Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/d3280b-53f7-4394-8559-a461169f1dc2/1/j_mKTl8qjU4nAGB0l9QcDP428sU.roa
File:                     j_mKTl8qjU4nAGB0l9QcDP428sU.roa (raw, json)
Hash identifier:          uhVjiySadpyCfhV65jKEB5E9hSDWZEafWtWJvsBIPFQ=
Subject key identifier:   8F:F9:8A:4E:5F:2A:8D:4E:27:00:60:74:97:D4:1C:0C:FE:36:F2:C5
Certificate issuer:       /CN=cdba6d5704fd290d0e073376eda688717564d196
Certificate serial:       018CCA2B700F6C95275E343F29C8988A41CF
Authority key identifier: CD:BA:6D:57:04:FD:29:0D:0E:07:33:76:ED:A6:88:71:75:64:D1:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbptVwT9KQ0OBzN27aaIcXVk0ZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/d3280b-53f7-4394-8559-a461169f1dc2/1/j_mKTl8qjU4nAGB0l9QcDP428sU.roa
Signing time:             Tue 02 Jan 2024 12:34:53 +0000
ROA not before:           Tue 02 Jan 2024 12:34:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207114
IP address blocks:        91.207.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/d3280b-53f7-4394-8559-a461169f1dc2/1/zbptVwT9KQ0OBzN27aaIcXVk0ZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/d3280b-53f7-4394-8559-a461169f1dc2/1/zbptVwT9KQ0OBzN27aaIcXVk0ZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbptVwT9KQ0OBzN27aaIcXVk0ZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:70:0f:6c:95:27:5e:34:3f:29:c8:98:8a:41:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdba6d5704fd290d0e073376eda688717564d196
        Validity
            Not Before: Jan  2 12:34:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ff98a4e5f2a8d4e2700607497d41c0cfe36f2c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:29:b9:35:f4:f1:55:f7:01:5f:ea:c5:10:b9:
                    a0:de:02:d5:4c:cd:8a:7d:06:83:33:21:2d:9a:11:
                    90:2c:aa:b7:1f:f7:7b:26:93:ef:98:97:38:2a:19:
                    f8:12:1b:a5:c6:bf:a3:e2:80:dd:8b:7c:7e:59:59:
                    90:2f:43:40:f4:67:95:c9:6d:87:c2:88:b8:44:a0:
                    7f:98:2d:54:26:ed:ce:41:2c:af:b1:9c:e0:bf:53:
                    ed:b0:4a:f8:3a:d0:c2:56:3e:0c:f7:c3:72:07:51:
                    86:37:52:a1:6d:3d:22:a2:ff:33:32:9a:e8:5f:8c:
                    c4:85:8a:6e:78:a9:45:62:30:56:81:4c:47:c0:8f:
                    54:ed:0a:2c:4b:ad:3b:b0:02:cc:cf:2a:f3:76:e2:
                    74:e4:25:5d:08:ee:b9:54:ed:29:ae:b2:e3:33:14:
                    3e:56:cf:bf:b5:2a:ee:4c:18:9d:fc:27:14:78:5b:
                    ad:25:94:5a:79:8e:28:63:a4:28:d1:6c:50:3e:19:
                    97:5f:28:71:80:70:dc:e2:54:12:e0:cf:e8:d0:17:
                    93:a3:0b:21:99:31:d8:6b:e4:fd:38:7a:74:d6:ee:
                    b9:69:5c:cf:d3:7f:55:83:b4:68:01:f8:c2:4f:b4:
                    28:2f:7e:b9:1d:09:92:21:ed:2c:2f:8a:0b:f1:d1:
                    ba:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:F9:8A:4E:5F:2A:8D:4E:27:00:60:74:97:D4:1C:0C:FE:36:F2:C5
            X509v3 Authority Key Identifier:
