Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Jfkb9wIjflJ9g_nlBWaCF6laiWU.roa
File:                     Jfkb9wIjflJ9g_nlBWaCF6laiWU.roa (raw, json)
Hash identifier:          /ljWZ+p/6L9vGqqgT4FUCtEB1Y8qOikrC1+ICoRutK4=
Subject key identifier:   25:F9:1B:F7:02:23:7E:52:7D:83:F9:E5:05:66:82:17:A9:5A:89:65
Certificate issuer:       /CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Certificate serial:       019427474A2D3F4C15D00CFEC343DEDF0893
Authority key identifier: 18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Jfkb9wIjflJ9g_nlBWaCF6laiWU.roa
Signing time:             Thu 02 Jan 2025 13:49:30 +0000
ROA not before:           Thu 02 Jan 2025 13:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31465
IP address blocks:        91.215.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 01:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:4a:2d:3f:4c:15:d0:0c:fe:c3:43:de:df:08:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1847b59d21ea36b3062fca80ce75c1616af5119a
        Validity
            Not Before: Jan  2 13:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25f91bf702237e527d83f9e505668217a95a8965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:01:f9:9b:06:b2:d7:8e:4b:29:15:75:7a:9e:
                    e3:70:5e:ac:db:3b:70:8b:24:fe:01:64:c0:8d:c7:
                    74:a2:f2:62:98:c8:b8:c3:07:fe:e3:2a:71:54:fb:
                    e0:78:b9:e4:d8:d7:b8:21:39:db:20:cd:aa:6b:83:
                    e2:e2:e2:fa:25:08:e6:f6:5f:24:69:4f:9c:28:ba:
                    58:ea:60:d8:f6:42:82:5d:86:77:21:30:bc:07:2e:
                    1b:33:35:d2:61:fd:ec:38:2e:a9:90:37:31:d7:c6:
                    0c:17:e4:3d:3c:61:7a:f8:b7:dd:aa:f3:07:b1:69:
                    bf:5a:f8:1c:f1:22:5c:56:53:db:df:e6:18:b3:8f:
                    87:cd:10:6e:ac:07:58:ee:79:66:dd:fc:63:b6:a7:
                    82:68:f0:5b:3f:b1:77:ab:30:76:2c:20:4a:3f:98:
                    83:af:f7:cb:3b:6b:73:6a:f4:80:65:60:d6:2a:59:
                    62:29:e6:2f:0c:89:bc:d9:f8:82:b1:92:67:65:8c:
                    89:b4:d0:0a:33:8b:62:cf:f4:c6:89:bd:03:4f:fa:
                    7d:ef:18:cb:59:26:20:f7:51:f1:61:8d:1b:b5:3f:
                    af:14:5c:d5:4c:89:41:e7:bc:23:37:c0:a5:78:df:
                    b3:83:7a:d7:68:87:2c:8d:ed:43:ac:6d:7f:7c:6f:
                    34:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F9:1B:F7:02:23:7E:52:7D:83:F9:E5:05:66:82:17:A9:5A:89:65
            X509v3 Authority Key Identifier:
                keyid:18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Jfkb9wIjflJ9g_nlBWaCF6laiWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:d7:8b:af:a6:f2:2c:4c:83:5d:ba:07:1d:24:eb:2b:46:a6:
         33:84:fe:63:97:2e:83:40:93:c7:b3:a7:e8:16:47:6e:7d:28:
         bf:53:8f:cb:23:1d:3e:5c:b8:c9:e4:60:92:c0:6d:b6:5b:91:
         cd:02:51:62:a9:03:3a:b9:aa:2c:6c:ea:42:ca:a5:20:14:5d:
         a7:99:60:ad:a9:7d:36:f6:80:25:43:f8:56:f9:6c:e4:ec:19:
         af:33:ec:9c:74:09:0d:9e:6f:5a:6a:cd:56:4f:52:f6:7e:38:
         17:8e:3c:cf:ab:9e:63:1b:ab:f6:f2:9b:a6:bc:c1:8e:04:0a:
         ab:c6:5e:ef:aa:94:2f:93:dc:2f:6f:1a:48:0c:f6:29:f7:86:
         08:42:30:84:83:7f:55:67:83:e1:7e:31:6d:87:fa:ad:94:68:
         c5:53:4b:de:73:c1:6d:0a:63:80:88:57:61:15:34:0f:ea:3b:
         94:1b:98:16:9a:11:2f:48:3c:08:96:92:f3:c4:8f:1b:19:84:
         77:78:76:6b:97:ef:d0:ea:c7:c6:06:55:06:1e:5f:b7:d4:c5:
         94:ce:4b:d5:04:40:c3:b4:26:95:00:18:e3:08:9b:c0:32:24:
         45:61:e4:b7:8a:fa:06:b7:4d:60:ff:0e:84:c5:ce:7e:a1:66:
         55:9a:68:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR0otP0wV0Az+w0Pe3wiTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDdiNTlkMjFlYTM2YjMwNjJmY2E4MGNlNzVjMTYxNmFm
NTExOWEwHhcNMjUwMTAyMTM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY5MWJmNzAyMjM3ZTUyN2Q4M2Y5ZTUwNTY2ODIxN2E5NWE4OTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgH5mway145LKRV1ep7jcF6s2ztw
iyT+AWTAjcd0ovJimMi4wwf+4ypxVPvgeLnk2Ne4ITnbIM2qa4Pi4uL6JQjm9l8k
aU+cKLpY6mDY9kKCXYZ3ITC8By4bMzXSYf3sOC6pkDcx18YMF+Q9PGF6+LfdqvMH
sWm/Wvgc8SJcVlPb3+YYs4+HzRBurAdY7nlm3fxjtqeCaPBbP7F3qzB2LCBKP5iD
r/fLO2tzavSAZWDWKlliKeYvDIm82fiCsZJnZYyJtNAKM4tiz/TGib0DT/p97xjL
WSYg91HxYY0btT+vFFzVTIlB57wjN8CleN+zg3rXaIcsje1DrG1/fG80uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX5G/cCI35SfYP55QVmghepWollMB8GA1UdIwQY
MBaAFBhHtZ0h6jazBi/KgM51wWFq9RGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTIt
ZjkxYmI1MTc5MjE3LzEvSmZrYjl3SWpmbEo5Z19ubEJXYUNGNmxhaVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTItZjkxYmI1MTc5MjE3
LzEvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9eKMA0G
CSqGSIb3DQEBCwUAA4IBAQA914uvpvIsTINdugcdJOsrRqYzhP5jly6DQJPHs6fo
FkdufSi/U4/LIx0+XLjJ5GCSwG22W5HNAlFiqQM6uaosbOpCyqUgFF2nmWCtqX02
9oAlQ/hW+Wzk7BmvM+ycdAkNnm9aas1WT1L2fjgXjjzPq55jG6v28pumvMGOBAqr
xl7vqpQvk9wvbxpIDPYp94YIQjCEg39VZ4PhfjFth/qtlGjFU0vec8FtCmOAiFdh
FTQP6juUG5gWmhEvSDwIlpLzxI8bGYR3eHZrl+/Q6sfGBlUGHl+31MWUzkvVBEDD
tCaVABjjCJvAMiRFYeS3ivoGt01g/w6Exc5+oWZVmmgX
-----END CERTIFICATE-----