Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/J_wBXvBU4Qh2CeOV8z-7IG3cQAs.roa
File:                     J_wBXvBU4Qh2CeOV8z-7IG3cQAs.roa (raw, json)
Hash identifier:          OV45iOzJXuPnbBKeodR3Lx8pRyAKWyrvDbUmpaF+zko=
Subject key identifier:   27:FC:01:5E:F0:54:E1:08:76:09:E3:95:F3:3F:BB:20:6D:DC:40:0B
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255510538904A0131D50C7254D8991
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/J_wBXvBU4Qh2CeOV8z-7IG3cQAs.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15490
IP address blocks:        2.56.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:55:10:53:89:04:a0:13:1d:50:c7:25:4d:89:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27fc015ef054e1087609e395f33fbb206ddc400b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:da:5e:d4:a1:66:a4:a7:13:10:8e:70:1f:2d:
                    94:7b:56:45:24:23:c2:da:34:67:6a:a4:71:b8:c3:
                    7f:df:a4:63:72:96:cc:df:ce:6c:09:cf:ad:c0:04:
                    c7:a7:52:44:3d:ea:5b:da:17:ff:3a:c4:44:79:d3:
                    db:bf:cb:94:95:31:ba:6b:3e:da:40:ba:3e:c2:8a:
                    8f:cb:5a:1d:d7:cd:67:1a:03:51:90:bb:74:a1:c0:
                    89:67:c7:46:46:e2:1a:b2:5d:f6:59:b0:6e:c9:23:
                    0c:c2:fb:7f:bf:04:71:e0:56:28:db:e4:ea:b2:d2:
                    b9:05:cc:0f:a2:1c:94:f8:bb:19:70:ca:d9:5b:01:
                    a6:58:ce:d9:c4:98:65:9a:a5:fc:19:af:f8:7f:dc:
                    bb:f5:3b:b3:02:01:7d:eb:62:c5:ff:c2:1b:46:89:
                    ab:94:6e:5e:15:ec:c7:97:f1:80:9b:93:60:8c:dd:
                    d3:cb:a6:31:03:a4:6a:85:ea:5a:e0:48:81:0f:51:
                    34:03:6b:e8:20:2e:ac:95:67:c9:43:f2:d7:72:83:
                    36:f5:9a:c1:a5:30:41:a3:43:83:3f:65:5a:15:b9:
                    6b:0b:c0:97:8e:8d:ae:4a:fc:ed:1f:a2:c5:1e:8c:
                    dc:3b:93:fa:65:99:54:41:21:87:8d:3f:28:ee:b8:
                    2d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:FC:01:5E:F0:54:E1:08:76:09:E3:95:F3:3F:BB:20:6D:DC:40:0B
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/J_wBXvBU4Qh2CeOV8z-7IG3cQAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f4:5a:f9:17:49:4e:f0:0e:6f:72:b3:41:04:76:42:ab:50:
         64:73:3e:05:b3:91:dd:dd:bf:da:13:9f:0f:a1:6c:b3:66:37:
         64:a2:27:fe:24:a1:1d:22:c2:9a:cc:80:52:65:74:30:73:c6:
         5e:f6:de:0e:dc:fa:06:c7:ca:c5:69:f0:07:30:74:ab:24:7e:
         2b:06:fa:47:5c:d1:b9:50:37:84:6a:d1:05:56:94:05:eb:ca:
         17:ec:e6:d9:c2:f7:cb:7e:7c:5b:7d:63:86:9b:b9:b6:21:98:
         e0:6c:55:da:86:68:48:fe:9b:4d:f0:61:07:26:56:71:4b:87:
         59:7c:f0:9e:9a:dd:f8:dc:49:0a:e3:4f:8c:d3:4b:43:48:55:
         b7:8d:ec:3f:84:67:af:4f:b8:fa:12:59:1d:28:17:f1:18:cf:
         2e:50:59:14:85:3d:0d:67:e3:ea:3d:6a:31:c0:1d:73:20:e0:
         8e:03:aa:4e:1b:4e:88:c1:85:b5:75:c9:25:75:c0:e0:e9:5c:
         24:3c:95:21:23:dc:ad:b7:99:38:14:62:fa:60:6c:83:40:58:
         a6:6e:6a:e2:6a:c8:54:b0:8f:e5:08:89:8e:17:dd:c5:ea:48:
         f8:42:b1:0d:2f:c6:61:4e:2d:26:75:77:a3:7e:29:27:66:f8:
         59:1f:5e:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVUQU4kEoBMdUMclTYmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2ZjMDE1ZWYwNTRlMTA4NzYwOWUzOTVmMzNmYmIyMDZkZGM0MDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNpe1KFmpKcTEI5wHy2Ue1ZFJCPC
2jRnaqRxuMN/36RjcpbM385sCc+twATHp1JEPepb2hf/OsREedPbv8uUlTG6az7a
QLo+woqPy1od181nGgNRkLt0ocCJZ8dGRuIasl32WbBuySMMwvt/vwRx4FYo2+Tq
stK5BcwPohyU+LsZcMrZWwGmWM7ZxJhlmqX8Ga/4f9y79TuzAgF962LF/8IbRomr
lG5eFezHl/GAm5NgjN3Ty6YxA6Rqhepa4EiBD1E0A2voIC6slWfJQ/LXcoM29ZrB
pTBBo0ODP2VaFblrC8CXjo2uSvztH6LFHozcO5P6ZZlUQSGHjT8o7rgt6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf8AV7wVOEIdgnjlfM/uyBt3EALMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvSl93Qlh2QlU0UWgyQ2VPVjh6LTdJRzNjUUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjimMA0G
CSqGSIb3DQEBCwUAA4IBAQBq9Fr5F0lO8A5vcrNBBHZCq1Bkcz4Fs5Hd3b/aE58P
oWyzZjdkoif+JKEdIsKazIBSZXQwc8Ze9t4O3PoGx8rFafAHMHSrJH4rBvpHXNG5
UDeEatEFVpQF68oX7ObZwvfLfnxbfWOGm7m2IZjgbFXahmhI/ptN8GEHJlZxS4dZ
fPCemt343EkK40+M00tDSFW3jew/hGevT7j6ElkdKBfxGM8uUFkUhT0NZ+PqPWox
wB1zIOCOA6pOG06IwYW1dckldcDg6VwkPJUhI9ytt5k4FGL6YGyDQFimbmriashU
sI/lCImOF93F6kj4QrENL8ZhTi0mdXejfiknZvhZH15a
-----END CERTIFICATE-----