Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JiV9QArs2qH7ImBc1hkWU5R0q10.roa
File:                     JiV9QArs2qH7ImBc1hkWU5R0q10.roa (raw, json)
Hash identifier:          /pfA8ca1m9qlT5eyo0bMEkBnE4Z9drtwQYeGOV/j/nQ=
Subject key identifier:   26:25:7D:40:0A:EC:DA:A1:FB:22:60:5C:D6:19:16:53:94:74:AB:5D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D1C3FFD05F067152994C4B3EAFE53B821
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JiV9QArs2qH7ImBc1hkWU5R0q10.roa
Signing time:             Thu 18 Jan 2024 11:06:11 +0000
ROA not before:           Thu 18 Jan 2024 11:06:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201178
IP address blocks:        193.148.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:3f:fd:05:f0:67:15:29:94:c4:b3:ea:fe:53:b8:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 18 11:06:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26257d400aecdaa1fb22605cd61916539474ab5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:47:97:e2:58:67:15:c7:07:22:80:e7:8a:3e:
                    15:27:0d:19:d6:2d:4a:0a:09:9f:1f:69:75:d2:fa:
                    ce:35:41:dd:85:c7:5c:90:00:be:54:da:7d:5c:aa:
                    a8:ad:e5:94:f8:fe:42:f3:24:ae:63:64:0e:5d:7e:
                    c2:8b:57:85:15:9d:8b:0c:67:19:c4:05:a6:d4:14:
                    55:12:09:39:7f:cd:19:78:9e:9a:d5:71:60:ca:94:
                    8e:2a:a2:bc:66:7f:3f:55:09:fd:11:ae:67:09:81:
                    07:7a:28:3a:af:bd:c0:9a:97:32:ad:3e:6b:ec:9e:
                    65:ae:40:a8:a4:fd:ad:96:f8:ca:d5:1a:2d:42:8e:
                    22:9d:e6:54:f9:83:bc:4b:12:ff:25:5f:91:4f:46:
                    9c:6f:1a:dc:f3:f7:5b:3b:6c:b2:2d:0e:d8:ea:8f:
                    06:68:66:29:4f:e5:c9:fc:17:21:04:4d:3c:24:37:
                    cb:33:7f:cf:a8:9e:d7:6b:21:85:2e:d9:40:67:a2:
                    c5:81:af:e3:52:7f:29:7f:d1:f0:06:14:8f:d8:23:
                    ac:1c:d1:d3:74:72:e4:72:32:0e:83:15:8d:19:dd:
                    2e:d1:0e:74:25:4f:9e:8a:c6:a3:a5:ef:03:cd:2a:
                    d2:04:b6:92:ce:a6:a6:1c:6f:37:ae:3b:07:9f:b2:
                    92:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:25:7D:40:0A:EC:DA:A1:FB:22:60:5C:D6:19:16:53:94:74:AB:5D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JiV9QArs2qH7ImBc1hkWU5R0q10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:f6:ae:9d:35:7e:ce:91:36:d2:11:05:9d:c6:10:4a:32:19:
         34:ff:30:02:16:25:1c:32:4e:ff:63:55:4a:28:9e:1c:24:ec:
         2d:c5:29:63:8d:83:44:70:15:d5:ab:16:2c:93:66:b6:23:0d:
         c6:3e:24:6b:07:c2:9c:1a:a9:5e:07:97:88:0f:6d:67:ae:85:
         fe:35:93:43:d4:cf:1e:f5:0e:7a:cb:b4:e8:68:cd:e0:f4:92:
         eb:2f:b0:70:d7:72:fe:c4:7c:30:58:57:e4:e0:a4:8d:15:9d:
         25:13:08:66:10:26:4d:c4:99:65:07:fc:41:d4:36:6f:9a:29:
         78:69:b9:19:dd:eb:d3:dc:ec:1a:e4:47:38:33:b2:7a:a5:35:
         16:ba:79:82:12:d8:35:cc:d7:a0:42:8b:0b:6e:e5:1f:35:67:
         88:31:f4:e0:c9:5c:e1:3d:e3:85:50:80:d9:39:b2:fa:08:0b:
         2c:da:44:4c:a7:03:92:32:af:56:c6:e6:ea:fb:a5:90:5e:de:
         8b:a4:c8:7d:cf:15:a0:7c:04:dc:b4:a5:ed:14:00:b9:36:e3:
         ac:1f:7c:da:cf:57:1b:05:a9:82:aa:4b:4d:fb:7f:71:62:07:
         2e:73:4e:53:d5:01:b2:d4:a7:f6:8f:8b:47:1b:08:0d:dc:09:
         18:82:d4:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0cP/0F8GcVKZTEs+r+U7ghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTE4MTEwNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjI1N2Q0MDBhZWNkYWExZmIyMjYwNWNkNjE5MTY1Mzk0NzRhYjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0eX4lhnFccHIoDnij4VJw0Z1i1K
CgmfH2l10vrONUHdhcdckAC+VNp9XKqoreWU+P5C8ySuY2QOXX7Ci1eFFZ2LDGcZ
xAWm1BRVEgk5f80ZeJ6a1XFgypSOKqK8Zn8/VQn9Ea5nCYEHeig6r73AmpcyrT5r
7J5lrkCopP2tlvjK1RotQo4ineZU+YO8SxL/JV+RT0acbxrc8/dbO2yyLQ7Y6o8G
aGYpT+XJ/BchBE08JDfLM3/PqJ7XayGFLtlAZ6LFga/jUn8pf9HwBhSP2COsHNHT
dHLkcjIOgxWNGd0u0Q50JU+eisajpe8DzSrSBLaSzqamHG83rjsHn7KSBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYlfUAK7Nqh+yJgXNYZFlOUdKtdMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSmlWOVFBcnMycUg3SW1CYzFoa1dVNVIwcTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZT8MA0G
CSqGSIb3DQEBCwUAA4IBAQCy9q6dNX7OkTbSEQWdxhBKMhk0/zACFiUcMk7/Y1VK
KJ4cJOwtxSljjYNEcBXVqxYsk2a2Iw3GPiRrB8KcGqleB5eID21nroX+NZND1M8e
9Q56y7ToaM3g9JLrL7Bw13L+xHwwWFfk4KSNFZ0lEwhmECZNxJllB/xB1DZvmil4
abkZ3evT3Owa5Ec4M7J6pTUWunmCEtg1zNegQosLbuUfNWeIMfTgyVzhPeOFUIDZ
ObL6CAss2kRMpwOSMq9Wxubq+6WQXt6LpMh9zxWgfATctKXtFAC5NuOsH3zaz1cb
BamCqktN+39xYgcuc05T1QGy1Kf2j4tHGwgN3AkYgtRz
-----END CERTIFICATE-----