Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/5bda54-db7a-46d3-9cf9-16b1d2ee88a6/1/JBzstpri_9JhfLK0gmwYFsTQjPE.roa
File:                     JBzstpri_9JhfLK0gmwYFsTQjPE.roa (raw, json)
Hash identifier:          erCjlMioOqhkkGNVKATfQ4ZuhMbOOOMFWqyMpIH2qV8=
Subject key identifier:   24:1C:EC:B6:9A:E2:FF:D2:61:7C:B2:B4:82:6C:18:16:C4:D0:8C:F1
Certificate issuer:       /CN=8dce4df68044985a177b3032f00fc6fe224ad8b3
Certificate serial:       018CC649A99D4FC6E237F65AB31D869C5D87
Authority key identifier: 8D:CE:4D:F6:80:44:98:5A:17:7B:30:32:F0:0F:C6:FE:22:4A:D8:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jc5N9oBEmFoXezAy8A_G_iJK2LM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/5bda54-db7a-46d3-9cf9-16b1d2ee88a6/1/JBzstpri_9JhfLK0gmwYFsTQjPE.roa
Signing time:             Mon 01 Jan 2024 18:29:25 +0000
ROA not before:           Mon 01 Jan 2024 18:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212696
IP address blocks:        185.195.128.0/22 maxlen: 24
                          2a0a:5ac0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/5bda54-db7a-46d3-9cf9-16b1d2ee88a6/1/jc5N9oBEmFoXezAy8A_G_iJK2LM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/5bda54-db7a-46d3-9cf9-16b1d2ee88a6/1/jc5N9oBEmFoXezAy8A_G_iJK2LM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jc5N9oBEmFoXezAy8A_G_iJK2LM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a9:9d:4f:c6:e2:37:f6:5a:b3:1d:86:9c:5d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dce4df68044985a177b3032f00fc6fe224ad8b3
        Validity
            Not Before: Jan  1 18:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=241cecb69ae2ffd2617cb2b4826c1816c4d08cf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4d:0d:32:7e:70:01:c0:1b:df:d3:66:1f:52:
                    7d:a0:1b:84:e4:71:48:62:3d:9b:57:ec:e4:9a:4d:
                    28:cf:f8:f5:ca:20:e2:36:ef:5e:36:fd:23:0e:47:
                    aa:ca:dc:a6:4a:70:ae:2b:8b:29:82:03:b9:0a:0b:
                    0c:9d:26:d3:eb:1b:ca:33:28:11:b1:42:6a:f6:2c:
                    61:d9:90:63:ae:88:21:12:53:85:2b:b5:48:46:6e:
                    85:95:d1:0b:1d:fe:48:c9:9b:de:f4:c8:e3:0e:5a:
                    e7:e2:7d:5b:8e:ee:89:8f:8e:38:3b:aa:0d:bf:8e:
                    33:37:d2:13:ef:df:01:29:84:cc:0a:45:0d:53:7d:
                    65:14:28:4b:08:aa:eb:c9:4a:38:d2:fa:1f:62:8b:
                    6d:2a:6b:89:b7:bb:7c:b2:ac:59:e3:eb:3d:22:a4:
                    f8:21:79:74:3f:f7:d6:c9:90:f1:59:46:21:17:21:
                    4f:29:b9:e7:7b:c8:c0:21:62:80:a7:27:b0:e8:8b:
                    fc:3c:30:d4:cf:29:d1:e3:94:04:a7:51:52:58:de:
                    41:fe:ee:fa:65:3f:54:ae:51:71:74:39:ae:96:dc:
                    75:5f:87:5e:20:68:70:d3:e1:2a:c8:2d:13:93:18:
                    5f:a8:95:d5:f8:a4:06:f0:a2:db:62:07:dc:55:5b:
                    47:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:1C:EC:B6:9A:E2:FF:D2:61:7C:B2:B4:82:6C:18:16:C4:D0:8C:F1
            X509v3 Authority Key Identifier:
