Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/3b104a-c039-42c2-9ff1-85cbd2068e8f/1/JN-PgRWx3Nr_Av2B0U8ZhejGm3c.roa
File:                     JN-PgRWx3Nr_Av2B0U8ZhejGm3c.roa (raw, json)
Hash identifier:          GDHYA46KHFddID/WN0k830C4UX+Cvpnza5sk72ZgWWs=
Subject key identifier:   24:DF:8F:81:15:B1:DC:DA:FF:02:FD:81:D1:4F:19:85:E8:C6:9B:77
Certificate issuer:       /CN=043a9c35d9e1a2f4d34a754fa26d203657847218
Certificate serial:       018CC56E203E78101E72735FD582288D8FDF
Authority key identifier: 04:3A:9C:35:D9:E1:A2:F4:D3:4A:75:4F:A2:6D:20:36:57:84:72:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BDqcNdnhovTTSnVPom0gNleEchg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/3b104a-c039-42c2-9ff1-85cbd2068e8f/1/JN-PgRWx3Nr_Av2B0U8ZhejGm3c.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211300
IP address blocks:        152.89.240.0/24 maxlen: 24
                          152.89.241.0/24 maxlen: 24
                          152.89.242.0/24 maxlen: 24
                          152.89.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/3b104a-c039-42c2-9ff1-85cbd2068e8f/1/BDqcNdnhovTTSnVPom0gNleEchg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/3b104a-c039-42c2-9ff1-85cbd2068e8f/1/BDqcNdnhovTTSnVPom0gNleEchg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BDqcNdnhovTTSnVPom0gNleEchg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:20:3e:78:10:1e:72:73:5f:d5:82:28:8d:8f:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=043a9c35d9e1a2f4d34a754fa26d203657847218
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24df8f8115b1dcdaff02fd81d14f1985e8c69b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:62:17:b7:1c:ca:2f:b8:41:76:12:6e:e9:ef:
                    0f:a8:77:30:00:18:c3:c9:2d:bd:8e:59:eb:69:7a:
                    6e:86:0f:13:39:62:40:01:52:67:33:09:2f:50:b2:
                    cd:82:e5:1f:c5:f5:88:29:df:83:c1:bd:9c:27:a1:
                    f6:2d:df:6b:bf:d5:60:73:b3:cb:5b:5f:cb:9c:d4:
                    d1:76:6c:74:60:18:bc:62:59:6f:86:d5:f6:3a:50:
                    f1:47:3a:57:03:a9:61:4b:f2:02:e5:04:b8:5a:d2:
                    2e:ed:1a:9c:76:7e:1a:ec:39:f9:79:38:7f:cc:04:
                    bb:f6:be:c7:4e:bf:9b:3b:7f:18:63:cb:16:8f:aa:
                    18:e8:a8:0d:14:d2:67:2e:4d:ca:58:df:1e:a4:5a:
                    84:3e:03:fb:6d:08:fb:71:27:87:1b:87:19:18:98:
                    4b:ad:b6:ff:b0:89:1f:d8:24:97:35:da:67:c9:f2:
                    01:a1:8d:aa:0b:de:68:41:60:1c:75:ce:32:d4:2e:
                    fc:5b:54:92:a4:da:23:34:32:91:e5:da:f1:71:bb:
                    fe:f2:a0:bc:3b:9e:5d:86:1c:a4:89:f1:f2:5b:7b:
                    48:0e:35:7d:96:ce:8a:5f:34:1b:33:be:b7:03:4d:
                    29:c9:43:eb:6c:39:3d:d9:e5:8f:36:38:05:49:02:
                    de:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:DF:8F:81:15:B1:DC:DA:FF:02:FD:81:D1:4F:19:85:E8:C6:9B:77
            X509v3 Authority Key Identifier:
                keyid:04:3A:9C:35:D9:E1:A2:F4:D3:4A:75:4F:A2:6D:20:36:57:84:72:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BDqcNdnhovTTSnVPom0gNleEchg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3b104a-c039-42c2-9ff1-85cbd2068e8f/1/JN-PgRWx3Nr_Av2B0U8ZhejGm3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3b104a-c039-42c2-9ff1-85cbd2068e8f/1/BDqcNdnhovTTSnVPom0gNleEchg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:05:54:de:4d:d0:3d:04:92:ab:f3:e5:cc:ba:e8:00:0f:dc:
         c8:fc:6f:a5:29:c2:40:37:a7:d9:d2:3c:e4:f6:5a:ce:c8:df:
         e5:9d:ee:e1:61:a8:c3:eb:51:5c:5f:fc:c3:4e:d6:c9:a1:81:
         b3:a3:9a:c6:47:53:6f:0e:7f:fd:54:c1:27:bc:84:57:d5:fc:
         17:59:90:7a:41:64:fc:52:4c:a1:05:d4:cc:27:38:09:eb:00:
         b6:aa:fc:5c:1c:3e:98:99:99:5c:57:34:f2:6d:b2:43:06:5f:
         ea:5a:b8:3c:47:75:0d:13:53:0c:77:d5:43:07:d0:d6:40:4c:
         45:ee:03:06:ad:52:81:5f:7a:bd:a0:f0:b5:1a:b9:fd:88:45:
         34:73:86:a0:97:f2:89:72:c5:cd:8e:31:29:70:6c:58:09:22:
         14:1c:cb:cb:80:4c:48:ae:06:03:51:e7:80:1d:be:fa:9e:d0:
         58:33:1b:01:52:fa:f4:98:6e:68:93:4a:53:13:ad:d8:7b:1b:
         80:07:53:a5:df:e9:ba:cd:c6:2a:cf:01:78:5b:27:3a:0f:de:
         b9:d2:b9:1a:65:36:d9:08:71:0e:68:c9:5c:d7:4d:f0:85:0d:
         58:93:a4:73:de:51:fe:e0:97:13:36:d1:2d:57:2c:44:f9:2e:
         64:10:56:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiA+eBAecnNf1YIojY/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0M2E5YzM1ZDllMWEyZjRkMzRhNzU0ZmEyNmQyMDM2NTc4
NDcyMTgwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGRmOGY4MTE1YjFkY2RhZmYwMmZkODFkMTRmMTk4NWU4YzY5Yjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWIXtxzKL7hBdhJu6e8PqHcwABjD
yS29jlnraXpuhg8TOWJAAVJnMwkvULLNguUfxfWIKd+Dwb2cJ6H2Ld9rv9Vgc7PL
W1/LnNTRdmx0YBi8YllvhtX2OlDxRzpXA6lhS/IC5QS4WtIu7Rqcdn4a7Dn5eTh/
zAS79r7HTr+bO38YY8sWj6oY6KgNFNJnLk3KWN8epFqEPgP7bQj7cSeHG4cZGJhL
rbb/sIkf2CSXNdpnyfIBoY2qC95oQWAcdc4y1C78W1SSpNojNDKR5drxcbv+8qC8
O55dhhykifHyW3tIDjV9ls6KXzQbM763A00pyUPrbDk92eWPNjgFSQLeQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTfj4EVsdza/wL9gdFPGYXoxpt3MB8GA1UdIwQY
MBaAFAQ6nDXZ4aL000p1T6JtIDZXhHIYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkRxY05kbmhvdlRUU25WUG9tMGdObGVFY2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8zYjEwNGEtYzAzOS00MmMyLTlmZjEt
ODVjYmQyMDY4ZThmLzEvSk4tUGdSV3gzTnJfQXYyQjBVOFpoZWpHbTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8zYjEwNGEtYzAzOS00MmMyLTlmZjEtODVjYmQyMDY4ZThm
LzEvQkRxY05kbmhvdlRUU25WUG9tMGdObGVFY2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmFnwMA0G
CSqGSIb3DQEBCwUAA4IBAQCFBVTeTdA9BJKr8+XMuugAD9zI/G+lKcJAN6fZ0jzk
9lrOyN/lne7hYajD61FcX/zDTtbJoYGzo5rGR1NvDn/9VMEnvIRX1fwXWZB6QWT8
UkyhBdTMJzgJ6wC2qvxcHD6YmZlcVzTybbJDBl/qWrg8R3UNE1MMd9VDB9DWQExF
7gMGrVKBX3q9oPC1Grn9iEU0c4agl/KJcsXNjjEpcGxYCSIUHMvLgExIrgYDUeeA
Hb76ntBYMxsBUvr0mG5ok0pTE63YexuAB1Ol3+m6zcYqzwF4Wyc6D9650rkaZTbZ
CHEOaMlc103whQ1Yk6Rz3lH+4JcTNtEtVyxE+S5kEFZh
-----END CERTIFICATE-----