Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/JxfskSqQc2_tzDBHhEWZZ9_CTBQ.roa
File:                     JxfskSqQc2_tzDBHhEWZZ9_CTBQ.roa (raw, json)
Hash identifier:          yH9HyEXPOLe/M7orBZ/gf2XEtff1lopnw/JwtwbP7Pw=
Subject key identifier:   27:17:EC:91:2A:90:73:6F:ED:CC:30:47:84:45:99:67:DF:C2:4C:14
Certificate issuer:       /CN=2ffb641d3ca2ec1157f477321789cec0cc5f29a4
Certificate serial:       018CC9BCAA9F6EE931B76E11C7B1F1E8E508
Authority key identifier: 2F:FB:64:1D:3C:A2:EC:11:57:F4:77:32:17:89:CE:C0:CC:5F:29:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/JxfskSqQc2_tzDBHhEWZZ9_CTBQ.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56655
IP address blocks:        195.35.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:aa:9f:6e:e9:31:b7:6e:11:c7:b1:f1:e8:e5:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ffb641d3ca2ec1157f477321789cec0cc5f29a4
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2717ec912a90736fedcc304784459967dfc24c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0b:25:f0:74:6f:48:84:cc:79:b2:54:c4:19:
                    b4:58:a8:75:a9:00:8e:9f:3c:c6:19:9d:d2:d6:74:
                    e4:8a:da:05:7e:8f:92:c5:8d:56:63:b0:64:2b:c8:
                    9a:77:cc:af:e6:89:a4:bb:b2:f5:8f:a0:5f:96:3a:
                    98:3e:9d:51:50:75:00:8d:ce:bc:84:dd:c4:3a:98:
                    97:f7:ce:a2:9b:18:6d:d1:1b:60:22:28:54:fc:26:
                    20:f4:2f:25:5c:03:48:16:ff:de:21:52:2b:25:7b:
                    c2:c7:30:d5:9b:58:51:a6:80:d0:1d:8b:f0:db:81:
                    5f:94:15:18:3c:53:91:6a:b9:37:bc:4a:7a:87:d1:
                    8d:e9:78:64:7e:1e:19:44:46:66:26:8a:a0:6b:15:
                    07:7c:20:33:7f:c4:86:f8:60:b4:de:35:9a:2e:42:
                    08:21:f4:26:ab:53:7f:bf:85:0b:8a:f4:ac:7f:86:
                    03:dc:45:29:f6:3b:32:49:b6:1b:c1:85:ff:d7:ff:
                    c1:63:ee:33:01:6f:0d:c1:a9:38:ce:4a:23:a9:37:
                    76:95:33:1a:51:eb:1b:b7:ed:2c:0c:b8:8e:e5:e0:
                    92:8c:0a:a1:93:1e:8f:38:83:b2:33:35:56:21:c5:
                    c8:6b:b5:dd:23:64:9c:19:e7:b7:99:9e:37:bc:51:
                    65:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:17:EC:91:2A:90:73:6F:ED:CC:30:47:84:45:99:67:DF:C2:4C:14
            X509v3 Authority Key Identifier:
                keyid:2F:FB:64:1D:3C:A2:EC:11:57:F4:77:32:17:89:CE:C0:CC:5F:29:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/JxfskSqQc2_tzDBHhEWZZ9_CTBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:9b:51:fb:86:f3:0d:88:82:8a:ea:e8:95:28:b2:15:fc:0f:
