Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c4fdbc-3c88-40b5-8d75-cbf94a00cc83/1/JU1RYif1kqyuoZdNiRvXEpJ_s-4.roa
File:                     JU1RYif1kqyuoZdNiRvXEpJ_s-4.roa (raw, json)
Hash identifier:          /Fe0cxlTufp1asxfUt9CBTPwUKDoGIIj06a4nAdEAe0=
Subject key identifier:   25:4D:51:62:27:F5:92:AC:AE:A1:97:4D:89:1B:D7:12:92:7F:B3:EE
Certificate issuer:       /CN=72151a9a18c8a92b4b7678dc960cc2a1bb908051
Certificate serial:       018CC4246AC69B58CBB08FA0007BC0B93557
Authority key identifier: 72:15:1A:9A:18:C8:A9:2B:4B:76:78:DC:96:0C:C2:A1:BB:90:80:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/chUamhjIqStLdnjclgzCobuQgFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c4fdbc-3c88-40b5-8d75-cbf94a00cc83/1/JU1RYif1kqyuoZdNiRvXEpJ_s-4.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31081
IP address blocks:        193.28.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c4fdbc-3c88-40b5-8d75-cbf94a00cc83/1/chUamhjIqStLdnjclgzCobuQgFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c4fdbc-3c88-40b5-8d75-cbf94a00cc83/1/chUamhjIqStLdnjclgzCobuQgFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/chUamhjIqStLdnjclgzCobuQgFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6a:c6:9b:58:cb:b0:8f:a0:00:7b:c0:b9:35:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72151a9a18c8a92b4b7678dc960cc2a1bb908051
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=254d516227f592acaea1974d891bd712927fb3ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5d:80:73:79:35:3a:9a:c8:4a:37:d3:33:bd:
                    f3:48:09:27:83:77:9c:86:29:30:84:bb:e3:8f:68:
                    3b:1f:4b:14:c9:d3:8d:be:8a:39:1b:ad:49:02:43:
                    95:0c:e5:85:ee:df:fc:25:f3:17:21:60:f3:c8:a2:
                    68:fd:e3:2f:bf:35:be:91:6d:f2:8d:ee:7e:00:d4:
                    54:fa:35:bd:c7:aa:6c:d6:db:48:e8:7a:5f:dd:a6:
                    82:17:30:cb:26:e8:f4:f8:f7:09:ef:3b:08:b2:ec:
                    8e:10:6f:23:1f:d6:cd:35:70:b9:5b:e0:8f:50:45:
                    09:57:a1:5b:e6:57:5f:80:25:cc:1d:bf:74:af:8d:
                    d6:99:f8:c0:9b:e4:17:24:14:f5:98:19:4d:c6:39:
                    c2:e7:07:6b:8e:31:1c:f7:2a:7f:c4:9e:d5:36:72:
                    6d:32:71:fc:2a:9f:54:16:e0:e0:e4:c8:03:8b:8c:
                    ec:64:ba:3a:9b:ed:a8:fd:fd:98:79:f4:7a:f0:9f:
                    41:0e:94:ec:46:31:60:40:cb:f2:e4:dd:92:fb:5a:
                    ec:61:5c:d2:cb:b7:9b:23:0e:21:66:7f:7f:24:32:
                    d3:cb:82:25:d6:86:63:55:27:f2:21:19:2b:3c:ec:
                    dd:56:0c:11:fe:53:c3:4e:e3:ef:d8:37:75:a4:b0:
                    72:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4D:51:62:27:F5:92:AC:AE:A1:97:4D:89:1B:D7:12:92:7F:B3:EE
            X509v3 Authority Key Identifier:
                keyid:72:15:1A:9A:18:C8:A9:2B:4B:76:78:DC:96:0C:C2:A1:BB:90:80:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/chUamhjIqStLdnjclgzCobuQgFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c4fdbc-3c88-40b5-8d75-cbf94a00cc83/1/JU1RYif1kqyuoZdNiRvXEpJ_s-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c4fdbc-3c88-40b5-8d75-cbf94a00cc83/1/chUamhjIqStLdnjclgzCobuQgFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:70:d5:e6:f5:ec:46:92:63:29:49:07:6b:f6:73:0f:19:95:
         e9:34:0a:59:8b:c7:fe:bf:87:1f:ce:5b:06:6a:cb:0f:af:a1:
         cf:76:95:09:8b:7d:15:9d:b9:d2:fc:28:89:a8:9b:f3:21:8e:
         e6:f7:9f:9b:bd:97:a5:f1:c5:1c:d7:67:c7:1f:1d:85:6d:2f:
         fb:f0:3c:6c:8c:a0:f4:12:a8:f5:45:c8:80:1c:76:3d:15:f7:
         5a:f1:28:42:9a:74:be:ea:59:2e:bf:80:6c:55:b1:4b:53:e3:
         c9:81:67:25:12:36:a8:ce:a2:92:6d:82:ec:04:8e:a9:b0:1c:
         da:5d:37:85:27:ff:1b:4f:8b:35:a3:11:2d:a4:28:09:9e:83:
         2a:6d:15:84:fb:1d:f9:11:0f:1e:0a:34:5a:70:2f:ac:9e:12:
         80:19:95:d4:99:07:02:18:20:c5:b1:36:4a:e1:d4:b3:dd:8c:
         19:91:94:5b:90:e7:60:34:7a:9e:9d:a1:34:e2:79:ff:03:c0:
         57:51:ae:2b:91:59:3a:65:b3:72:aa:35:04:6e:81:3f:70:2a:
         3b:ba:c1:14:5f:9c:bd:3c:a3:0e:36:f5:fd:72:81:cb:3a:25:
         7f:c3:ad:88:9c:35:0d:55:12:01:f3:2e:01:ff:db:56:d8:21:
         0d:15:6f:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGrGm1jLsI+gAHvAuTVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMTUxYTlhMThjOGE5MmI0Yjc2NzhkYzk2MGNjMmExYmI5
MDgwNTEwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTRkNTE2MjI3ZjU5MmFjYWVhMTk3NGQ4OTFiZDcxMjkyN2ZiM2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgV2Ac3k1OprISjfTM73zSAkng3ec
hikwhLvjj2g7H0sUydONvoo5G61JAkOVDOWF7t/8JfMXIWDzyKJo/eMvvzW+kW3y
je5+ANRU+jW9x6ps1ttI6Hpf3aaCFzDLJuj0+PcJ7zsIsuyOEG8jH9bNNXC5W+CP
UEUJV6Fb5ldfgCXMHb90r43WmfjAm+QXJBT1mBlNxjnC5wdrjjEc9yp/xJ7VNnJt
MnH8Kp9UFuDg5MgDi4zsZLo6m+2o/f2YefR68J9BDpTsRjFgQMvy5N2S+1rsYVzS
y7ebIw4hZn9/JDLTy4Il1oZjVSfyIRkrPOzdVgwR/lPDTuPv2Dd1pLBybQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVNUWIn9ZKsrqGXTYkb1xKSf7PuMB8GA1UdIwQY
MBaAFHIVGpoYyKkrS3Z43JYMwqG7kIBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2hVYW1oaklxU3RMZG5qY2xnekNvYnVRZ0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jNGZkYmMtM2M4OC00MGI1LThkNzUt
Y2JmOTRhMDBjYzgzLzEvSlUxUllpZjFrcXl1b1pkTmlSdlhFcEpfcy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jNGZkYmMtM2M4OC00MGI1LThkNzUtY2JmOTRhMDBjYzgz
LzEvY2hVYW1oaklxU3RMZG5qY2xnekNvYnVRZ0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRz+MA0G
CSqGSIb3DQEBCwUAA4IBAQCWcNXm9exGkmMpSQdr9nMPGZXpNApZi8f+v4cfzlsG
assPr6HPdpUJi30VnbnS/CiJqJvzIY7m95+bvZel8cUc12fHHx2FbS/78DxsjKD0
Eqj1RciAHHY9Ffda8ShCmnS+6lkuv4BsVbFLU+PJgWclEjaozqKSbYLsBI6psBza
XTeFJ/8bT4s1oxEtpCgJnoMqbRWE+x35EQ8eCjRacC+snhKAGZXUmQcCGCDFsTZK
4dSz3YwZkZRbkOdgNHqenaE04nn/A8BXUa4rkVk6ZbNyqjUEboE/cCo7usEUX5y9
PKMONvX9coHLOiV/w62InDUNVRIB8y4B/9tW2CENFW+x
-----END CERTIFICATE-----