                keyid:8D:CE:4D:F6:80:44:98:5A:17:7B:30:32:F0:0F:C6:FE:22:4A:D8:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jc5N9oBEmFoXezAy8A_G_iJK2LM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/5bda54-db7a-46d3-9cf9-16b1d2ee88a6/1/JBzstpri_9JhfLK0gmwYFsTQjPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/5bda54-db7a-46d3-9cf9-16b1d2ee88a6/1/jc5N9oBEmFoXezAy8A_G_iJK2LM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.128.0/22
                IPv6:
                  2a0a:5ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:d1:2f:67:97:9c:29:3a:97:58:eb:64:3d:5b:58:36:2e:9e:
         3f:25:e5:b4:b6:fb:48:78:51:32:79:99:00:ac:ee:40:60:d1:
         cb:68:72:51:3d:5d:c9:20:ac:17:6d:21:bb:e6:25:a7:2f:3e:
         5b:fe:cb:31:9e:16:0c:c1:cb:47:9f:a5:e0:9c:07:f0:83:2f:
         28:20:53:37:bc:a5:16:6f:13:d9:92:34:68:40:59:19:ec:33:
         81:bb:ea:e5:b8:fe:75:9f:ec:90:c5:6b:68:80:9e:a7:1c:03:
         a1:73:4a:ed:28:4a:62:46:6a:70:fa:04:08:32:c9:25:96:93:
         ce:3c:0b:75:63:bf:a4:28:f1:a8:68:ba:f2:54:dd:50:2f:43:
         f6:94:2e:4a:49:d2:20:a9:c9:f4:fc:89:9b:21:74:02:8c:94:
         91:cd:22:2c:94:ac:92:5d:da:01:8f:f6:4a:1d:b4:0b:21:60:
         08:94:b1:0a:60:0b:89:7c:a2:28:ab:4d:b0:97:90:cd:ae:16:
         9b:71:b1:df:c8:81:d7:9a:77:22:0d:e1:b4:0c:a2:e0:64:df:
         66:e4:58:4c:f6:77:94:a2:4c:98:34:ad:be:82:43:3c:90:4b:
         64:ee:27:83:56:0f:e1:d1:cf:a7:8b:21:20:2a:39:96:6e:14:
         f3:14:c7:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSamdT8biN/Zasx2GnF2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkY2U0ZGY2ODA0NDk4NWExNzdiMzAzMmYwMGZjNmZlMjI0
YWQ4YjMwHhcNMjQwMTAxMTgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDFjZWNiNjlhZTJmZmQyNjE3Y2IyYjQ4MjZjMTgxNmM0ZDA4Y2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm00NMn5wAcAb39NmH1J9oBuE5HFI
Yj2bV+zkmk0oz/j1yiDiNu9eNv0jDkeqytymSnCuK4spggO5CgsMnSbT6xvKMygR
sUJq9ixh2ZBjroghElOFK7VIRm6FldELHf5IyZve9MjjDlrn4n1bju6Jj444O6oN
v44zN9IT798BKYTMCkUNU31lFChLCKrryUo40vofYottKmuJt7t8sqxZ4+s9IqT4
IXl0P/fWyZDxWUYhFyFPKbnne8jAIWKApyew6Iv8PDDUzynR45QEp1FSWN5B/u76
ZT9UrlFxdDmultx1X4deIGhw0+EqyC0TkxhfqJXV+KQG8KLbYgfcVVtHXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCQc7Laa4v/SYXyytIJsGBbE0IzxMB8GA1UdIwQY
MBaAFI3OTfaARJhaF3swMvAPxv4iStizMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamM1TjlvQkVtRm9YZXpBeThBX0dfaUpLMkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS81YmRhNTQtZGI3YS00NmQzLTljZjkt
MTZiMWQyZWU4OGE2LzEvSkJ6c3RwcmlfOUpoZkxLMGdtd1lGc1RRalBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS81YmRhNTQtZGI3YS00NmQzLTljZjktMTZiMWQyZWU4OGE2
LzEvamM1TjlvQkVtRm9YZXpBeThBX0dfaUpLMkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucOAMA0E
AgACMAcDBQAqClrAMA0GCSqGSIb3DQEBCwUAA4IBAQAl0S9nl5wpOpdY62Q9W1g2
Lp4/JeW0tvtIeFEyeZkArO5AYNHLaHJRPV3JIKwXbSG75iWnLz5b/ssxnhYMwctH
n6XgnAfwgy8oIFM3vKUWbxPZkjRoQFkZ7DOBu+rluP51n+yQxWtogJ6nHAOhc0rt
KEpiRmpw+gQIMskllpPOPAt1Y7+kKPGoaLryVN1QL0P2lC5KSdIgqcn0/ImbIXQC
jJSRzSIslKySXdoBj/ZKHbQLIWAIlLEKYAuJfKIoq02wl5DNrhabcbHfyIHXmnci
DeG0DKLgZN9m5FhM9neUokyYNK2+gkM8kEtk7ieDVg/h0c+niyEgKjmWbhTzFMe8
-----END CERTIFICATE-----