Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/jysR34Nn_7IW6TD-7bURNwZeybs.roa
File:                     jysR34Nn_7IW6TD-7bURNwZeybs.roa (raw, json)
Hash identifier:          dZDT8teH1IR4iQkhd0TzyXeXjlJTfccxLh78d5zgw2s=
Subject key identifier:   8F:2B:11:DF:83:67:FF:B2:16:E9:30:FE:ED:B5:11:37:06:5E:C9:BB
Certificate issuer:       /CN=d03c73b60f2103ee3b2a2c3cbe920e212a92ee65
Certificate serial:       018FC503A9B023628CB6D96F2FACF2C3FE7A
Authority key identifier: D0:3C:73:B6:0F:21:03:EE:3B:2A:2C:3C:BE:92:0E:21:2A:92:EE:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Dxztg8hA-47Kiw8vpIOISqS7mU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/jysR34Nn_7IW6TD-7bURNwZeybs.roa
Signing time:             Wed 29 May 2024 15:41:42 +0000
ROA not before:           Wed 29 May 2024 15:41:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215133
IP address blocks:        193.200.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/0Dxztg8hA-47Kiw8vpIOISqS7mU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/0Dxztg8hA-47Kiw8vpIOISqS7mU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Dxztg8hA-47Kiw8vpIOISqS7mU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c5:03:a9:b0:23:62:8c:b6:d9:6f:2f:ac:f2:c3:fe:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d03c73b60f2103ee3b2a2c3cbe920e212a92ee65
        Validity
            Not Before: May 29 15:41:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f2b11df8367ffb216e930feedb51137065ec9bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:25:04:a1:e7:3e:c2:c3:7c:83:69:99:24:87:
                    ce:60:48:9d:f6:ba:65:e2:1c:94:c6:2b:4e:fb:15:
                    83:68:39:a3:b2:fd:fc:02:68:7d:57:db:4e:17:4b:
                    40:98:c4:d6:51:d7:1b:bb:af:a3:13:f4:85:75:b4:
                    67:72:5d:15:96:67:68:bc:90:41:62:30:b0:57:86:
                    39:bc:a9:fb:19:51:a4:f9:41:3d:68:ef:9a:cd:76:
                    0c:80:33:8d:ee:d8:80:5f:45:74:5c:6e:dd:47:1c:
                    5e:05:8b:4d:1b:7e:06:e6:b8:89:bd:24:fc:6f:b9:
                    1d:8e:27:8a:5e:ed:7a:fe:25:58:27:0d:2f:a7:e5:
                    1d:34:9f:8a:5b:4e:8c:76:e6:01:e7:93:01:64:cc:
                    a0:d6:22:0d:fb:dd:5f:ab:e5:c3:11:d8:20:7a:29:
                    74:ff:1f:dd:86:eb:76:29:25:c3:93:23:67:02:e8:
                    5b:31:f6:c5:95:ee:cd:c9:5b:85:6b:67:b2:ab:19:
                    bc:ef:40:88:7b:ac:09:fc:d3:48:fd:d7:34:89:28:
                    59:e5:f7:f9:dd:22:c8:3f:a7:d2:cd:e2:d0:8c:77:
                    54:65:75:33:63:53:7c:04:29:09:38:40:c7:a3:5b:
                    9f:4c:1a:af:d1:37:18:c4:ef:90:72:b6:3e:45:05:
                    23:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:2B:11:DF:83:67:FF:B2:16:E9:30:FE:ED:B5:11:37:06:5E:C9:BB
            X509v3 Authority Key Identifier:
                keyid:D0:3C:73:B6:0F:21:03:EE:3B:2A:2C:3C:BE:92:0E:21:2A:92:EE:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Dxztg8hA-47Kiw8vpIOISqS7mU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/jysR34Nn_7IW6TD-7bURNwZeybs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/0Dxztg8hA-47Kiw8vpIOISqS7mU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:9e:95:a7:14:da:96:a1:30:98:5c:49:6f:df:8f:c3:1a:c7:
         fc:84:10:2b:03:3d:87:c0:66:84:dc:0a:11:eb:6c:05:8e:d9:
         b8:06:a6:23:33:d2:9a:de:ac:e8:bb:86:8a:95:9a:05:f9:3e:
         a1:2a:15:cc:f7:39:a7:66:45:7d:36:52:52:fe:10:03:e0:c7:
         cb:db:aa:93:2a:39:b1:8a:f3:a6:02:be:de:80:bf:7f:88:1d:
         97:b4:d7:ff:16:e6:96:d1:23:7e:44:5a:89:5d:39:1a:4a:94:
         89:7e:f5:31:3c:ad:13:97:88:ea:5f:a1:fa:ca:f3:b4:97:6a:
         72:92:dd:01:a7:3d:5e:f0:8f:54:e5:5c:e7:10:c9:78:19:a7:
         c5:bc:74:8a:fa:30:b8:34:c7:c4:ad:ce:ad:61:9e:64:8f:0c:
         f3:6d:ab:9f:fd:84:d1:81:51:46:d9:59:02:0f:54:de:e7:2b:
         f3:69:86:ab:86:98:7b:47:af:2b:7b:45:b8:72:b7:2d:e8:63:
         57:6a:75:f2:bf:14:7c:b0:c8:dd:27:1b:2a:a1:42:0f:85:88:
         28:f1:d1:9f:4b:97:ff:99:c2:89:49:3a:8b:cc:80:5a:f4:e6:
         c8:f3:d5:c8:b4:c6:0a:41:ad:1f:97:61:12:71:b3:62:bb:2c:
         ec:7d:bf:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/FA6mwI2KMttlvL6zyw/56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwM2M3M2I2MGYyMTAzZWUzYjJhMmMzY2JlOTIwZTIxMmE5
MmVlNjUwHhcNMjQwNTI5MTU0MTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjJiMTFkZjgzNjdmZmIyMTZlOTMwZmVlZGI1MTEzNzA2NWVjOWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiUEoec+wsN8g2mZJIfOYEid9rpl
4hyUxitO+xWDaDmjsv38Amh9V9tOF0tAmMTWUdcbu6+jE/SFdbRncl0VlmdovJBB
YjCwV4Y5vKn7GVGk+UE9aO+azXYMgDON7tiAX0V0XG7dRxxeBYtNG34G5riJvST8
b7kdjieKXu16/iVYJw0vp+UdNJ+KW06MduYB55MBZMyg1iIN+91fq+XDEdggeil0
/x/dhut2KSXDkyNnAuhbMfbFle7NyVuFa2eyqxm870CIe6wJ/NNI/dc0iShZ5ff5
3SLIP6fSzeLQjHdUZXUzY1N8BCkJOEDHo1ufTBqv0TcYxO+QcrY+RQUj4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8rEd+DZ/+yFukw/u21ETcGXsm7MB8GA1UdIwQY
MBaAFNA8c7YPIQPuOyosPL6SDiEqku5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMER4enRnOGhBLTQ3S2l3OHZwSU9JU3FTN21VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wMTExMzItZWFlMy00ZTlkLWI2ZjAt
NDZmMDA0YTE5NTkxLzEvanlzUjM0Tm5fN0lXNlRELTdiVVJOd1pleWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wMTExMzItZWFlMy00ZTlkLWI2ZjAtNDZmMDA0YTE5NTkx
LzEvMER4enRnOGhBLTQ3S2l3OHZwSU9JU3FTN21VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwchOMA0G
CSqGSIb3DQEBCwUAA4IBAQCEnpWnFNqWoTCYXElv34/DGsf8hBArAz2HwGaE3AoR
62wFjtm4BqYjM9Ka3qzou4aKlZoF+T6hKhXM9zmnZkV9NlJS/hAD4MfL26qTKjmx
ivOmAr7egL9/iB2XtNf/FuaW0SN+RFqJXTkaSpSJfvUxPK0Tl4jqX6H6yvO0l2py
kt0Bpz1e8I9U5VznEMl4GafFvHSK+jC4NMfErc6tYZ5kjwzzbauf/YTRgVFG2VkC
D1Te5yvzaYarhph7R68re0W4crct6GNXanXyvxR8sMjdJxsqoUIPhYgo8dGfS5f/
mcKJSTqLzIBa9ObI89XItMYKQa0fl2EScbNiuyzsfb9F
-----END CERTIFICATE-----