Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/JIqe6cNP4CRnqSsCqOsqH33oiUs.roa
File:                     JIqe6cNP4CRnqSsCqOsqH33oiUs.roa (raw, json)
Hash identifier:          qzF9U2+iUb6xkpvSPes7rMqo6dB8DXTllwFAKutlSnk=
Subject key identifier:   24:8A:9E:E9:C3:4F:E0:24:67:A9:2B:02:A8:EB:2A:1F:7D:E8:89:4B
Certificate issuer:       /CN=e35a056c8242971d1a90b0bfa98b1b7a93052884
Certificate serial:       018CC6B7C14CA50C31790400BA7CA5F304EF
Authority key identifier: E3:5A:05:6C:82:42:97:1D:1A:90:B0:BF:A9:8B:1B:7A:93:05:28:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/41oFbIJClx0akLC_qYsbepMFKIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/JIqe6cNP4CRnqSsCqOsqH33oiUs.roa
Signing time:             Mon 01 Jan 2024 20:29:40 +0000
ROA not before:           Mon 01 Jan 2024 20:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57672
IP address blocks:        192.146.137.0/24 maxlen: 24
                          2001:67c:26b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/41oFbIJClx0akLC_qYsbepMFKIQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/41oFbIJClx0akLC_qYsbepMFKIQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/41oFbIJClx0akLC_qYsbepMFKIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 01:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c1:4c:a5:0c:31:79:04:00:ba:7c:a5:f3:04:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e35a056c8242971d1a90b0bfa98b1b7a93052884
        Validity
            Not Before: Jan  1 20:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=248a9ee9c34fe02467a92b02a8eb2a1f7de8894b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:61:92:f7:06:f9:df:17:a1:f7:ee:ec:69:95:
                    de:68:8b:6a:cd:bf:2b:aa:e8:f2:64:2c:e3:0f:f3:
                    28:e0:1f:ec:e9:b7:12:4b:53:98:ce:4a:26:f4:f1:
                    96:35:0c:68:c3:c6:0c:6e:22:17:86:c2:d2:b3:9f:
                    60:f5:4b:2f:f1:64:7b:b2:71:2e:d6:32:ca:07:9d:
                    f6:05:80:c1:39:b8:eb:a7:54:fd:7c:42:d5:c2:e6:
                    52:6f:ff:5c:b6:03:0b:c7:82:2e:ef:e3:4e:ae:5e:
                    b1:bd:66:22:5e:8e:ec:9e:e2:9b:5c:ab:58:eb:cc:
                    09:a5:a6:0c:71:36:d5:7f:15:01:ee:01:c3:37:ab:
                    d4:3b:94:61:5f:86:79:57:af:2a:69:0c:a6:4e:cd:
                    d3:98:d1:19:b8:d7:4b:a6:77:8d:c2:99:57:be:c3:
                    7f:a1:b9:d6:f7:d8:e4:6c:ad:d9:ec:37:1c:f4:34:
                    8f:e1:00:13:7f:35:4c:d3:35:8d:be:32:d7:a4:70:
                    f7:dd:7c:02:56:59:7d:46:b4:89:40:57:6c:4c:bc:
                    97:f6:ed:6e:1f:ab:11:6c:80:e0:c9:ee:99:e3:ed:
                    ee:a3:c2:f2:59:0b:f2:1a:0b:eb:d4:eb:ab:6c:f5:
                    05:cd:20:5b:92:7c:1f:6b:c2:d5:23:4f:41:d5:4a:
                    54:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8A:9E:E9:C3:4F:E0:24:67:A9:2B:02:A8:EB:2A:1F:7D:E8:89:4B
            X509v3 Authority Key Identifier:
