Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/JMxOp8NP6zD--tpQVQ8NR9js7JE.roa
File:                     JMxOp8NP6zD--tpQVQ8NR9js7JE.roa (raw, json)
Hash identifier:          90Dz+6w/jKQQ4CI/X0nwKo5UVz4ZnY6VHDOHtWegEAc=
Subject key identifier:   24:CC:4E:A7:C3:4F:EB:30:FE:FA:DA:50:55:0F:0D:47:D8:EC:EC:91
Certificate issuer:       /CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
Certificate serial:       018CC5004A2ADB59BFA09EC1CF68382AC77F
Authority key identifier: 4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/JMxOp8NP6zD--tpQVQ8NR9js7JE.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60774
IP address blocks:        194.15.88.0/21 maxlen: 24
                          2a09:2800::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/Tj_pDw-taiXUa9fDNbki2gMbLHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/Tj_pDw-taiXUa9fDNbki2gMbLHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4a:2a:db:59:bf:a0:9e:c1:cf:68:38:2a:c7:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24cc4ea7c34feb30fefada50550f0d47d8ecec91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:54:e6:a2:0e:91:a1:6d:84:74:45:a6:11:49:
                    2c:28:14:33:d3:5a:57:4c:93:af:f4:d1:bb:f4:5e:
                    06:f6:1d:6a:47:d0:b1:d5:6b:0d:52:6d:ba:81:77:
                    e0:de:07:72:00:02:88:db:0f:47:5a:a5:ed:5d:68:
                    bc:e0:e5:b0:68:19:de:af:6c:b9:b8:12:f6:8d:ed:
                    28:83:28:5c:ea:ef:f8:69:6d:84:26:b2:ea:12:1a:
                    9a:23:94:a5:5d:a6:d9:2d:01:b6:cb:bc:e4:a5:a8:
                    10:2a:14:bf:0b:f5:e4:93:ab:4b:fa:b3:20:67:a8:
                    2e:d6:bc:45:f5:06:06:41:3f:c8:5e:7c:32:a9:13:
                    44:c3:f5:0a:fa:d9:2d:6f:f6:1f:fc:3b:c4:98:8c:
                    c8:71:35:ab:0b:6f:a6:d4:a6:d3:1c:02:43:47:5a:
                    8d:f7:65:cc:36:de:5d:d2:0e:99:d7:8a:da:dd:97:
                    c1:a3:5c:d6:d8:22:dd:67:fb:bd:17:d8:9e:02:3d:
                    db:d6:3f:6c:ea:d9:fd:4c:b3:e1:4c:78:d5:62:e8:
                    67:dc:25:a6:2b:11:7f:12:43:d4:df:57:31:46:49:
                    50:94:c3:5c:08:14:73:5f:bc:de:65:7c:4c:a3:98:
                    11:3e:f1:da:bd:cc:a9:ef:2d:8c:3d:c3:6d:40:a8:
                    30:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:CC:4E:A7:C3:4F:EB:30:FE:FA:DA:50:55:0F:0D:47:D8:EC:EC:91
            X509v3 Authority Key Identifier:
                keyid:4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/JMxOp8NP6zD--tpQVQ8NR9js7JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/Tj_pDw-taiXUa9fDNbki2gMbLHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.88.0/21
                IPv6:
                  2a09:2800::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:e4:ef:47:29:50:d8:2d:04:b9:5f:eb:64:50:62:ac:dc:f8:
         3c:26:1e:bf:de:6b:6f:12:eb:38:0d:d2:95:cf:37:f2:7f:78:
         9e:66:ff:22:fa:cf:f2:10:05:7d:0a:ab:f9:22:64:eb:72:df:
         d4:25:16:43:5b:d1:b1:6f:87:9f:f5:3f:1c:c4:b1:a6:d0:a0:
         cb:5e:34:8e:47:62:ed:73:6e:0b:a3:8a:1e:ac:2e:1d:5b:33:
         74:73:69:51:f1:df:e7:91:51:18:ba:4d:a5:54:cc:c1:6c:63:
         dd:e2:86:bd:3a:59:39:a9:56:d5:e9:af:e0:4e:d1:0d:4a:8b:
         6a:f4:d0:d0:45:87:25:14:6a:4c:c1:82:34:93:ad:1b:b1:63:
         2f:d9:11:ba:d6:8d:c0:af:db:7b:17:3a:e0:e8:fd:15:b0:f0:
         8c:5b:55:e1:3e:d9:79:d5:08:41:b9:67:63:0d:82:66:e9:7b:
         11:65:b0:a3:78:02:30:e9:59:74:4d:2e:15:f3:bd:41:d3:a6:
         84:69:2c:86:67:0d:62:05:ea:c3:05:55:c9:51:76:c8:99:f4:
         3c:f5:8f:53:05:c8:ba:ea:20:5e:32:be:92:83:1a:76:dd:1d:
         9f:35:fa:e8:6b:db:f8:90:e4:6a:ef:aa:72:4d:15:a3:39:85:
         7c:52:18:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAEoq21m/oJ7Bz2g4Ksd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlM2ZlOTBmMGZhZDZhMjVkNDZiZDdjMzM1YjkyMmRhMDMx
YjJjNzgwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGNjNGVhN2MzNGZlYjMwZmVmYWRhNTA1NTBmMGQ0N2Q4ZWNlYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFTmog6RoW2EdEWmEUksKBQz01pX
TJOv9NG79F4G9h1qR9Cx1WsNUm26gXfg3gdyAAKI2w9HWqXtXWi84OWwaBner2y5
uBL2je0ogyhc6u/4aW2EJrLqEhqaI5SlXabZLQG2y7zkpagQKhS/C/Xkk6tL+rMg
Z6gu1rxF9QYGQT/IXnwyqRNEw/UK+tktb/Yf/DvEmIzIcTWrC2+m1KbTHAJDR1qN
92XMNt5d0g6Z14ra3ZfBo1zW2CLdZ/u9F9ieAj3b1j9s6tn9TLPhTHjVYuhn3CWm
KxF/EkPU31cxRklQlMNcCBRzX7zeZXxMo5gRPvHavcyp7y2MPcNtQKgwWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCTMTqfDT+sw/vraUFUPDUfY7OyRMB8GA1UdIwQY
MBaAFE4/6Q8PrWol1GvXwzW5ItoDGyx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2Et
MTQ4N2M2MDIwYzQ2LzEvSk14T3A4TlA2ekQtLXRwUVZROE5SOWpzN0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2EtMTQ4N2M2MDIwYzQ2
LzEvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDwg9YMA0E
AgACMAcDBQMqCSgAMA0GCSqGSIb3DQEBCwUAA4IBAQCT5O9HKVDYLQS5X+tkUGKs
3Pg8Jh6/3mtvEus4DdKVzzfyf3ieZv8i+s/yEAV9Cqv5ImTrct/UJRZDW9Gxb4ef
9T8cxLGm0KDLXjSOR2Ltc24Lo4oerC4dWzN0c2lR8d/nkVEYuk2lVMzBbGPd4oa9
Olk5qVbV6a/gTtENSotq9NDQRYclFGpMwYI0k60bsWMv2RG61o3Ar9t7Fzrg6P0V
sPCMW1XhPtl51QhBuWdjDYJm6XsRZbCjeAIw6Vl0TS4V871B06aEaSyGZw1iBerD
BVXJUXbImfQ89Y9TBci66iBeMr6Sgxp23R2fNfroa9v4kORq76pyTRWjOYV8Uhja
-----END CERTIFICATE-----