Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSRugBokkyxdA5CD5n5ekKR61sA.roa
File:                     JSRugBokkyxdA5CD5n5ekKR61sA.roa (raw, json)
Hash identifier:          ar0V6fDhDEdyhny3MMxuxH6nnMCQ4IatmhqB4nrHmo8=
Subject key identifier:   25:24:6E:80:1A:24:93:2C:5D:03:90:83:E6:7E:5E:90:A4:7A:D6:C0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCDA46BE9FA42E2D356488B2B2F6C5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSRugBokkyxdA5CD5n5ekKR61sA.roa
Signing time:             Tue 02 Jan 2024 06:29:26 +0000
ROA not before:           Tue 02 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        193.35.16.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:da:46:be:9f:a4:2e:2d:35:64:88:b2:b2:f6:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25246e801a24932c5d039083e67e5e90a47ad6c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9e:3c:80:5e:90:65:93:24:bb:a0:87:21:9c:
                    c2:d0:b1:13:f1:2f:02:a7:46:e1:76:5f:57:b5:43:
                    a6:15:5a:b6:49:c2:55:4d:04:5e:37:d1:91:2d:d8:
                    cd:4d:c4:6b:90:87:e7:da:22:df:13:c8:31:28:67:
                    b2:10:3d:2c:43:71:45:c4:b5:ba:90:63:1e:99:b0:
                    eb:1c:9c:f0:bb:d1:b1:f3:d5:cb:fd:3e:6d:fd:b8:
                    72:af:a4:fe:ac:c1:2f:bc:98:ed:1f:99:a8:68:2a:
                    19:6c:41:08:e8:5a:8b:67:0e:1b:a8:ed:86:b8:fb:
                    e6:5c:c8:63:46:7c:4a:87:52:8f:8b:c1:03:f9:29:
                    b9:6f:3c:86:6e:eb:d5:68:d8:47:61:28:b6:77:79:
                    cb:70:8f:4d:40:00:44:e9:15:68:12:3d:89:22:dc:
                    6f:9c:a2:f0:e3:59:00:3d:ec:c0:12:aa:3c:6b:fe:
                    55:35:97:e8:bb:35:ea:75:d5:81:11:17:ee:70:ff:
                    68:ee:0c:f9:74:1e:6f:6e:76:ce:d3:02:80:c6:8f:
                    d9:dc:f4:ef:8d:ec:34:f3:f3:0b:eb:c8:97:d5:39:
                    29:32:fd:ad:9a:46:54:77:02:25:8c:51:7a:57:e4:
                    0f:4d:1b:82:de:a2:76:b2:5c:48:a5:87:c5:f4:2b:
                    42:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:24:6E:80:1A:24:93:2C:5D:03:90:83:E6:7E:5E:90:A4:7A:D6:C0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSRugBokkyxdA5CD5n5ekKR61sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:fb:c9:b5:5e:ab:c9:f6:a3:d4:08:2c:30:82:5d:d1:39:e3:
         24:be:d2:53:3b:12:d2:82:e4:eb:e9:a6:79:57:a0:48:33:e6:
         db:b7:e9:33:74:4b:58:e3:87:0b:2e:44:71:27:a1:8e:66:a2:
         15:f9:1c:aa:c3:f9:0b:7d:a2:90:ba:bb:43:9b:b2:8c:0f:e2:
         65:7f:50:3d:0a:c5:64:1f:2f:e5:7f:f7:17:64:6c:1b:20:7e:
         4a:30:5d:5b:c4:13:69:c6:df:d5:8b:8c:64:01:92:8a:04:f0:
         c1:72:37:b7:43:8a:12:51:a5:86:05:e6:44:24:de:4a:1c:e8:
         6e:61:48:9f:19:db:0f:79:df:c9:3d:16:97:75:fc:75:c6:ac:
         ea:91:41:bc:7b:06:0c:05:1c:32:27:31:82:38:4e:13:5d:fd:
         c2:e9:de:05:45:00:0b:2e:e2:b3:00:16:3b:f4:45:a5:b4:f5:
         a1:4c:0d:07:3b:23:f1:41:9f:60:2a:86:58:eb:d6:a3:3c:b9:
         ad:72:eb:bb:65:ff:2f:dc:b7:ed:29:4e:7a:6c:f6:e5:ad:81:
         a8:e6:55:85:81:01:d7:a4:af:1c:37:71:78:c9:a9:53:9e:0e:
         56:c0:e1:23:65:c2:64:82:f0:52:99:48:87:88:4a:f7:e5:ec:
         6a:2d:8b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NpGvp+kLi01ZIiysvbFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTI0NmU4MDFhMjQ5MzJjNWQwMzkwODNlNjdlNWU5MGE0N2FkNmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ48gF6QZZMku6CHIZzC0LET8S8C
p0bhdl9XtUOmFVq2ScJVTQReN9GRLdjNTcRrkIfn2iLfE8gxKGeyED0sQ3FFxLW6
kGMembDrHJzwu9Gx89XL/T5t/bhyr6T+rMEvvJjtH5moaCoZbEEI6FqLZw4bqO2G
uPvmXMhjRnxKh1KPi8ED+Sm5bzyGbuvVaNhHYSi2d3nLcI9NQABE6RVoEj2JItxv
nKLw41kAPezAEqo8a/5VNZfouzXqddWBERfucP9o7gz5dB5vbnbO0wKAxo/Z3PTv
jew08/ML68iX1TkpMv2tmkZUdwIljFF6V+QPTRuC3qJ2slxIpYfF9CtClQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUkboAaJJMsXQOQg+Z+XpCketbAMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSlNSdWdCb2treXhkQTVDRDVuNWVrS1I2MXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSMQMA0G
CSqGSIb3DQEBCwUAA4IBAQB4+8m1XqvJ9qPUCCwwgl3ROeMkvtJTOxLSguTr6aZ5
V6BIM+bbt+kzdEtY44cLLkRxJ6GOZqIV+Ryqw/kLfaKQurtDm7KMD+Jlf1A9CsVk
Hy/lf/cXZGwbIH5KMF1bxBNpxt/Vi4xkAZKKBPDBcje3Q4oSUaWGBeZEJN5KHOhu
YUifGdsPed/JPRaXdfx1xqzqkUG8ewYMBRwyJzGCOE4TXf3C6d4FRQALLuKzABY7
9EWltPWhTA0HOyPxQZ9gKoZY69ajPLmtcuu7Zf8v3LftKU56bPblrYGo5lWFgQHX
pK8cN3F4yalTng5WwOEjZcJkgvBSmUiHiEr35exqLYsi
-----END CERTIFICATE-----