                keyid:E3:5A:05:6C:82:42:97:1D:1A:90:B0:BF:A9:8B:1B:7A:93:05:28:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/41oFbIJClx0akLC_qYsbepMFKIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/JIqe6cNP4CRnqSsCqOsqH33oiUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8cd3ba-9d72-434f-8f82-aab4bd8fce9d/1/41oFbIJClx0akLC_qYsbepMFKIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.146.137.0/24
                IPv6:
                  2001:67c:26b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:eb:dc:5a:7f:e5:0b:4e:c7:50:03:ce:22:a0:de:17:2b:f4:
         ac:18:a1:b9:f1:96:08:43:32:cd:40:9c:b6:03:2e:04:39:42:
         34:54:89:11:15:32:b6:bb:17:9a:6f:90:47:52:48:9d:4c:9f:
         4b:e7:e2:53:0c:11:0e:07:0e:0e:e0:3d:ea:ef:b9:40:6f:bf:
         98:cb:b7:f3:bf:bb:ea:76:05:c8:58:31:4f:af:46:ea:7d:d1:
         fe:8b:ed:f9:1b:4b:e9:52:4a:f9:8e:ed:c8:31:1c:09:b6:b0:
         a2:6b:fd:b5:30:9d:e4:1a:f2:ca:37:73:5b:92:ea:76:5c:a7:
         5e:27:2b:46:32:02:1f:c3:6a:2d:56:8e:f5:25:7b:db:78:d8:
         e0:25:49:84:07:c5:cc:0b:c7:bb:0b:36:a9:c5:f6:52:fe:1a:
         d2:90:46:4e:57:60:30:4d:c7:65:6f:cb:0f:fa:81:0e:f9:d4:
         6c:6f:10:22:9e:83:24:a3:01:ad:7b:f0:af:38:a7:be:5f:bc:
         73:79:fc:1a:bc:52:39:76:1d:da:04:15:79:58:e7:59:d4:a6:
         8b:32:a9:f5:7b:6f:e3:54:2b:e4:9f:b1:82:45:4d:be:de:2e:
         4d:5f:8e:15:c0:7d:e9:d0:14:04:34:87:3a:6b:95:25:b3:e4:
         2c:a8:55:53
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGt8FMpQwxeQQAunyl8wTvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNWEwNTZjODI0Mjk3MWQxYTkwYjBiZmE5OGIxYjdhOTMw
NTI4ODQwHhcNMjQwMTAxMjAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhhOWVlOWMzNGZlMDI0NjdhOTJiMDJhOGViMmExZjdkZTg4OTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGGS9wb53xeh9+7saZXeaItqzb8r
qujyZCzjD/Mo4B/s6bcSS1OYzkom9PGWNQxow8YMbiIXhsLSs59g9Usv8WR7snEu
1jLKB532BYDBObjrp1T9fELVwuZSb/9ctgMLx4Iu7+NOrl6xvWYiXo7snuKbXKtY
68wJpaYMcTbVfxUB7gHDN6vUO5RhX4Z5V68qaQymTs3TmNEZuNdLpneNwplXvsN/
obnW99jkbK3Z7Dcc9DSP4QATfzVM0zWNvjLXpHD33XwCVll9RrSJQFdsTLyX9u1u
H6sRbIDgye6Z4+3uo8LyWQvyGgvr1OurbPUFzSBbknwfa8LVI09B1UpUiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCSKnunDT+AkZ6krAqjrKh996IlLMB8GA1UdIwQY
MBaAFONaBWyCQpcdGpCwv6mLG3qTBSiEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDFvRmJJSkNseDBha0xDX3FZc2JlcE1GS0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84Y2QzYmEtOWQ3Mi00MzRmLThmODIt
YWFiNGJkOGZjZTlkLzEvSklxZTZjTlA0Q1JucVNzQ3FPc3FIMzNvaVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84Y2QzYmEtOWQ3Mi00MzRmLThmODItYWFiNGJkOGZjZTlk
LzEvNDFvRmJJSkNseDBha0xDX3FZc2JlcE1GS0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwJKJMA8E
AgACMAkDBwAgAQZ8JrQwDQYJKoZIhvcNAQELBQADggEBABjr3Fp/5QtOx1ADziKg
3hcr9KwYobnxlghDMs1AnLYDLgQ5QjRUiREVMra7F5pvkEdSSJ1Mn0vn4lMMEQ4H
Dg7gPervuUBvv5jLt/O/u+p2BchYMU+vRup90f6L7fkbS+lSSvmO7cgxHAm2sKJr
/bUwneQa8so3c1uS6nZcp14nK0YyAh/Dai1WjvUle9t42OAlSYQHxcwLx7sLNqnF
9lL+GtKQRk5XYDBNx2Vvyw/6gQ751GxvECKegySjAa178K84p75fvHN5/Bq8Ujl2
HdoEFXlY51nUposyqfV7b+NUK+SfsYJFTb7eLk1fjhXAfenQFAQ0hzprlSWz5Cyo
VVM=
-----END CERTIFICATE-----