Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/JS1fc48y14b9fUL5c6tTMgTXsU4.roa
File:                     JS1fc48y14b9fUL5c6tTMgTXsU4.roa (raw, json)
Hash identifier:          xCNwNBtgmQInUZvfi4plOU8TOH+xCG/akrREcGUE3Og=
Subject key identifier:   25:2D:5F:73:8F:32:D7:86:FD:7D:42:F9:73:AB:53:32:04:D7:B1:4E
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018FF2F8E1A3D4340AF453986F872C9AB5BE
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/JS1fc48y14b9fUL5c6tTMgTXsU4.roa
Signing time:             Fri 07 Jun 2024 13:52:27 +0000
ROA not before:           Fri 07 Jun 2024 13:52:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60594
IP address blocks:        192.162.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:f8:e1:a3:d4:34:0a:f4:53:98:6f:87:2c:9a:b5:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jun  7 13:52:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=252d5f738f32d786fd7d42f973ab533204d7b14e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:48:85:f4:38:40:d2:99:8a:e0:09:6d:55:f7:
                    3d:59:d8:f6:e8:ad:54:ca:fb:96:2d:32:83:28:4f:
                    3d:19:1f:33:d5:c2:81:84:be:b5:c9:74:39:28:0d:
                    5b:d9:99:eb:9c:dc:30:9f:fc:ef:45:3b:8b:db:7f:
                    42:e6:8a:3e:60:d4:b1:63:5d:9d:ed:14:81:83:6a:
                    e5:56:9a:d9:85:d2:a1:c1:62:06:85:d6:97:6c:53:
                    4f:10:50:61:de:b4:60:1b:fb:d8:a7:6f:f8:a6:20:
                    a0:3b:9f:53:e6:94:f2:35:1d:e4:4a:ed:9e:1f:df:
                    0c:87:3f:b9:8a:42:d7:1c:53:3c:3d:d1:f4:11:77:
                    34:fe:34:72:cf:69:20:b2:31:4c:7e:5a:b6:cc:4e:
                    0a:76:03:04:54:c0:35:2d:76:b4:b6:dd:eb:e8:4f:
                    5d:66:23:86:b3:ae:3b:c8:21:1d:32:e9:54:24:a6:
                    ae:df:dc:68:54:13:28:f9:ce:1c:4c:02:d2:bd:61:
                    0a:bc:b3:2d:eb:1c:06:9f:40:3a:44:f9:69:c4:a6:
                    45:f6:f1:3a:f7:66:90:7b:81:4f:e2:8c:a6:94:be:
                    c1:e2:e9:4a:e7:98:71:03:8e:b2:52:c3:2c:f5:d5:
                    1e:bd:41:fc:82:99:ca:92:0f:c9:ff:2f:fb:94:f0:
                    bb:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2D:5F:73:8F:32:D7:86:FD:7D:42:F9:73:AB:53:32:04:D7:B1:4E
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/JS1fc48y14b9fUL5c6tTMgTXsU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f5:0c:fa:8d:04:83:fb:23:f2:7e:b7:93:ce:32:a2:2d:4a:
         09:4c:ea:ec:53:b0:3b:6c:c8:bf:41:4a:4a:cc:d5:6c:cb:8f:
         59:ba:dc:d2:b1:41:4d:a5:61:ec:d0:59:52:27:54:76:16:1d:
         a9:66:ca:97:4b:5e:62:65:71:ba:36:08:5c:91:cb:41:ba:60:
         56:96:9e:40:28:f4:95:f6:3a:b3:02:49:00:a5:ea:6e:0d:5a:
         91:80:aa:39:aa:cb:c4:dc:1e:6e:25:ac:28:9d:07:25:85:12:
         63:3c:43:58:3b:57:90:09:4d:67:b6:43:0d:34:9c:8e:2a:8f:
         5d:a1:ae:c2:c6:fe:59:69:47:27:dc:0a:fc:71:e9:42:d8:97:
         52:ab:61:6b:ec:49:0f:c0:80:19:f6:1e:72:06:50:24:06:70:
         33:66:9b:bf:b6:2a:21:2d:79:d5:13:09:7d:40:2a:09:45:a2:
         fd:36:16:6e:b6:21:f4:85:f0:bc:06:69:78:a5:9d:62:ce:be:
         db:bc:f0:e1:49:dd:45:f6:79:e6:ec:e3:b9:a1:57:fb:4b:c4:
         f1:18:57:68:7a:f7:57:60:b7:9d:a5:24:ef:e4:e4:e6:d6:f5:
         e0:02:0d:a8:f7:70:aa:17:6d:de:6d:72:de:b5:9d:90:4a:d3:
         4e:c7:a1:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/y+OGj1DQK9FOYb4csmrW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNjA3MTM1MjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJkNWY3MzhmMzJkNzg2ZmQ3ZDQyZjk3M2FiNTMzMjA0ZDdiMTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UiF9DhA0pmK4AltVfc9Wdj26K1U
yvuWLTKDKE89GR8z1cKBhL61yXQ5KA1b2ZnrnNwwn/zvRTuL239C5oo+YNSxY12d
7RSBg2rlVprZhdKhwWIGhdaXbFNPEFBh3rRgG/vYp2/4piCgO59T5pTyNR3kSu2e
H98Mhz+5ikLXHFM8PdH0EXc0/jRyz2kgsjFMflq2zE4KdgMEVMA1LXa0tt3r6E9d
ZiOGs647yCEdMulUJKau39xoVBMo+c4cTALSvWEKvLMt6xwGn0A6RPlpxKZF9vE6
92aQe4FP4oymlL7B4ulK55hxA46yUsMs9dUevUH8gpnKkg/J/y/7lPC7wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUtX3OPMteG/X1C+XOrUzIE17FOMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvSlMxZmM0OHkxNGI5ZlVMNWM2dFRNZ1RYc1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKLGMA0G
CSqGSIb3DQEBCwUAA4IBAQAR9Qz6jQSD+yPyfreTzjKiLUoJTOrsU7A7bMi/QUpK
zNVsy49ZutzSsUFNpWHs0FlSJ1R2Fh2pZsqXS15iZXG6NghckctBumBWlp5AKPSV
9jqzAkkApepuDVqRgKo5qsvE3B5uJawonQclhRJjPENYO1eQCU1ntkMNNJyOKo9d
oa7Cxv5ZaUcn3Ar8celC2JdSq2Fr7EkPwIAZ9h5yBlAkBnAzZpu/tiohLXnVEwl9
QCoJRaL9NhZutiH0hfC8Bml4pZ1izr7bvPDhSd1F9nnm7OO5oVf7S8TxGFdoevdX
YLedpSTv5OTm1vXgAg2o93CqF23ebXLetZ2QStNOx6HI
-----END CERTIFICATE-----