Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/jjdw28z_7N6w_m0zUegD4r5cR8s.roa
File:                     jjdw28z_7N6w_m0zUegD4r5cR8s.roa (raw, json)
Hash identifier:          xKqIXx9bG5XcA77ms/dzxRyrQCmHbyyvgIZH7zo1Y4U=
Subject key identifier:   8E:37:70:DB:CC:FF:EC:DE:B0:FE:6D:33:51:E8:03:E2:BE:5C:47:CB
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649EBC96853273FD19C6AD32153AD9F
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/jjdw28z_7N6w_m0zUegD4r5cR8s.roa
Signing time:             Mon 01 Jan 2024 18:29:42 +0000
ROA not before:           Mon 01 Jan 2024 18:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202043
IP address blocks:        84.252.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:eb:c9:68:53:27:3f:d1:9c:6a:d3:21:53:ad:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e3770dbccffecdeb0fe6d3351e803e2be5c47cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:bb:45:59:03:55:aa:d4:01:b8:d4:ae:49:df:
                    b5:f7:f3:30:d9:82:9d:af:61:51:3c:4b:70:54:e7:
                    20:4f:e5:17:dc:05:13:a1:35:d5:08:cd:a0:4b:4a:
                    95:df:b3:44:c3:0c:f5:ba:fa:40:62:74:eb:ee:0f:
                    0b:8b:7a:6a:de:3e:1c:52:92:9f:05:3c:1b:b1:24:
                    29:72:ba:e7:00:de:29:76:c7:e5:d7:71:b2:8f:26:
                    f9:48:a5:06:59:9b:05:6e:fb:89:2a:88:dd:a6:01:
                    bf:54:00:de:5a:c3:10:ef:a1:26:ad:39:35:56:84:
                    70:25:46:69:2b:4c:87:ce:d5:8f:73:1f:42:88:70:
                    ba:c7:b5:02:23:d1:1b:cf:45:4e:00:d9:49:83:e9:
                    98:57:23:cb:fc:4c:19:23:f3:bd:73:a8:4a:f3:c8:
                    d4:38:6f:84:64:79:57:b0:d8:3e:fa:06:4d:03:18:
                    13:80:24:76:38:c8:3e:ca:2e:43:37:f6:8f:18:98:
                    5f:96:f1:78:2c:18:5d:30:c4:4f:dd:15:ca:31:bd:
                    4d:ce:e5:39:3a:48:1e:9c:bf:06:ff:1f:95:3c:a3:
                    7f:ef:1b:cf:c6:6e:c6:d6:54:65:81:5c:e6:5e:c3:
                    e7:a3:d6:b4:e0:b0:db:67:50:97:1a:10:54:a4:f8:
                    3b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:37:70:DB:CC:FF:EC:DE:B0:FE:6D:33:51:E8:03:E2:BE:5C:47:CB
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/jjdw28z_7N6w_m0zUegD4r5cR8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:5c:d7:62:4a:92:26:58:7e:5f:c3:13:6b:88:7f:38:8d:52:
         17:5d:16:6a:a0:10:b0:03:cf:fa:ca:e6:2e:43:be:33:a0:6c:
         1e:77:27:56:04:cb:ac:9f:8b:7b:0e:88:f6:10:5e:b6:a1:77:
         2c:3d:e2:ba:0e:9b:8e:1f:0c:c7:f5:30:ab:fd:b3:9f:2d:9d:
         17:39:05:fc:46:b9:a7:77:7a:ef:6a:48:0a:9c:21:09:df:7d:
         49:26:91:f8:5f:4d:ff:7b:b3:16:ee:73:b0:c4:7e:a6:24:3f:
         c7:c3:21:32:4e:9a:a8:6a:63:7b:d3:10:f4:94:78:72:b9:f1:
         23:e9:ad:75:ff:6d:88:ed:91:3a:70:7e:fd:d3:72:94:5c:ab:
         65:84:88:d0:6f:ac:82:a8:77:e1:fb:e3:43:5d:af:53:97:25:
         00:0a:3e:19:67:55:8f:65:a9:8b:70:3f:b4:d6:cf:33:d9:2b:
         34:2f:56:93:c7:35:16:a0:0f:b4:cf:b5:10:4d:a8:bf:28:f7:
         17:8f:1f:32:09:36:30:63:c0:00:6b:4e:60:f2:01:66:9b:af:
         ff:75:d2:dd:02:6a:fc:47:21:15:a1:c7:6f:d8:e3:36:ad:2b:
         18:55:f9:63:1c:a3:e9:95:36:3c:02:3c:1d:1b:f5:26:4e:02:
         e4:b4:0a:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSevJaFMnP9GcatMhU62fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTM3NzBkYmNjZmZlY2RlYjBmZTZkMzM1MWU4MDNlMmJlNWM0N2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rtFWQNVqtQBuNSuSd+19/Mw2YKd
r2FRPEtwVOcgT+UX3AUToTXVCM2gS0qV37NEwwz1uvpAYnTr7g8Li3pq3j4cUpKf
BTwbsSQpcrrnAN4pdsfl13Gyjyb5SKUGWZsFbvuJKojdpgG/VADeWsMQ76EmrTk1
VoRwJUZpK0yHztWPcx9CiHC6x7UCI9Ebz0VOANlJg+mYVyPL/EwZI/O9c6hK88jU
OG+EZHlXsNg++gZNAxgTgCR2OMg+yi5DN/aPGJhflvF4LBhdMMRP3RXKMb1NzuU5
OkgenL8G/x+VPKN/7xvPxm7G1lRlgVzmXsPno9a04LDbZ1CXGhBUpPg7zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI43cNvM/+zesP5tM1HoA+K+XEfLMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvampkdzI4el83TjZ3X20welVlZ0Q0cjVjUjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPw3MA0G
CSqGSIb3DQEBCwUAA4IBAQBhXNdiSpImWH5fwxNriH84jVIXXRZqoBCwA8/6yuYu
Q74zoGwedydWBMusn4t7Doj2EF62oXcsPeK6DpuOHwzH9TCr/bOfLZ0XOQX8Rrmn
d3rvakgKnCEJ331JJpH4X03/e7MW7nOwxH6mJD/HwyEyTpqoamN70xD0lHhyufEj
6a11/22I7ZE6cH7903KUXKtlhIjQb6yCqHfh++NDXa9TlyUACj4ZZ1WPZamLcD+0
1s8z2Ss0L1aTxzUWoA+0z7UQTai/KPcXjx8yCTYwY8AAa05g8gFmm6//ddLdAmr8
RyEVocdv2OM2rSsYVfljHKPplTY8AjwdG/UmTgLktApI
-----END CERTIFICATE-----