Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jfwf3-7mRn8bblW2_CcxDv3lrsA.roa
File:                     jfwf3-7mRn8bblW2_CcxDv3lrsA.roa (raw, json)
Hash identifier:          HeNc0scCM3oYjXEKiwdG/18R1n0dyCH8xnY/zGH0v6s=
Subject key identifier:   8D:FC:1F:DF:EE:E6:46:7F:1B:6E:55:B6:FC:27:31:0E:FD:E5:AE:C0
Certificate issuer:       /CN=8c20753dd51633aa2e17a92c59f4c4845d876cd3
Certificate serial:       018CC3491907A1E8A68A9DD6594BAD11B40A
Authority key identifier: 8C:20:75:3D:D5:16:33:AA:2E:17:A9:2C:59:F4:C4:84:5D:87:6C:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jCB1PdUWM6ouF6ksWfTEhF2HbNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jfwf3-7mRn8bblW2_CcxDv3lrsA.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202081
IP address blocks:        91.222.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jCB1PdUWM6ouF6ksWfTEhF2HbNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jCB1PdUWM6ouF6ksWfTEhF2HbNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jCB1PdUWM6ouF6ksWfTEhF2HbNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:19:07:a1:e8:a6:8a:9d:d6:59:4b:ad:11:b4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c20753dd51633aa2e17a92c59f4c4845d876cd3
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dfc1fdfeee6467f1b6e55b6fc27310efde5aec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6f:7e:fa:d2:0b:2a:27:fc:ab:3b:9f:04:a7:
                    2a:3b:76:b6:05:a0:b9:96:0f:72:fe:c6:a2:14:0e:
                    5f:79:49:ff:3c:be:c0:01:99:14:25:5f:46:52:fe:
                    03:74:a4:56:e6:54:99:0b:f1:ba:d3:e6:17:36:de:
                    bc:59:6f:36:b9:ad:ec:a8:e8:27:24:27:50:b6:33:
                    66:13:b8:99:43:27:2f:88:f0:38:ac:97:74:fb:c5:
                    b6:46:13:ae:6a:e3:a6:1a:f8:87:fb:a4:ca:22:b7:
                    54:ae:a7:e7:af:95:86:b2:60:e2:ce:35:ad:94:bd:
                    45:4a:e2:0f:56:b9:d3:01:d2:ab:a5:68:28:13:c3:
                    0d:c3:43:b9:da:e4:21:8f:8b:fc:30:d4:46:dd:22:
                    88:71:0b:cf:f2:1b:af:d8:cc:b5:0a:ce:fc:cc:2e:
                    42:30:c4:d0:25:80:f2:ac:48:6d:df:fe:13:94:91:
                    a8:02:b6:c1:53:8c:61:e3:4a:aa:c4:e5:ed:75:04:
                    1b:9e:06:cb:92:a2:bd:67:59:01:a4:91:a8:df:23:
                    a1:f9:3e:6d:ba:4e:6c:3a:69:37:12:5a:d9:f9:28:
                    b6:84:10:c9:7c:90:0d:cc:53:3a:b9:12:41:d7:e5:
                    c7:5a:e4:45:3f:40:bd:c7:08:49:38:68:d6:72:58:
                    73:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:FC:1F:DF:EE:E6:46:7F:1B:6E:55:B6:FC:27:31:0E:FD:E5:AE:C0
            X509v3 Authority Key Identifier:
                keyid:8C:20:75:3D:D5:16:33:AA:2E:17:A9:2C:59:F4:C4:84:5D:87:6C:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jCB1PdUWM6ouF6ksWfTEhF2HbNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jfwf3-7mRn8bblW2_CcxDv3lrsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jCB1PdUWM6ouF6ksWfTEhF2HbNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:dd:73:c2:0c:11:0d:d6:0a:cb:15:53:ac:3d:fa:5c:8f:17:
         89:6c:b6:8e:b1:f5:8d:b6:db:29:87:f7:93:d1:79:7d:0d:b5:
         a7:67:3b:46:cf:e2:7b:ff:07:38:58:a8:20:a3:27:8a:5c:31:
         70:bc:44:c0:fc:d5:82:9b:10:00:a9:be:d6:ff:d4:c3:94:b6:
         41:d4:ca:b0:d5:2c:e2:5e:0b:df:16:28:31:19:ae:0c:c8:e3:
         7b:b4:1e:86:44:05:43:15:18:49:aa:89:1c:79:ea:44:b9:26:
         f7:16:e2:cc:ab:c2:da:18:f6:58:c5:b1:d2:ca:eb:21:45:bd:
         17:0d:ad:1d:19:b6:f5:70:c9:4c:55:68:c0:f1:33:52:3f:cf:
         c2:73:47:7c:8b:f6:a1:ac:98:1a:55:a2:64:f6:b3:d1:57:7f:
         90:72:50:46:46:54:65:9c:e4:70:98:e6:0c:05:5a:dd:8d:be:
         f3:a4:f2:dc:02:09:07:ca:ed:48:71:1f:35:a6:96:6f:07:d7:
         30:d4:7c:da:4a:1e:b2:51:78:cd:60:66:d5:ff:a4:2d:42:8f:
         46:3f:25:1e:2c:90:f0:f8:26:ec:68:f6:d0:6b:25:19:cd:2b:
         2f:36:18:e8:0b:55:40:1e:a9:aa:89:9f:b5:e7:95:c1:aa:8a:
         44:d5:dd:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRkHoeimip3WWUutEbQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMjA3NTNkZDUxNjMzYWEyZTE3YTkyYzU5ZjRjNDg0NWQ4
NzZjZDMwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGZjMWZkZmVlZTY0NjdmMWI2ZTU1YjZmYzI3MzEwZWZkZTVhZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmG9++tILKif8qzufBKcqO3a2BaC5
lg9y/saiFA5feUn/PL7AAZkUJV9GUv4DdKRW5lSZC/G60+YXNt68WW82ua3sqOgn
JCdQtjNmE7iZQycviPA4rJd0+8W2RhOuauOmGviH+6TKIrdUrqfnr5WGsmDizjWt
lL1FSuIPVrnTAdKrpWgoE8MNw0O52uQhj4v8MNRG3SKIcQvP8huv2My1Cs78zC5C
MMTQJYDyrEht3/4TlJGoArbBU4xh40qqxOXtdQQbngbLkqK9Z1kBpJGo3yOh+T5t
uk5sOmk3ElrZ+Si2hBDJfJANzFM6uRJB1+XHWuRFP0C9xwhJOGjWclhzUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI38H9/u5kZ/G25VtvwnMQ795a7AMB8GA1UdIwQY
MBaAFIwgdT3VFjOqLhepLFn0xIRdh2zTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakNCMVBkVVdNNm91RjZrc1dmVEVoRjJIYk5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS81YzNjZmEtYTM2My00MGE0LWJmYTYt
YzI5YmViMWE0NzM0LzEvamZ3ZjMtN21SbjhiYmxXMl9DY3hEdjNscnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS81YzNjZmEtYTM2My00MGE0LWJmYTYtYzI5YmViMWE0NzM0
LzEvakNCMVBkVVdNNm91RjZrc1dmVEVoRjJIYk5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW965MA0G
CSqGSIb3DQEBCwUAA4IBAQCV3XPCDBEN1grLFVOsPfpcjxeJbLaOsfWNttsph/eT
0Xl9DbWnZztGz+J7/wc4WKggoyeKXDFwvETA/NWCmxAAqb7W/9TDlLZB1Mqw1Szi
XgvfFigxGa4MyON7tB6GRAVDFRhJqokceepEuSb3FuLMq8LaGPZYxbHSyushRb0X
Da0dGbb1cMlMVWjA8TNSP8/Cc0d8i/ahrJgaVaJk9rPRV3+QclBGRlRlnORwmOYM
BVrdjb7zpPLcAgkHyu1IcR81ppZvB9cw1HzaSh6yUXjNYGbV/6QtQo9GPyUeLJDw
+CbsaPbQayUZzSsvNhjoC1VAHqmqiZ+155XBqopE1d3R
-----END CERTIFICATE-----