Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/JglnRMPmFPhBryPirXSb2_Y1x4I.roa
File:                     JglnRMPmFPhBryPirXSb2_Y1x4I.roa (raw, json)
Hash identifier:          OdwrEP4gIEr0zu4JwQXsuGhYb17TqFqtp402TD+TggA=
Subject key identifier:   26:09:67:44:C3:E6:14:F8:41:AF:23:E2:AD:74:9B:DB:F6:35:C7:82
Certificate issuer:       /CN=f2693085b5f75c0f10de08e22cbe4b062451b150
Certificate serial:       018CC8DEA6C5906E9A34FDD2CA0882FFE39A
Authority key identifier: F2:69:30:85:B5:F7:5C:0F:10:DE:08:E2:2C:BE:4B:06:24:51:B1:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/JglnRMPmFPhBryPirXSb2_Y1x4I.roa
Signing time:             Tue 02 Jan 2024 06:31:24 +0000
ROA not before:           Tue 02 Jan 2024 06:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45023
IP address blocks:        193.200.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a6:c5:90:6e:9a:34:fd:d2:ca:08:82:ff:e3:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2693085b5f75c0f10de08e22cbe4b062451b150
        Validity
            Not Before: Jan  2 06:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26096744c3e614f841af23e2ad749bdbf635c782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:30:e0:0b:74:9b:5c:7b:ae:50:b2:0e:a9:b2:
                    d8:bd:90:a8:9e:44:f4:43:72:51:5a:05:89:09:3b:
                    45:98:67:06:5e:b1:0f:ae:e2:38:bf:0e:98:fc:fa:
                    90:2a:f4:34:d3:82:46:d8:fa:5c:5c:ea:fc:b5:43:
                    a7:b7:31:8e:43:31:e1:2a:7c:50:9d:8d:39:c9:1e:
                    2a:c6:a1:7d:e3:80:75:76:99:f4:96:59:fd:18:c8:
                    c9:c8:ac:6d:1e:b2:74:ed:fc:4a:f1:ba:49:40:8b:
                    ad:7b:23:75:6c:c5:5a:54:60:bb:2e:cf:4e:1f:3a:
                    98:4e:98:ae:b3:bf:19:5e:0e:20:3a:7d:13:4c:4b:
                    8a:ea:66:03:02:78:bd:1c:48:45:d3:80:8b:01:99:
                    0f:e0:0f:29:e0:49:9c:20:31:2f:2a:06:17:bc:a4:
                    8c:fb:53:12:77:14:24:e8:b2:54:41:67:e0:af:1c:
                    98:98:dd:d8:45:12:54:70:74:ab:fc:14:cf:9c:df:
                    25:28:6a:a2:86:5e:67:00:3d:f9:18:3a:15:95:d1:
                    b9:e0:28:c5:ce:e6:d8:0e:47:78:20:bc:6b:78:59:
                    09:22:8c:a4:80:a6:4b:0c:40:0a:96:85:23:67:1a:
                    2a:32:d9:47:54:81:08:d6:cb:d7:c3:42:e3:9a:37:
                    50:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:09:67:44:C3:E6:14:F8:41:AF:23:E2:AD:74:9B:DB:F6:35:C7:82
            X509v3 Authority Key Identifier:
                keyid:F2:69:30:85:B5:F7:5C:0F:10:DE:08:E2:2C:BE:4B:06:24:51:B1:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/JglnRMPmFPhBryPirXSb2_Y1x4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f3:2a:4b:4f:08:bf:4c:ac:ba:f2:11:07:eb:5c:9c:83:84:
