Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/JJXC6e73F8aAkSSaKDVCF-fAZ4M.roa
File:                     JJXC6e73F8aAkSSaKDVCF-fAZ4M.roa (raw, json)
Hash identifier:          Yrb8FgftQ/pYE86VyNeSZaVohxEp8s6PD8Fl0+4Oqew=
Subject key identifier:   24:95:C2:E9:EE:F7:17:C6:80:91:24:9A:28:35:42:17:E7:C0:67:83
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD883B72FF45D2B1631667DE35D02
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/JJXC6e73F8aAkSSaKDVCF-fAZ4M.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57844
IP address blocks:        94.131.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d8:83:b7:2f:f4:5d:2b:16:31:66:7d:e3:5d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2495c2e9eef717c68091249a28354217e7c06783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0a:02:af:da:9a:4f:39:e5:20:88:8e:8e:30:
                    89:66:f6:f4:03:3b:64:ba:b6:7d:a4:ad:59:50:ed:
                    a3:f3:cd:5f:c1:67:14:f1:9e:f1:85:3a:ba:84:88:
                    5f:74:c4:f6:9e:78:0d:1d:55:56:cd:d7:04:d8:9c:
                    20:31:8a:2e:fe:bc:29:1a:82:53:e6:91:08:f2:31:
                    0b:2c:8d:7d:38:5f:fb:a0:0f:c8:fa:6d:03:13:02:
                    77:d5:82:68:76:ab:91:af:02:c2:d6:f2:d8:fd:48:
                    18:01:3b:db:d7:be:a9:2d:34:7b:fc:7c:7e:65:b9:
                    2c:6a:c0:6d:06:77:97:1d:e2:1d:25:b4:34:db:4c:
                    61:06:c4:70:f5:c0:7a:59:ff:35:0a:2d:7d:3a:57:
                    d4:2d:4c:92:d1:28:46:42:a1:fd:23:3c:f6:44:25:
                    0d:70:fb:fb:f6:52:1e:17:ac:eb:38:4b:9e:56:06:
                    27:75:86:18:73:e9:16:35:90:d4:42:4c:68:e1:3d:
                    fe:ba:ab:9b:a7:92:9c:67:6f:23:cd:93:0e:ec:de:
                    37:cd:f0:b5:34:02:20:1b:09:48:73:78:f9:ae:b0:
                    ef:92:52:a2:46:26:e5:d6:2f:e0:61:8e:5d:ae:ca:
                    eb:fd:1a:82:c9:57:ed:b1:b5:53:08:f6:c1:87:72:
                    8b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:95:C2:E9:EE:F7:17:C6:80:91:24:9A:28:35:42:17:E7:C0:67:83
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/JJXC6e73F8aAkSSaKDVCF-fAZ4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:60:72:b1:4d:35:26:eb:a9:90:80:6f:eb:7a:aa:30:4f:c1:
         c2:19:fd:4b:f7:97:00:11:4a:2a:38:ba:79:ad:1f:9f:f8:e1:
         77:5e:42:cc:4d:91:ec:56:e6:cd:a9:dc:07:f5:ee:b1:82:3b:
         3c:39:bb:ce:88:d8:43:88:86:b0:a0:ac:3b:67:ef:f7:ce:36:
         bb:c6:4a:f4:fc:d8:e0:9f:36:6b:4a:4e:0d:58:b8:8d:e0:cf:
         8e:40:ea:78:f3:42:ec:db:57:64:db:ff:78:18:70:59:e0:d7:
         2a:2b:95:7c:a2:ae:b6:4f:f3:ee:05:c8:30:a4:ef:c7:ac:05:
         0f:44:fa:5d:59:75:85:7b:44:2d:d8:8f:8c:8f:d0:4b:b1:5a:
         f3:ea:0b:bf:22:17:7e:1f:fb:25:c2:bc:d2:bb:c4:a2:62:e3:
         e9:02:9c:1a:1a:59:cd:57:bd:a0:82:11:8b:d4:2b:77:5d:ee:
         ca:f2:c3:02:79:3a:0a:58:e4:7a:ae:77:62:bb:04:4d:08:da:
         66:e8:6f:3a:43:3a:97:6f:1e:50:73:b1:d3:75:fd:3a:90:99:
         42:28:39:ac:ce:35:6b:f5:27:90:ab:d0:d8:5e:77:e8:37:eb:
         dc:60:d9:f1:c8:8e:12:64:c8:27:bd:68:9c:1d:e5:ca:c8:86:
         61:35:77:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStiDty/0XSsWMWZ9410CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDk1YzJlOWVlZjcxN2M2ODA5MTI0OWEyODM1NDIxN2U3YzA2NzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgoCr9qaTznlIIiOjjCJZvb0Aztk
urZ9pK1ZUO2j881fwWcU8Z7xhTq6hIhfdMT2nngNHVVWzdcE2JwgMYou/rwpGoJT
5pEI8jELLI19OF/7oA/I+m0DEwJ31YJodquRrwLC1vLY/UgYATvb176pLTR7/Hx+
ZbksasBtBneXHeIdJbQ020xhBsRw9cB6Wf81Ci19OlfULUyS0ShGQqH9Izz2RCUN
cPv79lIeF6zrOEueVgYndYYYc+kWNZDUQkxo4T3+uqubp5KcZ28jzZMO7N43zfC1
NAIgGwlIc3j5rrDvklKiRibl1i/gYY5drsrr/RqCyVftsbVTCPbBh3KLhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSVwunu9xfGgJEkmig1QhfnwGeDMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvSkpYQzZlNzNGOGFBa1NTYUtEVkNGLWZBWjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoNsMA0G
CSqGSIb3DQEBCwUAA4IBAQCLYHKxTTUm66mQgG/reqowT8HCGf1L95cAEUoqOLp5
rR+f+OF3XkLMTZHsVubNqdwH9e6xgjs8ObvOiNhDiIawoKw7Z+/3zja7xkr0/Njg
nzZrSk4NWLiN4M+OQOp480Ls21dk2/94GHBZ4NcqK5V8oq62T/PuBcgwpO/HrAUP
RPpdWXWFe0Qt2I+Mj9BLsVrz6gu/Ihd+H/slwrzSu8SiYuPpApwaGlnNV72gghGL
1Ct3Xe7K8sMCeToKWOR6rndiuwRNCNpm6G86QzqXbx5Qc7HTdf06kJlCKDmszjVr
9SeQq9DYXnfoN+vcYNnxyI4SZMgnvWicHeXKyIZhNXfR
-----END CERTIFICATE-----