Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jNadFe_VjXl7PswfYOMW7iJzn8o.roa
File:                     jNadFe_VjXl7PswfYOMW7iJzn8o.roa (raw, json)
Hash identifier:          F7cFfqzjamHLPN50JEl+dEt/J4WHS+rdNW5btmKGz38=
Subject key identifier:   8C:D6:9D:15:EF:D5:8D:79:7B:3E:CC:1F:60:E3:16:EE:22:73:9F:CA
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0190789DFFF08160702AA4DB2B8AAAAE8A19
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jNadFe_VjXl7PswfYOMW7iJzn8o.roa
Signing time:             Wed 03 Jul 2024 12:42:18 +0000
ROA not before:           Wed 03 Jul 2024 12:42:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.200.223.0/24 maxlen: 24
                          91.226.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:9d:ff:f0:81:60:70:2a:a4:db:2b:8a:aa:ae:8a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jul  3 12:42:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cd69d15efd58d797b3ecc1f60e316ee22739fca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:21:4c:3b:49:39:79:e0:8c:d1:aa:58:a9:1a:
                    89:5b:a6:ca:95:ae:1b:52:0c:af:fa:07:a7:3a:9d:
                    da:d9:3d:71:b9:7f:f5:ec:5d:6a:28:d3:85:9e:b2:
                    ed:31:61:fe:e4:d6:bb:cc:33:60:29:9a:a8:59:29:
                    8f:51:0f:12:29:3e:e5:61:3d:07:72:b4:d6:78:73:
                    3b:b9:65:fc:84:34:94:c2:a1:51:d8:79:6a:c0:27:
                    d0:5f:5b:0e:25:eb:18:b1:07:0e:ef:62:0d:92:b2:
                    6a:19:a2:e0:86:11:a2:26:c6:9c:64:67:ae:70:4e:
                    68:d6:04:72:d9:83:9b:38:fb:51:62:37:62:5a:93:
                    f3:a2:65:22:c4:4b:82:46:7e:cc:57:e3:37:75:ef:
                    a7:f5:62:71:57:cf:30:87:fe:33:44:d7:73:fb:f2:
                    c8:e5:69:f9:1c:07:d0:1c:ae:38:a2:72:51:ee:8e:
                    7b:eb:58:12:9e:5a:76:64:45:a0:4d:67:b1:30:79:
                    de:2b:3e:e6:a4:4d:c0:66:9b:44:b5:49:c2:37:85:
                    15:25:ac:9a:18:09:73:23:39:95:b0:d5:64:97:78:
                    5a:e8:48:66:6d:a9:a1:c6:89:b8:93:7e:a7:33:f6:
                    5e:03:2b:db:0d:09:a8:03:31:b5:fb:c5:28:34:09:
                    60:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D6:9D:15:EF:D5:8D:79:7B:3E:CC:1F:60:E3:16:EE:22:73:9F:CA
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jNadFe_VjXl7PswfYOMW7iJzn8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.223.0/24
                  91.226.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:19:1b:79:70:33:33:d6:5d:6c:0d:cc:57:92:b4:c1:0e:cc:
         b2:6a:df:1b:08:c6:97:2e:d6:fa:0a:f7:3a:eb:4b:bb:9e:b5:
         06:ca:b3:b1:21:d6:c9:85:ec:79:e3:31:58:92:f0:9c:4e:a2:
         e9:d9:ca:03:2b:af:ce:4a:1a:18:34:86:2d:f1:79:53:10:2d:
         04:8c:4d:ca:c0:e6:a9:0e:70:31:23:3c:62:36:c3:52:6e:ad:
         cd:f7:16:df:31:61:9f:3e:12:76:e0:4b:f2:35:5a:3c:f8:8d:
         b3:ad:7f:47:e9:b7:a6:70:47:ee:6e:41:f8:e1:7f:3f:20:6d:
         76:ed:62:52:fe:2d:a7:5f:63:55:b3:57:06:e1:63:b3:ee:b4:
         f4:cd:ca:02:74:d4:06:34:6c:05:dd:3f:dd:26:5a:3c:0b:a6:
         65:26:aa:3b:01:b3:18:d4:0f:22:27:3b:c2:be:b6:1d:76:d5:
         b0:d9:33:dd:89:e1:8d:39:5c:e7:4e:0e:32:54:72:ce:37:f8:
         94:0e:e3:6b:3c:7c:53:bc:80:44:7c:50:b9:1a:b7:17:48:ef:
         fa:68:4e:70:b9:ea:d6:85:00:47:c9:bd:7b:49:0b:8a:3b:cb:
         ec:f1:32:ad:ec:86:b5:5b:ed:0a:2a:43:1e:cd:85:19:80:d2:
         a2:d5:55:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZB4nf/wgWBwKqTbK4qqrooZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNzAzMTI0MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Q2OWQxNWVmZDU4ZDc5N2IzZWNjMWY2MGUzMTZlZTIyNzM5ZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyFMO0k5eeCM0apYqRqJW6bKla4b
Ugyv+genOp3a2T1xuX/17F1qKNOFnrLtMWH+5Na7zDNgKZqoWSmPUQ8SKT7lYT0H
crTWeHM7uWX8hDSUwqFR2HlqwCfQX1sOJesYsQcO72INkrJqGaLghhGiJsacZGeu
cE5o1gRy2YObOPtRYjdiWpPzomUixEuCRn7MV+M3de+n9WJxV88wh/4zRNdz+/LI
5Wn5HAfQHK44onJR7o5761gSnlp2ZEWgTWexMHneKz7mpE3AZptEtUnCN4UVJaya
GAlzIzmVsNVkl3ha6Ehmbamhxom4k36nM/ZeAyvbDQmoAzG1+8UoNAlgqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIzWnRXv1Y15ez7MH2DjFu4ic5/KMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvak5hZEZlX1ZqWGw3UHN3ZllPTVc3aUp6bjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8jfAwQA
W+I4MA0GCSqGSIb3DQEBCwUAA4IBAQCJGRt5cDMz1l1sDcxXkrTBDsyyat8bCMaX
Ltb6Cvc660u7nrUGyrOxIdbJhex54zFYkvCcTqLp2coDK6/OShoYNIYt8XlTEC0E
jE3KwOapDnAxIzxiNsNSbq3N9xbfMWGfPhJ24EvyNVo8+I2zrX9H6bemcEfubkH4
4X8/IG127WJS/i2nX2NVs1cG4WOz7rT0zcoCdNQGNGwF3T/dJlo8C6ZlJqo7AbMY
1A8iJzvCvrYddtWw2TPdieGNOVznTg4yVHLON/iUDuNrPHxTvIBEfFC5GrcXSO/6
aE5wuerWhQBHyb17SQuKO8vs8TKt7Ia1W+0KKkMezYUZgNKi1VVD
-----END CERTIFICATE-----