Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/JxGxWwhWJJveUjorLHDqY8PJtoA.roa
File:                     JxGxWwhWJJveUjorLHDqY8PJtoA.roa (raw, json)
Hash identifier:          4O0VsVTm0PnYsYox9azJ2xQIqRtchbl89s2Yjw6CpoU=
Subject key identifier:   27:11:B1:5B:08:56:24:9B:DE:52:3A:2B:2C:70:EA:63:C3:C9:B6:80
Certificate issuer:       /CN=232872f431ada9b6826c5f0897ec4e5342092e98
Certificate serial:       0191C7B2640D28BFE0AD2B9FCE5F05D35F02
Authority key identifier: 23:28:72:F4:31:AD:A9:B6:82:6C:5F:08:97:EC:4E:53:42:09:2E:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/JxGxWwhWJJveUjorLHDqY8PJtoA.roa
Signing time:             Fri 06 Sep 2024 14:17:22 +0000
ROA not before:           Fri 06 Sep 2024 14:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        185.201.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c7:b2:64:0d:28:bf:e0:ad:2b:9f:ce:5f:05:d3:5f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=232872f431ada9b6826c5f0897ec4e5342092e98
        Validity
            Not Before: Sep  6 14:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2711b15b0856249bde523a2b2c70ea63c3c9b680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:44:05:0e:9e:6f:51:9c:2f:3f:ac:84:56:fb:
                    94:11:dc:24:63:2a:f9:df:91:b6:55:76:55:e6:46:
                    6a:90:fa:19:39:6d:a6:c9:ee:8d:8b:86:71:bb:25:
                    46:3b:ee:95:8c:be:b0:a1:ee:56:d5:77:47:f5:d0:
                    de:04:e6:f6:3b:bf:81:65:3a:8b:4c:26:a5:16:dd:
                    01:50:3d:d0:e7:78:57:91:a9:8b:04:a2:c2:b5:09:
                    0a:bf:8a:d9:1c:46:28:ab:b7:be:02:29:db:bf:bb:
                    40:cf:a3:e7:79:e9:1f:ed:85:0c:6c:aa:a2:11:28:
                    de:32:aa:f4:02:63:c6:f3:66:6a:b8:1a:87:33:1f:
                    ea:bc:b5:d5:46:5e:a9:eb:f2:3d:f0:fc:d2:30:60:
                    7f:c3:71:31:30:7a:9a:af:c2:a2:fd:6a:92:e8:9b:
                    2c:78:39:66:e5:9b:9e:0e:ef:3d:35:f2:42:0d:33:
                    64:15:5f:a7:16:e9:6f:e7:1f:d8:e7:e2:45:43:82:
                    74:38:97:8e:c1:84:ec:10:44:9d:6f:7d:12:1b:f6:
                    fa:ce:89:77:d4:9b:7f:54:e0:34:47:b0:b9:4b:a4:
                    e8:f1:71:1e:c0:01:03:75:6f:c6:ae:6f:2d:1d:6c:
                    3e:87:2a:c5:09:9b:eb:61:93:50:42:37:4a:12:69:
                    7c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:11:B1:5B:08:56:24:9B:DE:52:3A:2B:2C:70:EA:63:C3:C9:B6:80
            X509v3 Authority Key Identifier:
                keyid:23:28:72:F4:31:AD:A9:B6:82:6C:5F:08:97:EC:4E:53:42:09:2E:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/JxGxWwhWJJveUjorLHDqY8PJtoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:7b:a7:98:50:66:12:e8:c4:f1:92:7a:38:4c:12:7b:08:bf:
         f7:fc:b8:db:3c:b3:77:9a:60:ed:60:79:d1:83:dc:9a:d9:5f:
         3a:0d:b4:65:ac:87:f3:fc:d1:23:5a:d4:13:bb:79:5f:9b:e9:
         70:83:ad:04:31:3f:bd:65:8c:8a:b4:8c:0b:97:bc:5a:ed:0b:
         dc:aa:6e:c3:74:05:ac:03:5f:63:5a:6f:ab:ce:e1:5b:81:b3:
         e0:e4:4a:cb:59:52:9b:a1:1a:b1:39:e9:56:37:dc:2e:de:c7:
         0e:66:96:e0:19:8c:b3:75:86:8a:e6:ff:ca:ed:59:7f:07:e7:
         90:ae:08:f3:5f:1e:38:39:0c:55:16:eb:7b:69:c1:f6:9f:58:
         20:15:e6:85:b1:b5:5c:5a:fe:1b:db:77:b1:b2:3a:25:6f:33:
         df:d8:48:83:18:00:d1:fd:51:a3:74:89:d2:c7:f6:7d:26:7a:
         d2:55:6d:8d:dd:bb:c0:40:f9:18:aa:fe:27:29:dd:57:e6:dd:
         cd:ab:2f:ba:a4:73:ee:84:8e:f1:02:28:11:e8:9a:ce:60:5c:
         b8:cc:98:4b:f3:2f:98:45:dc:8f:26:4f:e8:3a:34:2d:37:bb:
         f4:51:a0:e2:31:b8:ed:dd:16:3f:ec:5c:d2:e1:22:01:a6:de:
         19:9a:50:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHHsmQNKL/grSufzl8F018CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjg3MmY0MzFhZGE5YjY4MjZjNWYwODk3ZWM0ZTUzNDIw
OTJlOTgwHhcNMjQwOTA2MTQxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzExYjE1YjA4NTYyNDliZGU1MjNhMmIyYzcwZWE2M2MzYzliNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEQFDp5vUZwvP6yEVvuUEdwkYyr5
35G2VXZV5kZqkPoZOW2mye6Ni4ZxuyVGO+6VjL6woe5W1XdH9dDeBOb2O7+BZTqL
TCalFt0BUD3Q53hXkamLBKLCtQkKv4rZHEYoq7e+Ainbv7tAz6Pneekf7YUMbKqi
ESjeMqr0AmPG82ZquBqHMx/qvLXVRl6p6/I98PzSMGB/w3ExMHqar8Ki/WqS6Jss
eDlm5ZueDu89NfJCDTNkFV+nFulv5x/Y5+JFQ4J0OJeOwYTsEESdb30SG/b6zol3
1Jt/VOA0R7C5S6To8XEewAEDdW/Grm8tHWw+hyrFCZvrYZNQQjdKEml8ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcRsVsIViSb3lI6Kyxw6mPDybaAMB8GA1UdIwQY
MBaAFCMocvQxram2gmxfCJfsTlNCCS6YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXloeTlER3RxYmFDYkY4SWwteE9VMElKTHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83NDcyZjktYjQwMy00MmUwLWIzMDYt
NzFhYTYzMTI1MTI4LzEvSnhHeFd3aFdKSnZlVWpvckxIRHFZOFBKdG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83NDcyZjktYjQwMy00MmUwLWIzMDYtNzFhYTYzMTI1MTI4
LzEvSXloeTlER3RxYmFDYkY4SWwteE9VMElKTHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucljMA0G
CSqGSIb3DQEBCwUAA4IBAQCHe6eYUGYS6MTxkno4TBJ7CL/3/LjbPLN3mmDtYHnR
g9ya2V86DbRlrIfz/NEjWtQTu3lfm+lwg60EMT+9ZYyKtIwLl7xa7Qvcqm7DdAWs
A19jWm+rzuFbgbPg5ErLWVKboRqxOelWN9wu3scOZpbgGYyzdYaK5v/K7Vl/B+eQ
rgjzXx44OQxVFut7acH2n1ggFeaFsbVcWv4b23exsjolbzPf2EiDGADR/VGjdInS
x/Z9JnrSVW2N3bvAQPkYqv4nKd1X5t3Nqy+6pHPuhI7xAigR6JrOYFy4zJhL8y+Y
RdyPJk/oOjQtN7v0UaDiMbjt3RY/7FzS4SIBpt4ZmlB4
-----END CERTIFICATE-----