Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/JR_VjmMBk6bgF40nWrFnSxJQ78E.roa
File:                     JR_VjmMBk6bgF40nWrFnSxJQ78E.roa (raw, json)
Hash identifier:          72g/uuYNSdYDBILJJT1LFte3eoGHaJdDYkpXMQCeZCQ=
Subject key identifier:   25:1F:D5:8E:63:01:93:A6:E0:17:8D:27:5A:B1:67:4B:12:50:EF:C1
Certificate issuer:       /CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
Certificate serial:       018CC94D6649E789092E168C6BBE4D7F716C
Authority key identifier: 5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/JR_VjmMBk6bgF40nWrFnSxJQ78E.roa
Signing time:             Tue 02 Jan 2024 08:32:21 +0000
ROA not before:           Tue 02 Jan 2024 08:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57344
IP address blocks:        147.78.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:66:49:e7:89:09:2e:16:8c:6b:be:4d:7f:71:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
        Validity
            Not Before: Jan  2 08:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=251fd58e630193a6e0178d275ab1674b1250efc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:77:2b:97:a0:44:77:60:e3:8c:03:79:b6:
                    b4:f2:22:fa:f5:dd:63:c4:88:09:11:34:74:32:4d:
                    d5:1c:86:80:b6:1f:e8:26:1a:fb:91:d6:71:68:fd:
                    6d:2a:1a:c7:62:52:52:82:64:22:23:75:7e:7a:b6:
                    3e:44:c0:90:76:0f:a6:92:ae:d9:e5:3f:dd:b1:cb:
                    e4:5b:ff:42:2b:1b:3b:cb:a5:bb:6b:44:ea:e8:1d:
                    64:45:1a:fa:96:c5:6b:d2:e0:71:43:4b:51:02:d0:
                    01:71:83:d4:6e:6f:ec:a1:7c:ff:a2:b7:ff:fb:14:
                    42:5c:fb:d2:7f:ca:ff:60:ad:1b:17:b4:d5:cd:8a:
                    73:8b:72:01:d3:01:cd:83:0c:f5:c0:4b:fe:c9:6c:
                    26:df:7e:61:5c:36:4c:d0:a9:71:8d:49:88:15:ef:
                    d4:9d:95:4d:97:b8:2f:e6:99:eb:d1:62:48:12:05:
                    99:95:2a:89:e3:bf:90:0d:6a:1c:3a:42:8c:74:31:
                    aa:e2:de:90:89:ff:a4:78:02:bb:e1:9a:36:9f:6c:
                    29:ef:80:eb:32:43:df:e3:02:55:d1:fd:26:55:f8:
                    ff:f3:f0:eb:0d:fb:eb:d9:e9:a2:ce:5f:c5:ae:57:
                    54:bb:00:0d:32:5c:5f:b9:52:fd:07:b1:0e:c1:27:
                    e3:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:1F:D5:8E:63:01:93:A6:E0:17:8D:27:5A:B1:67:4B:12:50:EF:C1
            X509v3 Authority Key Identifier:
                keyid:5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/JR_VjmMBk6bgF40nWrFnSxJQ78E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:f7:9d:42:db:b8:36:ac:fc:b7:73:3b:dc:6c:6b:e4:0c:65:
         8e:08:38:91:e6:9d:43:f3:44:90:b0:84:bf:60:8c:76:33:24:
         24:72:9b:97:27:85:a4:db:00:3c:7e:54:5e:45:0f:4e:49:4a:
         cc:2d:e7:c7:17:c6:fd:85:e3:ab:7f:7e:6b:06:3b:9b:48:22:
         1f:1f:2b:b8:0e:90:4b:f1:e0:52:d8:cc:9d:71:05:3d:6a:fa:
         67:ba:34:06:a2:74:f5:61:fb:09:3f:6d:5e:02:45:55:39:c8:
         a7:6e:41:99:16:9a:08:80:e2:d9:d5:7e:72:b9:ce:70:d9:3c:
         27:0c:e0:2f:83:ef:7a:5b:2e:58:0f:02:7f:41:da:a6:54:4b:
         2f:12:59:44:5a:ec:79:0a:0a:fb:cd:44:36:6f:9e:07:51:22:
         e6:54:dd:73:40:60:23:33:f8:b9:af:fe:ca:64:0a:7c:bf:6b:
         13:71:34:81:95:23:61:54:fa:ff:a8:e2:ff:e0:aa:7b:49:c4:
         fe:42:7b:94:dd:e7:95:05:09:2c:0a:e2:7a:72:ff:4a:fe:ef:
         47:e4:3d:eb:ec:7b:cb:35:9e:49:d7:95:49:dc:e1:13:23:55:
         a1:25:cf:b0:05:50:88:0c:c6:36:e1:d4:0d:2a:ae:6e:5a:ae:
         1f:99:41:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTWZJ54kJLhaMa75Nf3FsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDY5ZDlmNzQ5NjMwZjAyNTZjZjBjZWFiNTg4MzZiNDkx
YTU4ZjYwHhcNMjQwMTAyMDgzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTFmZDU4ZTYzMDE5M2E2ZTAxNzhkMjc1YWIxNjc0YjEyNTBlZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnR3K5egRHdg44wDeba08iL69d1j
xIgJETR0Mk3VHIaAth/oJhr7kdZxaP1tKhrHYlJSgmQiI3V+erY+RMCQdg+mkq7Z
5T/dscvkW/9CKxs7y6W7a0Tq6B1kRRr6lsVr0uBxQ0tRAtABcYPUbm/soXz/orf/
+xRCXPvSf8r/YK0bF7TVzYpzi3IB0wHNgwz1wEv+yWwm335hXDZM0KlxjUmIFe/U
nZVNl7gv5pnr0WJIEgWZlSqJ47+QDWocOkKMdDGq4t6Qif+keAK74Zo2n2wp74Dr
MkPf4wJV0f0mVfj/8/DrDfvr2emizl/FrldUuwANMlxfuVL9B7EOwSfjIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUf1Y5jAZOm4BeNJ1qxZ0sSUO/BMB8GA1UdIwQY
MBaAFF3WnZ90ljDwJWzwzqtYg2tJGlj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWIt
ZjNmZDY0MzMxNzA5LzEvSlJfVmptTUJrNmJnRjQwbldyRm5TeEpRNzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWItZjNmZDY0MzMxNzA5
LzEvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk06NMA0G
CSqGSIb3DQEBCwUAA4IBAQBO951C27g2rPy3czvcbGvkDGWOCDiR5p1D80SQsIS/
YIx2MyQkcpuXJ4Wk2wA8flReRQ9OSUrMLefHF8b9heOrf35rBjubSCIfHyu4DpBL
8eBS2MydcQU9avpnujQGonT1YfsJP21eAkVVOcinbkGZFpoIgOLZ1X5yuc5w2Twn
DOAvg+96Wy5YDwJ/QdqmVEsvEllEWux5Cgr7zUQ2b54HUSLmVN1zQGAjM/i5r/7K
ZAp8v2sTcTSBlSNhVPr/qOL/4Kp7ScT+QnuU3eeVBQksCuJ6cv9K/u9H5D3r7HvL
NZ5J15VJ3OETI1WhJc+wBVCIDMY24dQNKq5uWq4fmUEh
-----END CERTIFICATE-----