fea95
Certificate serial:       018CC7943CE110FA463BCBE3551831497F5C
Authority key identifier: 71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/JMljoxR3uRIRkjjClCzqCVHT3y8.roa
Signing time:             Tue 02 Jan 2024 00:30:30 +0000
ROA not before:           Tue 02 Jan 2024 00:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        5.62.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:3c:e1:10:fa:46:3b:cb:e3:55:18:31:49:7f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715b885c3b302fd50e6c22647a33dc47727fea95
        Validity
            Not Before: Jan  2 00:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24c963a31477b912119238c2942cea0951d3df2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ad:27:e6:ec:ec:15:df:11:fa:3b:fb:74:e4:
                    1e:14:ec:ed:65:52:81:8a:9f:ca:0d:30:d5:fd:ce:
                    25:f8:47:30:c0:14:c1:ab:8c:87:a7:cd:9f:01:44:
                    1d:11:e8:a5:c7:87:81:79:a7:1d:6e:d8:62:0a:18:
                    fe:c9:a1:97:30:0f:9d:2c:a7:a5:f8:e3:57:ba:c9:
                    d7:e4:38:f9:6c:b1:5c:73:54:aa:d0:8c:f2:83:52:
                    b2:75:a1:04:97:a7:c2:f0:f8:79:f3:57:48:b7:c1:
                    08:2c:68:8a:27:2d:6d:a0:ec:4c:3c:dd:99:30:98:
                    e3:8e:b3:97:63:d3:5c:62:e6:74:fb:ac:33:de:cb:
                    38:f7:5f:3e:a4:3b:29:4e:d8:c1:ef:a5:d9:fd:9b:
                    dd:26:62:96:96:49:55:f0:6d:7c:cf:81:4e:9e:e8:
                    73:6c:70:c3:9d:79:3d:5f:0e:c9:bb:11:81:75:81:
                    2a:dd:35:29:6e:a7:0a:d1:a4:a3:d1:b7:56:17:0a:
                    b7:80:0b:c0:7d:26:d9:83:5f:e8:8e:5c:1a:a4:a5:
                    c7:c1:71:14:78:66:d6:c6:22:dc:a3:19:af:ef:f0:
                    44:f7:dc:50:da:3e:97:1e:6a:be:70:5d:8e:47:ff:
                    c2:db:8a:51:2f:db:94:a1:d1:d7:0d:e0:85:f3:41:
                    97:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C9:63:A3:14:77:B9:12:11:92:38:C2:94:2C:EA:09:51:D3:DF:2F
            X509v3 Authority Key Identifier:
                keyid:71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/JMljoxR3uRIRkjjClCzqCVHT3y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:50:35:55:89:ec:3f:a8:e9:93:aa:4b:78:54:82:ef:03:df:
         97:d0:12:3e:67:8f:78:0e:8b:38:eb:8c:f7:b0:ca:d8:bd:78:
         eb:81:30:3a:ff:1e:33:a8:8b:31:ab:1b:67:9a:05:b6:8d:5a:
         d5:23:89:3c:0f:f1:6d:30:0f:2b:af:6a:8d:75:52:2d:9f:28:
         93:93:ad:8a:ed:02:d7:0b:9b:c2:72:93:f9:0f:1b:f1:92:a6:
         bb:7a:d4:f5:e7:c4:90:7f:49:14:0d:7d:40:8e:e3:0c:a2:85:
         54:91:c2:20:01:41:58:23:c4:a7:e2:4e:e1:36:04:eb:09:38:
         c4:f4:d1:e2:3f:68:c1:88:88:cf:78:0f:fa:30:9d:ad:a1:ea:
         43:57:8c:e8:e4:2b:0f:01:53:3e:b4:46:d1:09:18:c5:e2:21:
         24:dd:c3:b1:54:da:d1:84:92:dc:c1:ce:05:41:88:ba:f3:65:
         db:a5:73:65:26:7a:7a:7e:01:b4:78:25:e1:67:8c:05:2e:da:
         b3:17:b9:12:a7:89:cd:58:2d:02:80:d8:64:52:32:b5:40:9a:
         7e:67:ed:11:2b:f9:f0:70:3a:3a:73:fa:0d:6c:83:56:2e:71:
         07:37:ed:3b:7b:99:62:10:f9:ba:a2:7d:81:cd:58:7d:c8:17:
         cd:9e:89:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDzhEPpGO8vjVRgxSX9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWI4ODVjM2IzMDJmZDUwZTZjMjI2NDdhMzNkYzQ3NzI3
ZmVhOTUwHhcNMjQwMTAyMDAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGM5NjNhMzE0NzdiOTEyMTE5MjM4YzI5NDJjZWEwOTUxZDNkZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnK0n5uzsFd8R+jv7dOQeFOztZVKB
ip/KDTDV/c4l+EcwwBTBq4yHp82fAUQdEeilx4eBeacdbthiChj+yaGXMA+dLKel
+ONXusnX5Dj5bLFcc1Sq0Izyg1KydaEEl6fC8Ph581dIt8EILGiKJy1toOxMPN2Z
MJjjjrOXY9NcYuZ0+6wz3ss4918+pDspTtjB76XZ/ZvdJmKWlklV8G18z4FOnuhz
bHDDnXk9Xw7JuxGBdYEq3TUpbqcK0aSj0bdWFwq3gAvAfSbZg1/ojlwapKXHwXEU
eGbWxiLcoxmv7/BE99xQ2j6XHmq+cF2OR//C24pRL9uUodHXDeCF80GXjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTJY6MUd7kSEZI4wpQs6glR098vMB8GA1UdIwQY
MBaAFHFbiFw7MC/VDmwiZHoz3Edyf+qVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYt
MmE5MjMzM2Y5ZGY2LzEvSk1sam94UjN1UklSa2pqQ2xDenFDVkhUM3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYtMmE5MjMzM2Y5ZGY2
LzEvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT4VMA0G
CSqGSIb3DQEBCwUAA4IBAQBfUDVView/qOmTqkt4VILvA9+X0BI+Z494Dos464z3
sMrYvXjrgTA6/x4zqIsxqxtnmgW2jVrVI4k8D/FtMA8rr2qNdVItnyiTk62K7QLX
C5vCcpP5Dxvxkqa7etT158SQf0kUDX1AjuMMooVUkcIgAUFYI8Sn4k7hNgTrCTjE
9NHiP2jBiIjPeA/6MJ2toepDV4zo5CsPAVM+tEbRCRjF4iEk3cOxVNrRhJLcwc4F
QYi682XbpXNlJnp6fgG0eCXhZ4wFLtqzF7kSp4nNWC0CgNhkUjK1QJp+Z+0RK/nw
cDo6c/oNbINWLnEHN+07e5liEPm6on2BzVh9yBfNnom0
-----END CERTIFICATE-----