                keyid:CD:BA:6D:57:04:FD:29:0D:0E:07:33:76:ED:A6:88:71:75:64:D1:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbptVwT9KQ0OBzN27aaIcXVk0ZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/d3280b-53f7-4394-8559-a461169f1dc2/1/j_mKTl8qjU4nAGB0l9QcDP428sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/d3280b-53f7-4394-8559-a461169f1dc2/1/zbptVwT9KQ0OBzN27aaIcXVk0ZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:8c:a7:fd:78:4b:81:ed:a0:40:93:90:32:af:35:df:69:8f:
         5a:08:a2:de:46:bf:51:58:0d:64:42:d3:a8:e7:cc:dc:02:b4:
         ee:7b:79:6b:f1:70:6a:ea:8d:3e:e3:e4:5f:a6:85:44:ff:75:
         f0:5d:53:5b:65:34:45:c5:c1:b7:9b:d4:9f:27:e6:fe:82:0f:
         d1:a7:0b:7f:b7:16:a5:30:71:68:02:b4:05:9c:27:ad:fc:a1:
         17:fb:a1:60:6d:c4:c8:ee:b3:2d:91:9d:e8:3f:d9:2c:6a:76:
         f7:94:bb:36:5a:ba:22:1f:53:86:3a:49:2b:6b:c3:48:e8:bd:
         f7:36:48:bb:68:2c:93:8b:9a:97:1a:74:89:6b:77:10:01:1a:
         51:a0:e4:ea:7e:9f:24:b6:58:bb:18:48:15:d9:95:29:07:f2:
         9a:1e:19:00:38:2a:14:05:33:62:e5:75:76:10:2f:93:ff:e7:
         aa:1e:ec:8e:bf:9f:a3:89:bc:27:2e:ec:a4:3d:ea:cc:6d:8f:
         eb:1f:66:0d:72:cf:e0:95:69:72:b1:de:10:34:d4:07:30:77:
         d5:4e:3b:a9:3c:3f:76:c4:1c:4e:39:74:bb:cd:fc:3b:11:a7:
         8e:0a:9d:c0:63:4b:3e:f1:2b:b3:4c:a1:d9:01:bc:6f:48:3c:
         6b:bc:f0:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK3APbJUnXjQ/KciYikHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYmE2ZDU3MDRmZDI5MGQwZTA3MzM3NmVkYTY4ODcxNzU2
NGQxOTYwHhcNMjQwMTAyMTIzNDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmY5OGE0ZTVmMmE4ZDRlMjcwMDYwNzQ5N2Q0MWMwY2ZlMzZmMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgim5NfTxVfcBX+rFELmg3gLVTM2K
fQaDMyEtmhGQLKq3H/d7JpPvmJc4Khn4Ehulxr+j4oDdi3x+WVmQL0NA9GeVyW2H
woi4RKB/mC1UJu3OQSyvsZzgv1PtsEr4OtDCVj4M98NyB1GGN1KhbT0iov8zMpro
X4zEhYpueKlFYjBWgUxHwI9U7QosS607sALMzyrzduJ05CVdCO65VO0prrLjMxQ+
Vs+/tSruTBid/CcUeFutJZRaeY4oY6Qo0WxQPhmXXyhxgHDc4lQS4M/o0BeTowsh
mTHYa+T9OHp01u65aVzP039Vg7RoAfjCT7QoL365HQmSIe0sL4oL8dG6vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/5ik5fKo1OJwBgdJfUHAz+NvLFMB8GA1UdIwQY
MBaAFM26bVcE/SkNDgczdu2miHF1ZNGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJwdFZ3VDlLUTBPQnpOMjdhYUljWFZrMFpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9kMzI4MGItNTNmNy00Mzk0LTg1NTkt
YTQ2MTE2OWYxZGMyLzEval9tS1RsOHFqVTRuQUdCMGw5UWNEUDQyOHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9kMzI4MGItNTNmNy00Mzk0LTg1NTktYTQ2MTE2OWYxZGMy
LzEvemJwdFZ3VDlLUTBPQnpOMjdhYUljWFZrMFpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8/5MA0G
CSqGSIb3DQEBCwUAA4IBAQCFjKf9eEuB7aBAk5AyrzXfaY9aCKLeRr9RWA1kQtOo
58zcArTue3lr8XBq6o0+4+RfpoVE/3XwXVNbZTRFxcG3m9SfJ+b+gg/Rpwt/txal
MHFoArQFnCet/KEX+6FgbcTI7rMtkZ3oP9ksanb3lLs2WroiH1OGOkkra8NI6L33
Nki7aCyTi5qXGnSJa3cQARpRoOTqfp8ktli7GEgV2ZUpB/KaHhkAOCoUBTNi5XV2
EC+T/+eqHuyOv5+jibwnLuykPerMbY/rH2YNcs/glWlysd4QNNQHMHfVTjupPD92
xBxOOXS7zfw7EaeOCp3AY0s+8SuzTKHZAbxvSDxrvPAs
-----END CERTIFICATE-----