Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jjLD6s0H6xfJcH7MICJnM32Gm3s.roa
File:                     jjLD6s0H6xfJcH7MICJnM32Gm3s.roa (raw, json)
Hash identifier:          jetj8Cf564aiGmYv98cu3mOHuaIeF8fX+e5c9Lyq75U=
Subject key identifier:   8E:32:C3:EA:CD:07:EB:17:C9:70:7E:CC:20:22:67:33:7D:86:9B:7B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0190EE83FA34BF34913E5A1DF4420C19945D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jjLD6s0H6xfJcH7MICJnM32Gm3s.roa
Signing time:             Fri 26 Jul 2024 10:09:04 +0000
ROA not before:           Fri 26 Jul 2024 10:09:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60558
IP address blocks:        163.5.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:83:fa:34:bf:34:91:3e:5a:1d:f4:42:0c:19:94:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 26 10:09:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e32c3eacd07eb17c9707ecc202267337d869b7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:3e:ae:10:31:17:d4:10:2c:f0:55:95:91:7e:
                    34:5f:73:bf:00:68:19:2a:69:8a:d2:8e:91:87:c7:
                    43:d8:a0:f8:77:c5:6a:0b:5e:24:d0:6d:c6:20:30:
                    48:49:d8:11:42:f3:5e:fe:ad:e8:e6:e8:7d:f2:2b:
                    ea:65:82:12:71:6b:5a:58:dc:a9:7e:8b:fb:8d:70:
                    c3:d1:e9:ef:24:be:a9:ab:64:15:0d:d9:31:7e:b9:
                    bf:23:1a:d6:4a:40:0b:98:8d:c8:0e:29:42:9a:14:
                    ac:3e:9a:76:31:8d:62:52:fc:84:69:4c:ce:82:d4:
                    f1:e0:8c:51:8e:ac:82:1a:85:26:58:f4:bd:d6:31:
                    f4:d4:47:4c:d0:1e:6a:69:3f:f7:0f:09:f5:62:ac:
                    cd:f3:ca:36:59:e2:91:32:b6:15:cd:35:87:22:fd:
                    8c:4d:b9:cd:ab:e0:36:c9:b7:9d:72:36:2e:79:d8:
                    60:a7:63:17:fe:bb:3d:5a:39:f3:42:35:ef:aa:38:
                    f4:78:77:41:d2:db:ee:62:2d:a2:94:c6:fd:8f:00:
                    e2:41:93:27:ec:27:b0:62:90:fa:2b:f4:47:ad:dd:
                    c4:68:da:a9:6e:35:bf:71:a7:3c:5e:01:46:9d:7a:
                    3f:8c:90:b6:0b:11:42:30:47:88:12:a2:ba:22:c6:
                    fa:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:32:C3:EA:CD:07:EB:17:C9:70:7E:CC:20:22:67:33:7D:86:9B:7B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jjLD6s0H6xfJcH7MICJnM32Gm3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:14:35:b9:5f:e3:48:c4:1e:03:a5:9b:e6:41:5f:4e:d2:88:
         52:31:f9:4b:41:bf:86:05:8d:8c:7f:ef:11:be:e2:8b:9c:36:
         44:67:62:33:49:f0:ea:a8:5a:45:af:e3:66:48:ae:3a:12:65:
         7c:5d:e3:49:d6:5b:68:ef:dc:37:58:5c:52:d0:45:e4:16:5b:
         f1:78:06:af:1a:95:c7:09:7d:d0:af:f8:1a:6f:20:f4:38:25:
         2b:c1:54:bd:58:56:8b:ec:8a:f8:18:03:c6:9c:be:7e:6c:0d:
         d0:88:db:cd:f7:3e:43:94:cd:fd:7b:de:20:5c:0c:55:af:b8:
         e2:7e:8c:08:7d:25:c8:e1:d4:d0:ea:a2:bc:d6:2d:c1:71:96:
         f9:16:dc:71:9c:07:42:fc:c2:19:b2:d6:25:42:09:6d:33:5e:
         e1:7f:29:67:fe:5d:bd:6e:31:d3:2c:7c:c1:91:06:02:f3:4f:
         b0:13:77:ac:af:5e:17:4f:dc:67:64:d5:30:68:0a:bf:9d:5a:
         4d:c8:60:45:99:51:58:52:a5:c8:8a:e7:86:eb:6c:4e:b4:1e:
         74:1b:88:05:97:5e:ea:be:3e:a0:be:b7:94:19:5c:39:11:30:
         3f:2c:04:18:0f:4c:21:e3:75:8c:6f:d4:b1:bc:ad:68:4e:6a:
         ed:10:5e:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDug/o0vzSRPlod9EIMGZRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNzI2MTAwOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTMyYzNlYWNkMDdlYjE3Yzk3MDdlY2MyMDIyNjczMzdkODY5YjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/T6uEDEX1BAs8FWVkX40X3O/AGgZ
KmmK0o6Rh8dD2KD4d8VqC14k0G3GIDBISdgRQvNe/q3o5uh98ivqZYIScWtaWNyp
fov7jXDD0envJL6pq2QVDdkxfrm/IxrWSkALmI3IDilCmhSsPpp2MY1iUvyEaUzO
gtTx4IxRjqyCGoUmWPS91jH01EdM0B5qaT/3Dwn1YqzN88o2WeKRMrYVzTWHIv2M
TbnNq+A2ybedcjYuedhgp2MX/rs9WjnzQjXvqjj0eHdB0tvuYi2ilMb9jwDiQZMn
7CewYpD6K/RHrd3EaNqpbjW/cac8XgFGnXo/jJC2CxFCMEeIEqK6Isb6jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4yw+rNB+sXyXB+zCAiZzN9hpt7MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvampMRDZzMEg2eGZKY0g3TUlDSm5NMzJHbTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXCMA0G
CSqGSIb3DQEBCwUAA4IBAQAmFDW5X+NIxB4DpZvmQV9O0ohSMflLQb+GBY2Mf+8R
vuKLnDZEZ2IzSfDqqFpFr+NmSK46EmV8XeNJ1lto79w3WFxS0EXkFlvxeAavGpXH
CX3Qr/gabyD0OCUrwVS9WFaL7Ir4GAPGnL5+bA3QiNvN9z5DlM39e94gXAxVr7ji
fowIfSXI4dTQ6qK81i3BcZb5FtxxnAdC/MIZstYlQgltM17hfyln/l29bjHTLHzB
kQYC80+wE3esr14XT9xnZNUwaAq/nVpNyGBFmVFYUqXIiueG62xOtB50G4gFl17q
vj6gvreUGVw5ETA/LAQYD0wh43WMb9SxvK1oTmrtEF42
-----END CERTIFICATE-----