Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/JBy6s4yqXddN9TopskLthm_S0NU.roa
File:                     JBy6s4yqXddN9TopskLthm_S0NU.roa (raw, json)
Hash identifier:          avJtbPSTGFB9k4b1FH0m/w91Ipef0iicMgzRrptkAyo=
Subject key identifier:   24:1C:BA:B3:8C:AA:5D:D7:4D:F5:3A:29:B2:42:ED:86:6F:D2:D0:D5
Certificate issuer:       /CN=09aad17b106775e484f61ebb5ec104c27c187e48
Certificate serial:       018CC94E0973BE04346BD5C5BC87C3BCFBE7
Authority key identifier: 09:AA:D1:7B:10:67:75:E4:84:F6:1E:BB:5E:C1:04:C2:7C:18:7E:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CarRexBndeSE9h67XsEEwnwYfkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/JBy6s4yqXddN9TopskLthm_S0NU.roa
Signing time:             Tue 02 Jan 2024 08:33:03 +0000
ROA not before:           Tue 02 Jan 2024 08:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9145
IP address blocks:        194.31.94.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/CarRexBndeSE9h67XsEEwnwYfkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/CarRexBndeSE9h67XsEEwnwYfkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CarRexBndeSE9h67XsEEwnwYfkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:09:73:be:04:34:6b:d5:c5:bc:87:c3:bc:fb:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09aad17b106775e484f61ebb5ec104c27c187e48
        Validity
            Not Before: Jan  2 08:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=241cbab38caa5dd74df53a29b242ed866fd2d0d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d9:78:52:43:ae:53:d1:45:66:63:39:98:ea:
                    22:8e:73:5a:e0:7e:1a:10:af:0e:20:b4:21:23:79:
                    07:31:ac:ee:04:31:8c:db:71:b0:d8:16:78:cb:97:
                    ad:91:b9:81:37:5e:96:fb:a0:4a:d1:71:0a:f0:04:
                    d2:a2:b4:dd:5d:58:9a:f3:bd:5b:e3:68:33:2c:c8:
                    d2:59:38:1d:fa:5d:fe:e4:26:81:14:05:3c:2f:55:
                    e9:2a:a7:8f:e0:9f:fb:b0:dc:d6:3c:2f:28:39:ff:
                    ce:11:46:07:9e:87:1c:a9:c0:03:39:51:60:fd:11:
                    f1:64:9f:56:85:67:4e:1c:2b:84:c5:44:53:43:63:
                    d0:64:79:a1:88:71:4f:a6:88:81:fc:3b:b7:a9:8e:
                    46:d5:24:15:87:6e:bb:bc:e7:a1:3b:f8:0b:ea:a6:
                    76:8d:88:c0:79:85:20:db:74:d0:b1:6a:53:73:3f:
                    a7:3a:ee:aa:1d:80:35:9f:0c:0b:cd:55:69:aa:ec:
                    0f:02:ce:6b:f0:ef:b1:98:07:81:ca:6a:c8:ee:b3:
                    e3:b1:57:10:ab:f4:53:67:96:26:05:75:38:e3:b8:
                    ef:4c:35:2a:dc:f2:d9:e9:f1:16:2d:de:0a:92:7d:
                    71:d2:ec:0b:db:7f:34:ed:73:28:8a:09:c2:bd:ab:
                    14:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:1C:BA:B3:8C:AA:5D:D7:4D:F5:3A:29:B2:42:ED:86:6F:D2:D0:D5
            X509v3 Authority Key Identifier:
