Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/jxH2uLItb97jzR2b6fcfHuqvHsE.roa
File:                     jxH2uLItb97jzR2b6fcfHuqvHsE.roa (raw, json)
Hash identifier:          nCwZe3KkHbku+ZIucjtA0lmUWefLUxZhSIPz5da0Zp0=
Subject key identifier:   8F:11:F6:B8:B2:2D:6F:DE:E3:CD:1D:9B:E9:F7:1F:1E:EA:AF:1E:C1
Certificate issuer:       /CN=68e95817406095ec7cb5c7b286b11333497b9451
Certificate serial:       018CC424512128F9D7334EEFE4EEBF268433
Authority key identifier: 68:E9:58:17:40:60:95:EC:7C:B5:C7:B2:86:B1:13:33:49:7B:94:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aOlYF0Bglex8tceyhrETM0l7lFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/jxH2uLItb97jzR2b6fcfHuqvHsE.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204877
IP address blocks:        91.208.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/aOlYF0Bglex8tceyhrETM0l7lFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/aOlYF0Bglex8tceyhrETM0l7lFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aOlYF0Bglex8tceyhrETM0l7lFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:51:21:28:f9:d7:33:4e:ef:e4:ee:bf:26:84:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68e95817406095ec7cb5c7b286b11333497b9451
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f11f6b8b22d6fdee3cd1d9be9f71f1eeaaf1ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:87:9d:ec:f3:df:93:54:d9:65:10:bb:77:06:
                    11:ff:83:13:88:6f:6d:02:82:1d:d4:42:42:c9:78:
                    93:0a:21:cd:3d:c4:59:61:14:a1:79:ef:83:01:ef:
                    ed:f7:bf:c5:51:f4:1a:d8:0d:9c:0e:73:8a:98:2d:
                    f8:cf:1d:f0:7a:ec:5d:3c:2c:ae:1a:cc:47:f5:a2:
                    a2:16:bd:21:07:ed:ed:39:32:22:30:ad:f3:1f:eb:
                    33:84:46:2e:9b:b6:3b:cc:70:99:e3:fb:ef:d6:53:
                    05:51:2c:b9:e7:32:bb:7d:44:8e:9b:56:9d:1d:a4:
                    22:7a:62:ca:fe:99:09:69:d8:c7:72:89:0b:e5:d9:
                    37:9c:de:b0:c1:dc:bc:cc:48:6a:26:7b:69:34:9a:
                    13:c7:24:80:65:f5:ba:6a:fd:df:cd:87:33:59:71:
                    49:37:24:fe:85:dc:11:9e:a6:8c:ac:47:65:99:f8:
                    81:d6:e9:5f:38:a8:63:4b:d2:8f:10:df:34:21:26:
                    b1:03:d0:6a:a2:2a:c5:1e:58:a6:ae:06:ee:ce:ab:
                    8d:aa:05:cc:eb:49:fc:c0:71:50:9e:d2:fc:f1:51:
                    81:bd:a2:5f:b2:57:32:92:59:59:dd:86:1f:33:4d:
                    a3:67:cf:1d:21:13:ab:84:b9:24:e7:3a:13:fc:ac:
                    d6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:11:F6:B8:B2:2D:6F:DE:E3:CD:1D:9B:E9:F7:1F:1E:EA:AF:1E:C1
            X509v3 Authority Key Identifier:
                keyid:68:E9:58:17:40:60:95:EC:7C:B5:C7:B2:86:B1:13:33:49:7B:94:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aOlYF0Bglex8tceyhrETM0l7lFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/jxH2uLItb97jzR2b6fcfHuqvHsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/aOlYF0Bglex8tceyhrETM0l7lFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:bc:fb:a7:44:8e:c1:31:24:69:f5:f0:45:3f:04:e1:1b:c2:
         3e:1d:e8:8a:91:a5:6f:68:67:df:2b:62:3f:4c:52:d6:f8:ca:
         40:96:20:36:50:c9:ba:18:3d:60:58:e3:aa:51:e1:c2:2e:0f:
         e2:a6:01:16:1d:7a:3c:30:43:c5:f9:0d:86:46:25:98:aa:75:
         45:bb:04:9d:4a:e1:af:a3:52:f9:a0:fe:55:cc:21:61:96:e5:
         8e:3c:25:54:fb:02:c6:54:48:b6:d5:c5:dc:cd:53:1f:e6:ad:
         31:f3:2f:13:85:f9:38:91:37:84:c3:05:24:5e:e8:87:f7:9f:
         05:c4:98:30:eb:22:0a:4e:31:b2:c4:99:19:85:1b:c9:ea:3e:
         aa:65:01:d6:ec:6c:b8:1f:b9:39:16:83:50:f6:ba:40:cf:e4:
         0c:56:43:49:8b:28:31:c8:4b:ee:61:31:bd:09:a9:1b:76:f3:
         c5:c0:80:7c:7c:a7:bc:30:0e:19:47:71:ae:d0:b0:7a:c7:f1:
         43:44:4f:0c:28:20:d5:b3:6a:21:cb:49:4e:e0:f1:3d:16:85:
         aa:07:3c:8d:ba:aa:6f:31:bb:23:bc:cc:08:a0:09:0c:40:04:
         91:27:19:4b:20:10:85:c9:3a:fb:d3:e9:b6:55:0f:c8:6d:d7:
         ad:7a:f9:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFEhKPnXM07v5O6/JoQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZTk1ODE3NDA2MDk1ZWM3Y2I1YzdiMjg2YjExMzMzNDk3
Yjk0NTEwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjExZjZiOGIyMmQ2ZmRlZTNjZDFkOWJlOWY3MWYxZWVhYWYxZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIed7PPfk1TZZRC7dwYR/4MTiG9t
AoId1EJCyXiTCiHNPcRZYRShee+DAe/t97/FUfQa2A2cDnOKmC34zx3weuxdPCyu
GsxH9aKiFr0hB+3tOTIiMK3zH+szhEYum7Y7zHCZ4/vv1lMFUSy55zK7fUSOm1ad
HaQiemLK/pkJadjHcokL5dk3nN6wwdy8zEhqJntpNJoTxySAZfW6av3fzYczWXFJ
NyT+hdwRnqaMrEdlmfiB1ulfOKhjS9KPEN80ISaxA9BqoirFHlimrgbuzquNqgXM
60n8wHFQntL88VGBvaJfslcykllZ3YYfM02jZ88dIROrhLkk5zoT/KzW1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8R9riyLW/e480dm+n3Hx7qrx7BMB8GA1UdIwQY
MBaAFGjpWBdAYJXsfLXHsoaxEzNJe5RRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU9sWUYwQmdsZXg4dGNleWhyRVRNMGw3bEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80YTVkNzEtZTExZC00ZDMyLWI1OTct
MDE5ZWM5ZDlhNzU4LzEvanhIMnVMSXRiOTdqelIyYjZmY2ZIdXF2SHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80YTVkNzEtZTExZC00ZDMyLWI1OTctMDE5ZWM5ZDlhNzU4
LzEvYU9sWUYwQmdsZXg4dGNleWhyRVRNMGw3bEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AfMA0G
CSqGSIb3DQEBCwUAA4IBAQDYvPunRI7BMSRp9fBFPwThG8I+HeiKkaVvaGffK2I/
TFLW+MpAliA2UMm6GD1gWOOqUeHCLg/ipgEWHXo8MEPF+Q2GRiWYqnVFuwSdSuGv
o1L5oP5VzCFhluWOPCVU+wLGVEi21cXczVMf5q0x8y8Thfk4kTeEwwUkXuiH958F
xJgw6yIKTjGyxJkZhRvJ6j6qZQHW7Gy4H7k5FoNQ9rpAz+QMVkNJiygxyEvuYTG9
CakbdvPFwIB8fKe8MA4ZR3Gu0LB6x/FDRE8MKCDVs2ohy0lO4PE9FoWqBzyNuqpv
MbsjvMwIoAkMQASRJxlLIBCFyTr70+m2VQ/Ibdetevm7
-----END CERTIFICATE-----