Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/JuF-Q2NkYL2QyBnqDQyhvBFjGNM.roa
File:                     JuF-Q2NkYL2QyBnqDQyhvBFjGNM.roa (raw, json)
Hash identifier:          WHSQ/Eq/u7C7zjl0bzeR5GbpFIlyRwEB1lN5Fec0NJs=
Subject key identifier:   26:E1:7E:43:63:64:60:BD:90:C8:19:EA:0D:0C:A1:BC:11:63:18:D3
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       018E9F1DA7D0F3DEE3F829D235BE43D2C53C
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/JuF-Q2NkYL2QyBnqDQyhvBFjGNM.roa
Signing time:             Tue 02 Apr 2024 14:01:44 +0000
ROA not before:           Tue 02 Apr 2024 14:01:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        45.151.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:1d:a7:d0:f3:de:e3:f8:29:d2:35:be:43:d2:c5:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Apr  2 14:01:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26e17e43636460bd90c819ea0d0ca1bc116318d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2f:d3:4e:13:12:5c:54:9d:f4:fd:59:bf:87:
                    d6:39:08:38:cd:12:3c:ab:76:3c:7b:04:dc:9d:37:
                    c2:e9:3a:a7:f1:16:8c:b8:9f:55:63:03:37:df:03:
                    c0:74:da:4f:23:3b:9d:cd:ee:a4:5b:1b:d8:3f:9f:
                    50:86:1a:8d:0e:da:92:73:90:90:ed:96:22:0b:fb:
                    12:ab:fc:8f:09:5e:2b:db:55:5a:b7:82:c6:e5:eb:
                    2c:8f:a1:a9:ef:2f:25:b2:a3:8f:62:1d:ab:0c:c0:
                    33:2d:d1:c3:28:84:62:73:8c:38:c5:51:da:55:ae:
                    c7:b3:08:e1:4b:7d:78:fc:59:fd:d3:12:c0:91:8b:
                    48:7c:ce:73:02:f1:02:03:e6:38:78:43:10:c5:2a:
                    53:08:23:0a:fa:1b:d9:48:3e:e1:f7:03:27:96:0f:
                    6b:66:f4:2d:b5:87:3f:69:f2:99:dd:66:2a:2d:e2:
                    9c:a3:bb:53:0f:b1:a7:ef:46:66:83:67:ca:39:3c:
                    8e:42:db:93:8c:08:1f:dd:a8:89:ac:8e:d5:15:2e:
                    0d:7b:b9:0e:7b:46:42:1c:d1:3c:f4:e6:ea:03:88:
                    b1:26:3d:c7:47:e9:46:b8:14:f2:d1:68:b0:65:ad:
                    f0:1c:7f:f1:f8:b8:6b:31:e1:63:c5:c0:9f:3a:55:
                    ce:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E1:7E:43:63:64:60:BD:90:C8:19:EA:0D:0C:A1:BC:11:63:18:D3
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/JuF-Q2NkYL2QyBnqDQyhvBFjGNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:4a:9d:3a:ac:71:19:8f:f8:70:e8:3a:7d:6a:41:b6:45:b1:
         b6:1b:6f:c9:55:34:02:49:a9:a1:a9:48:6b:90:54:92:8b:89:
         4c:62:ba:3e:2f:e3:1c:5d:2e:33:e0:b2:82:e4:8a:f8:d6:b2:
         25:76:3a:79:c2:1d:22:82:ce:c6:5d:d6:06:19:4a:65:0c:3e:
         05:9c:67:67:37:f7:20:98:9b:57:bd:32:8e:12:94:61:8c:ca:
         6b:0e:4c:8a:ef:cd:cd:64:be:ad:68:00:c0:c0:92:53:07:64:
         be:71:9c:0d:6d:22:20:e3:23:ca:d1:68:2c:b6:fa:fe:6d:d3:
         f8:8a:e6:5e:34:7c:92:ae:20:e5:72:71:94:f6:a3:e9:ec:58:
         4d:23:c4:b0:0d:95:87:e9:4c:4d:de:4e:d4:55:29:7c:5e:94:
         3f:48:a1:07:b7:bd:5f:e2:3c:1b:ee:8e:1c:ec:cc:a9:e6:f5:
         75:5f:da:fc:0a:5b:ab:ff:c8:1f:87:df:53:8c:24:62:90:f1:
         e3:ac:73:05:d0:b0:97:27:15:a1:1a:ec:e3:43:85:e3:5e:b9:
         42:0f:db:02:e6:68:28:35:47:82:53:99:14:25:c7:f3:4d:e5:
         82:0b:3b:09:74:f6:9c:c2:4d:e7:07:f5:d5:d0:e0:17:4b:11:
         e0:99:4b:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6fHafQ897j+CnSNb5D0sU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwNDAyMTQwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmUxN2U0MzYzNjQ2MGJkOTBjODE5ZWEwZDBjYTFiYzExNjMxOGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS/TThMSXFSd9P1Zv4fWOQg4zRI8
q3Y8ewTcnTfC6Tqn8RaMuJ9VYwM33wPAdNpPIzudze6kWxvYP59QhhqNDtqSc5CQ
7ZYiC/sSq/yPCV4r21Vat4LG5essj6Gp7y8lsqOPYh2rDMAzLdHDKIRic4w4xVHa
Va7HswjhS314/Fn90xLAkYtIfM5zAvECA+Y4eEMQxSpTCCMK+hvZSD7h9wMnlg9r
ZvQttYc/afKZ3WYqLeKco7tTD7Gn70Zmg2fKOTyOQtuTjAgf3aiJrI7VFS4Ne7kO
e0ZCHNE89ObqA4ixJj3HR+lGuBTy0WiwZa3wHH/x+LhrMeFjxcCfOlXOmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbhfkNjZGC9kMgZ6g0MobwRYxjTMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvSnVGLVEyTmtZTDJReUJucURReWh2QkZqR05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZcdMA0G
CSqGSIb3DQEBCwUAA4IBAQCPSp06rHEZj/hw6Dp9akG2RbG2G2/JVTQCSamhqUhr
kFSSi4lMYro+L+McXS4z4LKC5Ir41rIldjp5wh0igs7GXdYGGUplDD4FnGdnN/cg
mJtXvTKOEpRhjMprDkyK783NZL6taADAwJJTB2S+cZwNbSIg4yPK0Wgstvr+bdP4
iuZeNHySriDlcnGU9qPp7FhNI8SwDZWH6UxN3k7UVSl8XpQ/SKEHt71f4jwb7o4c
7Myp5vV1X9r8Clur/8gfh99TjCRikPHjrHMF0LCXJxWhGuzjQ4XjXrlCD9sC5mgo
NUeCU5kUJcfzTeWCCzsJdPacwk3nB/XV0OAXSxHgmUtw
-----END CERTIFICATE-----