                keyid:09:AA:D1:7B:10:67:75:E4:84:F6:1E:BB:5E:C1:04:C2:7C:18:7E:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CarRexBndeSE9h67XsEEwnwYfkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/JBy6s4yqXddN9TopskLthm_S0NU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/CarRexBndeSE9h67XsEEwnwYfkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:2b:7f:20:a1:7a:29:26:43:d9:34:d2:62:78:05:9d:b3:aa:
         7f:6f:47:f4:0c:7a:88:92:dc:0d:3a:4c:a5:95:6c:d4:cc:a3:
         89:b8:23:68:12:f5:21:c8:d2:84:36:0f:53:67:ca:80:a5:b8:
         54:43:53:c7:f3:b4:64:e9:73:79:7b:9b:b4:c5:2f:5c:17:8b:
         de:81:65:d2:cc:27:8a:6b:a0:e5:ee:59:67:78:03:67:f7:4f:
         d5:3b:13:29:03:da:54:ae:fd:2e:f5:a4:89:df:8c:24:2b:de:
         53:b1:09:85:70:47:8d:f2:15:49:82:d4:af:a5:70:05:b9:ab:
         88:3e:d0:03:0a:43:4b:87:73:c3:7d:9b:5c:f7:12:3b:e7:38:
         95:41:45:80:8a:ba:a1:45:24:86:00:11:58:9c:d2:f6:c3:70:
         76:2d:06:e2:0b:ca:f8:eb:1a:89:df:57:d4:e6:9e:35:f2:5f:
         d4:73:d0:7e:1f:f0:a8:6e:ff:5f:30:fc:67:4c:88:a2:c5:f5:
         26:97:10:96:0f:17:0d:02:e3:95:77:b1:1d:dd:80:79:87:97:
         ca:08:ec:20:65:5f:b8:d0:83:7d:ae:79:2d:05:03:5f:f9:3d:
         12:f3:c2:f2:e0:30:64:f7:58:48:70:2d:a3:49:b8:95:dd:a4:
         bc:f3:3b:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTglzvgQ0a9XFvIfDvPvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YWFkMTdiMTA2Nzc1ZTQ4NGY2MWViYjVlYzEwNGMyN2Mx
ODdlNDgwHhcNMjQwMTAyMDgzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDFjYmFiMzhjYWE1ZGQ3NGRmNTNhMjliMjQyZWQ4NjZmZDJkMGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtl4UkOuU9FFZmM5mOoijnNa4H4a
EK8OILQhI3kHMazuBDGM23Gw2BZ4y5etkbmBN16W+6BK0XEK8ATSorTdXVia871b
42gzLMjSWTgd+l3+5CaBFAU8L1XpKqeP4J/7sNzWPC8oOf/OEUYHnoccqcADOVFg
/RHxZJ9WhWdOHCuExURTQ2PQZHmhiHFPpoiB/Du3qY5G1SQVh267vOehO/gL6qZ2
jYjAeYUg23TQsWpTcz+nOu6qHYA1nwwLzVVpquwPAs5r8O+xmAeBymrI7rPjsVcQ
q/RTZ5YmBXU447jvTDUq3PLZ6fEWLd4Kkn1x0uwL23807XMoignCvasUAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQcurOMql3XTfU6KbJC7YZv0tDVMB8GA1UdIwQY
MBaAFAmq0XsQZ3XkhPYeu17BBMJ8GH5IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2FyUmV4Qm5kZVNFOWg2N1hzRUV3bndZZmtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS84MmZiMWQtZjRmNC00MzZhLWE5OTMt
YjRhMTcwMGYyMTcyLzEvSkJ5NnM0eXFYZGROOVRvcHNrTHRobV9TME5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS84MmZiMWQtZjRmNC00MzZhLWE5OTMtYjRhMTcwMGYyMTcy
LzEvQ2FyUmV4Qm5kZVNFOWg2N1hzRUV3bndZZmtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwh9eMA0G
CSqGSIb3DQEBCwUAA4IBAQCLK38goXopJkPZNNJieAWds6p/b0f0DHqIktwNOkyl
lWzUzKOJuCNoEvUhyNKENg9TZ8qApbhUQ1PH87Rk6XN5e5u0xS9cF4vegWXSzCeK
a6Dl7llneANn90/VOxMpA9pUrv0u9aSJ34wkK95TsQmFcEeN8hVJgtSvpXAFuauI
PtADCkNLh3PDfZtc9xI75ziVQUWAirqhRSSGABFYnNL2w3B2LQbiC8r46xqJ31fU
5p418l/Uc9B+H/Cobv9fMPxnTIiixfUmlxCWDxcNAuOVd7Ed3YB5h5fKCOwgZV+4
0IN9rnktBQNf+T0S88Ly4DBk91hIcC2jSbiV3aS88zvv
-----END CERTIFICATE-----