Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JJpk5nlnoT7Kz7whpmXrLzmilco.roa
File:                     JJpk5nlnoT7Kz7whpmXrLzmilco.roa (raw, json)
Hash identifier:          KLM6ur96A82Py3x1wP6VQRDXiAc22+YqOPVc7cSvGJU=
Subject key identifier:   24:9A:64:E6:79:67:A1:3E:CA:CF:BC:21:A6:65:EB:2F:39:A2:95:CA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D5E6A1E90DBC0B5D4CC6DB2B4DAA221F4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JJpk5nlnoT7Kz7whpmXrLzmilco.roa
Signing time:             Wed 31 Jan 2024 07:27:09 +0000
ROA not before:           Wed 31 Jan 2024 07:27:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215720
IP address blocks:        45.66.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:6a:1e:90:db:c0:b5:d4:cc:6d:b2:b4:da:a2:21:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 31 07:27:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=249a64e67967a13ecacfbc21a665eb2f39a295ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:02:af:b7:19:54:e2:12:c0:13:d1:37:73:23:
                    d6:50:fe:ca:23:fb:69:93:9e:82:af:5e:e6:ea:46:
                    e1:87:39:54:e5:2c:c8:67:ac:c7:ed:b4:32:74:f8:
                    2f:29:0c:2a:69:f1:c6:20:67:bc:75:4c:1f:2e:f0:
                    ef:9c:13:cb:eb:82:4f:fd:d9:70:32:9c:2f:5f:09:
                    03:c4:31:04:10:19:9a:5d:7a:fc:5d:69:fa:08:d9:
                    77:89:2d:90:91:6d:d5:ad:f8:b8:bc:6f:01:ad:45:
                    0d:fa:95:37:8f:db:95:d2:86:1a:2f:b4:ab:cf:45:
                    d1:6f:ef:9c:d1:1b:4c:4d:a8:f1:01:57:72:13:e1:
                    ef:36:95:ac:42:2c:a6:ad:0d:87:34:14:01:68:44:
                    c8:96:2a:fc:83:4d:94:a9:52:76:5b:46:9f:a9:88:
                    cd:30:66:9f:ca:db:79:dd:1a:30:fd:88:ef:7c:e0:
                    cf:16:37:c6:d1:34:79:82:53:2f:fa:85:9f:f8:51:
                    5a:9c:d2:fd:2b:42:01:2b:d9:80:a3:af:cd:56:e9:
                    af:7c:37:88:04:47:97:89:86:a1:23:09:fa:48:04:
                    f1:00:35:bc:52:8a:16:40:cb:87:39:c3:ae:40:61:
                    5e:8d:5b:66:61:a3:70:bd:1e:1d:bc:33:9f:75:30:
                    c5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:9A:64:E6:79:67:A1:3E:CA:CF:BC:21:A6:65:EB:2F:39:A2:95:CA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JJpk5nlnoT7Kz7whpmXrLzmilco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:09:1c:e1:3f:71:e7:94:cd:56:da:35:67:49:1c:1d:ca:aa:
         20:cc:15:20:5b:f9:ad:97:14:37:dc:9f:31:b2:ca:16:77:ed:
         27:83:b4:f2:fb:62:cb:03:da:fb:e0:f2:f6:b6:df:fe:ef:ac:
         cc:93:ff:5c:d4:44:1d:8b:c5:3c:65:e7:56:1e:87:05:ab:0b:
         15:39:fd:a6:bb:8c:49:34:40:82:b3:0c:de:26:22:32:31:30:
         d5:3a:36:9b:36:29:03:68:11:29:75:1e:6d:6b:f7:60:6b:39:
         25:72:1c:b9:27:74:5b:9f:fa:0c:3c:cc:d3:25:9f:a4:42:d4:
         00:b6:52:dd:3c:af:77:63:b7:88:43:51:65:7f:34:b4:b3:58:
         94:a1:c4:0d:e4:ac:ac:68:fa:cd:f7:d3:9e:10:8d:cc:35:0e:
         2b:1b:23:ef:68:c8:0a:d7:a4:f1:86:fc:03:f9:3d:be:41:2d:
         aa:fc:04:da:44:e8:be:20:d0:1b:b5:5d:32:66:36:1c:45:5b:
         87:77:da:6d:4e:83:69:91:ff:0c:c4:2f:47:2f:52:b3:22:95:
         ef:d7:4f:8b:30:04:95:1b:98:d5:b7:6f:92:92:3e:10:f2:1e:
         8d:21:f2:c2:9b:86:a4:13:5f:40:27:56:00:0e:5e:ca:0c:55:
         83:00:d1:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1eah6Q28C11MxtsrTaoiH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTMxMDcyNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDlhNjRlNjc5NjdhMTNlY2FjZmJjMjFhNjY1ZWIyZjM5YTI5NWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwKvtxlU4hLAE9E3cyPWUP7KI/tp
k56Cr17m6kbhhzlU5SzIZ6zH7bQydPgvKQwqafHGIGe8dUwfLvDvnBPL64JP/dlw
MpwvXwkDxDEEEBmaXXr8XWn6CNl3iS2QkW3Vrfi4vG8BrUUN+pU3j9uV0oYaL7Sr
z0XRb++c0RtMTajxAVdyE+HvNpWsQiymrQ2HNBQBaETIlir8g02UqVJ2W0afqYjN
MGafytt53Row/YjvfODPFjfG0TR5glMv+oWf+FFanNL9K0IBK9mAo6/NVumvfDeI
BEeXiYahIwn6SATxADW8UooWQMuHOcOuQGFejVtmYaNwvR4dvDOfdTDF4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSaZOZ5Z6E+ys+8IaZl6y85opXKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSkpwazVubG5vVDdLejd3aHBtWHJMem1pbGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALULmMA0G
CSqGSIb3DQEBCwUAA4IBAQAyCRzhP3HnlM1W2jVnSRwdyqogzBUgW/mtlxQ33J8x
ssoWd+0ng7Ty+2LLA9r74PL2tt/+76zMk/9c1EQdi8U8ZedWHocFqwsVOf2mu4xJ
NECCswzeJiIyMTDVOjabNikDaBEpdR5ta/dgazklchy5J3Rbn/oMPMzTJZ+kQtQA
tlLdPK93Y7eIQ1FlfzS0s1iUocQN5KysaPrN99OeEI3MNQ4rGyPvaMgK16TxhvwD
+T2+QS2q/ATaROi+INAbtV0yZjYcRVuHd9ptToNpkf8MxC9HL1KzIpXv10+LMASV
G5jVt2+Skj4Q8h6NIfLCm4akE19AJ1YADl7KDFWDANEX
-----END CERTIFICATE-----