         4b:06:27:0f:02:71:34:fd:c8:75:d4:e0:bf:fb:23:b8:ab:4b:
         40:af:ed:ab:e6:d2:ed:82:7c:08:ad:42:64:72:43:00:96:c1:
         d8:2a:a5:0a:ad:53:15:92:04:9a:cc:fc:fc:58:de:a1:a9:c4:
         31:05:5c:b6:43:45:aa:54:6e:9d:a3:8c:e3:30:78:4d:80:24:
         6d:48:64:74:5c:d0:72:f3:ad:6e:40:dc:cf:b9:4c:df:f9:19:
         77:00:ec:c2:ca:f8:20:0b:c8:76:ea:c1:ce:4a:59:f8:22:f9:
         d2:c4:5b:b6:a5:2f:ce:54:dc:c1:3b:d1:b8:80:07:d8:bf:1b:
         0e:3a:07:2f:75:af:cc:da:7b:19:fd:c2:f7:9e:56:c0:71:f5:
         8c:8a:a5:b5:8e:55:dc:b6:e5:ef:dd:0e:cc:13:3f:4a:90:8b:
         88:27:f0:ef:51:58:5b:65:4c:5d:33:ca:04:d1:2d:50:90:2f:
         e2:5c:ee:97:66:57:ec:3b:29:02:d4:7a:f8:d5:0c:ed:ab:68:
         55:19:5b:58:c8:b9:1b:97:f6:b4:5d:e2:64:94:23:01:f7:14:
         42:f6:0e:fa:ce:44:c5:2d:ad:8a:11:2b:72:e2:89:e3:7b:cd:
         0f:4e:97:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKqfbukxt24Rx7Hx6OUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZmI2NDFkM2NhMmVjMTE1N2Y0NzczMjE3ODljZWMwY2M1
ZjI5YTQwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzE3ZWM5MTJhOTA3MzZmZWRjYzMwNDc4NDQ1OTk2N2RmYzI0YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgsl8HRvSITMebJUxBm0WKh1qQCO
nzzGGZ3S1nTkitoFfo+SxY1WY7BkK8iad8yv5omku7L1j6BfljqYPp1RUHUAjc68
hN3EOpiX986imxht0RtgIihU/CYg9C8lXANIFv/eIVIrJXvCxzDVm1hRpoDQHYvw
24FflBUYPFORark3vEp6h9GN6Xhkfh4ZREZmJoqgaxUHfCAzf8SG+GC03jWaLkII
IfQmq1N/v4ULivSsf4YD3EUp9jsySbYbwYX/1//BY+4zAW8Nwak4zkojqTd2lTMa
Uesbt+0sDLiO5eCSjAqhkx6POIOyMzVWIcXIa7XdI2ScGee3mZ43vFFlNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcX7JEqkHNv7cwwR4RFmWffwkwUMB8GA1UdIwQY
MBaAFC/7ZB08ouwRV/R3MheJzsDMXymkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTF90a0hUeWk3QkZYOUhjeUY0bk93TXhmS2FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9iMDZmZTAtMzY5MC00MzdkLTg5MjQt
MDcxZGFhMDVkYWJmLzEvSnhmc2tTcVFjMl90ekRCSGhFV1paOV9DVEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9iMDZmZTAtMzY5MC00MzdkLTg5MjQtMDcxZGFhMDVkYWJm
LzEvTF90a0hUeWk3QkZYOUhjeUY0bk93TXhmS2FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNxMA0G
CSqGSIb3DQEBCwUAA4IBAQCPm1H7hvMNiIKK6uiVKLIV/A9LBicPAnE0/ch11OC/
+yO4q0tAr+2r5tLtgnwIrUJkckMAlsHYKqUKrVMVkgSazPz8WN6hqcQxBVy2Q0Wq
VG6do4zjMHhNgCRtSGR0XNBy861uQNzPuUzf+Rl3AOzCyvggC8h26sHOSln4IvnS
xFu2pS/OVNzBO9G4gAfYvxsOOgcvda/M2nsZ/cL3nlbAcfWMiqW1jlXctuXv3Q7M
Ez9KkIuIJ/DvUVhbZUxdM8oE0S1QkC/iXO6XZlfsOykC1Hr41Qztq2hVGVtYyLkb
l/a0XeJklCMB9xRC9g76zkTFLa2KESty4onje80PTpcJ
-----END CERTIFICATE-----