Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/JDY8hbsVQnlp8pK16k0307O8xHE.roa
File:                     JDY8hbsVQnlp8pK16k0307O8xHE.roa (raw, json)
Hash identifier:          EQ8weOh3AoKPj7UgkiDauTgjUwt1bEUKSu5G/6eHQWk=
Subject key identifier:   24:36:3C:85:BB:15:42:79:69:F2:92:B5:EA:4D:37:D3:B3:BC:C4:71
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018FF2F8E12ED5ADF4912F969C2BCC67BA7F
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/JDY8hbsVQnlp8pK16k0307O8xHE.roa
Signing time:             Fri 07 Jun 2024 13:52:27 +0000
ROA not before:           Fri 07 Jun 2024 13:52:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43668
IP address blocks:        94.131.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:f8:e1:2e:d5:ad:f4:91:2f:96:9c:2b:cc:67:ba:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jun  7 13:52:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24363c85bb15427969f292b5ea4d37d3b3bcc471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ba:8b:8e:a9:60:c6:72:6e:b0:78:8a:4d:73:
                    8c:d0:47:6f:fb:a7:15:09:d9:00:1a:6f:86:23:83:
                    b3:90:95:da:03:9b:ad:d4:bb:78:e4:78:47:5c:d6:
                    c4:9f:1e:d8:5a:af:0e:93:b5:cb:2f:4a:7d:2c:d1:
                    ac:ac:2d:cf:43:8a:37:ef:2d:d6:5e:cd:a2:e1:43:
                    b9:ce:cf:ba:51:63:7a:d7:5f:fb:7e:a7:5f:a2:ab:
                    7d:66:db:a1:6e:7a:8c:53:9b:55:71:4a:78:78:6f:
                    81:06:ec:d8:63:fa:e3:c4:39:02:ee:b1:1a:17:bb:
                    3b:62:f7:8f:66:d7:e6:e4:cb:12:73:79:5e:37:bd:
                    d3:28:91:ad:64:ea:a0:59:80:4a:ee:21:65:66:83:
                    b2:9e:3f:a4:2e:44:91:54:fb:9e:aa:10:19:40:3c:
                    dc:0a:3d:b1:48:1b:52:98:0a:37:a1:8f:3e:77:33:
                    54:3b:e2:4e:4e:c5:98:df:9f:e1:24:3f:a8:7e:34:
                    8c:19:95:7d:3b:c0:d8:1d:81:90:41:87:76:7a:84:
                    95:a5:2e:03:98:a6:76:60:74:b1:aa:0b:fe:bc:e5:
                    dd:3c:43:07:a9:77:cd:6f:10:fe:0c:3d:b6:0b:53:
                    22:3a:d3:e5:77:99:b0:14:55:b6:74:d9:10:40:35:
                    f7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:36:3C:85:BB:15:42:79:69:F2:92:B5:EA:4D:37:D3:B3:BC:C4:71
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/JDY8hbsVQnlp8pK16k0307O8xHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:c6:c5:27:11:f2:a6:67:72:60:5e:4f:30:a7:e4:66:2b:56:
         8a:bd:5c:82:85:fd:4f:75:06:d8:3b:44:ef:81:85:e3:57:ac:
         d5:35:b1:4c:76:c4:c9:40:30:9d:c2:42:d1:1a:41:a1:bf:a5:
         d6:8b:dc:d8:8d:62:c2:d3:33:20:06:cd:aa:13:7e:34:1b:b0:
         b1:a8:51:9f:bd:51:97:5c:e6:ae:73:50:fb:01:fd:95:66:e8:
         ab:81:39:05:e4:1a:d9:5f:ad:85:c5:d9:00:6d:c3:2c:17:bb:
         7d:d3:7a:43:3c:e3:29:66:4c:92:c6:40:8a:72:d0:ed:3f:60:
         dc:25:d5:fd:45:64:22:fc:5b:e3:75:3a:72:ce:90:92:20:7a:
         90:88:19:58:5f:76:e3:2f:23:18:d2:3c:f7:74:19:94:b8:38:
         4c:58:1a:12:0f:d5:3e:82:54:6e:1e:71:dc:00:96:59:85:6b:
         68:72:33:36:50:69:e7:07:48:15:38:99:71:dc:06:97:c7:3e:
         8b:eb:6c:9a:00:9f:18:ce:36:86:5e:ad:dc:15:34:ed:8a:60:
         d4:8e:7c:35:78:cd:35:20:e1:0f:62:6c:87:fc:74:9b:71:fd:
         7e:4c:2c:f9:fd:8e:49:36:49:2b:14:17:cc:26:79:ea:3c:08:
         fe:62:43:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/y+OEu1a30kS+WnCvMZ7p/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNjA3MTM1MjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM2M2M4NWJiMTU0Mjc5NjlmMjkyYjVlYTRkMzdkM2IzYmNjNDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLqLjqlgxnJusHiKTXOM0Edv+6cV
CdkAGm+GI4OzkJXaA5ut1Lt45HhHXNbEnx7YWq8Ok7XLL0p9LNGsrC3PQ4o37y3W
Xs2i4UO5zs+6UWN611/7fqdfoqt9ZtuhbnqMU5tVcUp4eG+BBuzYY/rjxDkC7rEa
F7s7YvePZtfm5MsSc3leN73TKJGtZOqgWYBK7iFlZoOynj+kLkSRVPueqhAZQDzc
Cj2xSBtSmAo3oY8+dzNUO+JOTsWY35/hJD+ofjSMGZV9O8DYHYGQQYd2eoSVpS4D
mKZ2YHSxqgv+vOXdPEMHqXfNbxD+DD22C1MiOtPld5mwFFW2dNkQQDX3mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQ2PIW7FUJ5afKStepNN9OzvMRxMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvSkRZOGhic1ZRbmxwOHBLMTZrMDMwN084eEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPdMA0G
CSqGSIb3DQEBCwUAA4IBAQAZxsUnEfKmZ3JgXk8wp+RmK1aKvVyChf1PdQbYO0Tv
gYXjV6zVNbFMdsTJQDCdwkLRGkGhv6XWi9zYjWLC0zMgBs2qE340G7CxqFGfvVGX
XOauc1D7Af2VZuirgTkF5BrZX62FxdkAbcMsF7t903pDPOMpZkySxkCKctDtP2Dc
JdX9RWQi/FvjdTpyzpCSIHqQiBlYX3bjLyMY0jz3dBmUuDhMWBoSD9U+glRuHnHc
AJZZhWtocjM2UGnnB0gVOJlx3AaXxz6L62yaAJ8YzjaGXq3cFTTtimDUjnw1eM01
IOEPYmyH/HSbcf1+TCz5/Y5JNkkrFBfMJnnqPAj+YkO9
-----END CERTIFICATE-----