         48:3b:86:30:83:0a:2b:3e:0c:50:73:9c:7b:27:a9:62:93:76:
         14:82:2a:51:56:5e:71:70:a5:60:61:70:88:8c:3e:e1:76:e7:
         b0:99:48:d9:a6:3c:af:16:14:2b:ac:8e:9e:c6:c3:97:20:9a:
         5e:c1:b9:5b:e7:06:6c:e7:e5:2a:0e:64:b2:bb:e7:1e:9d:d9:
         a4:07:de:83:89:c4:72:dd:7c:8e:21:47:b2:74:a6:ea:a5:d5:
         b4:e1:ad:5a:d0:a3:30:f9:a7:69:51:6f:11:ff:a9:a3:84:69:
         92:77:be:d1:97:30:e9:a7:d1:b2:1d:19:30:99:1d:6c:53:78:
         50:8e:87:d7:9b:1b:a6:a8:ea:f6:3b:5e:b8:99:49:19:a6:cc:
         85:10:c3:80:07:73:d5:b8:5f:92:0e:2e:31:62:d5:71:e8:5e:
         d0:b3:29:35:52:93:99:a0:00:34:ed:85:20:03:a7:a0:69:e9:
         82:fb:92:d1:5e:70:4c:ce:b4:82:e2:d3:b2:1c:97:15:51:2c:
         82:67:09:84:23:f4:c2:5f:c4:46:68:b8:1f:8e:1f:bd:9c:9f:
         59:85:f6:93:11:49:d5:62:89:8e:5b:83:a3:6d:4a:52:2c:1e:
         f3:12:92:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qbFkG6aNP3SygiC/+OaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjkzMDg1YjVmNzVjMGYxMGRlMDhlMjJjYmU0YjA2MjQ1
MWIxNTAwHhcNMjQwMTAyMDYzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjA5Njc0NGMzZTYxNGY4NDFhZjIzZTJhZDc0OWJkYmY2MzVjNzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzDgC3SbXHuuULIOqbLYvZConkT0
Q3JRWgWJCTtFmGcGXrEPruI4vw6Y/PqQKvQ004JG2PpcXOr8tUOntzGOQzHhKnxQ
nY05yR4qxqF944B1dpn0lln9GMjJyKxtHrJ07fxK8bpJQIuteyN1bMVaVGC7Ls9O
HzqYTpius78ZXg4gOn0TTEuK6mYDAni9HEhF04CLAZkP4A8p4EmcIDEvKgYXvKSM
+1MSdxQk6LJUQWfgrxyYmN3YRRJUcHSr/BTPnN8lKGqihl5nAD35GDoVldG54CjF
zubYDkd4ILxreFkJIoykgKZLDEAKloUjZxoqMtlHVIEI1svXw0LjmjdQZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYJZ0TD5hT4Qa8j4q10m9v2NceCMB8GA1UdIwQY
MBaAFPJpMIW191wPEN4I4iy+SwYkUbFQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1rd2hiWDNYQThRM2dqaUxMNUxCaVJSc1ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8xNzMzMjctOTc0Mi00MzViLTg2YzAt
NTVlODVlYTA5ZGRlLzEvSmdsblJNUG1GUGhCcnlQaXJYU2IyX1kxeDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8xNzMzMjctOTc0Mi00MzViLTg2YzAtNTVlODVlYTA5ZGRl
LzEvOG1rd2hiWDNYQThRM2dqaUxMNUxCaVJSc1ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcg8MA0G
CSqGSIb3DQEBCwUAA4IBAQA48ypLTwi/TKy68hEH61ycg4RIO4YwgworPgxQc5x7
J6lik3YUgipRVl5xcKVgYXCIjD7hduewmUjZpjyvFhQrrI6exsOXIJpewblb5wZs
5+UqDmSyu+cendmkB96DicRy3XyOIUeydKbqpdW04a1a0KMw+adpUW8R/6mjhGmS
d77RlzDpp9GyHRkwmR1sU3hQjofXmxumqOr2O164mUkZpsyFEMOAB3PVuF+SDi4x
YtVx6F7Qsyk1UpOZoAA07YUgA6egaemC+5LRXnBMzrSC4tOyHJcVUSyCZwmEI/TC
X8RGaLgfjh+9nJ9ZhfaTEUnVYomOW4OjbUpSLB7zEpL+
-----END CERTIFICATE-----