Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/48afe0-5a18-4d99-91b6-8073dce09628/1/JDO0U97T8r1uSUpUMs-XeWv8v1c.roa
File:                     JDO0U97T8r1uSUpUMs-XeWv8v1c.roa (raw, json)
Hash identifier:          ucJlhYMgutmu1Q4vG38Kz4wExptif00wKDy9CqUcnfo=
Subject key identifier:   24:33:B4:53:DE:D3:F2:BD:6E:49:4A:54:32:CF:97:79:6B:FC:BF:57
Certificate issuer:       /CN=4ac2bc0e3e59332f4be2c58ff25a1861f5fde819
Certificate serial:       01903026E8AF4FA20D10ADDC649271CD4D6E
Authority key identifier: 4A:C2:BC:0E:3E:59:33:2F:4B:E2:C5:8F:F2:5A:18:61:F5:FD:E8:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SsK8Dj5ZMy9L4sWP8loYYfX96Bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/48afe0-5a18-4d99-91b6-8073dce09628/1/JDO0U97T8r1uSUpUMs-XeWv8v1c.roa
Signing time:             Wed 19 Jun 2024 10:59:34 +0000
ROA not before:           Wed 19 Jun 2024 10:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41622
IP address blocks:        77.245.176.0/20 maxlen: 20
                          185.244.112.0/22 maxlen: 22
                          217.194.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/48afe0-5a18-4d99-91b6-8073dce09628/1/SsK8Dj5ZMy9L4sWP8loYYfX96Bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/48afe0-5a18-4d99-91b6-8073dce09628/1/SsK8Dj5ZMy9L4sWP8loYYfX96Bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SsK8Dj5ZMy9L4sWP8loYYfX96Bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:26:e8:af:4f:a2:0d:10:ad:dc:64:92:71:cd:4d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ac2bc0e3e59332f4be2c58ff25a1861f5fde819
        Validity
            Not Before: Jun 19 10:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2433b453ded3f2bd6e494a5432cf97796bfcbf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a5:bf:94:84:a5:25:7b:44:bf:b5:37:4d:87:
                    9d:10:2d:de:d0:c2:e8:02:ad:66:97:4e:00:5b:a8:
                    17:dd:38:7b:ef:91:a7:81:c9:8a:f6:ba:19:dc:19:
                    0f:ee:89:04:05:a0:56:49:3d:c4:7c:2d:fe:3e:7b:
                    71:26:9f:e3:21:b5:ed:ea:c6:77:8a:7b:81:b1:9d:
                    0e:7b:f2:48:a6:fb:5b:41:e2:17:47:f9:cf:5a:49:
                    30:17:d0:44:05:45:c4:cb:b8:7b:1f:97:01:3d:e2:
                    de:cc:d7:9f:40:f0:ca:00:4c:dc:01:19:84:35:88:
                    0a:32:9e:cd:cd:85:7b:b1:bc:12:a6:61:7f:76:0f:
                    2f:62:55:62:0a:1f:db:8c:9e:c0:4d:75:78:b5:65:
                    b7:d4:99:d1:b1:ae:a5:fa:1e:b8:4b:3d:2c:d9:88:
                    3b:2b:7b:f8:2f:bf:f3:5f:d2:1b:03:b9:7e:4a:a2:
                    41:53:eb:02:76:20:e2:6c:cf:74:5c:64:67:a5:2d:
                    5c:2a:eb:24:04:4c:b6:b5:4b:ae:b8:78:b1:0b:c5:
                    1f:73:e6:ea:19:3a:77:16:eb:59:fc:53:e1:5c:82:
                    9e:44:d2:7e:05:10:f4:49:6e:45:2c:c9:12:2d:2f:
                    7f:4a:2d:c5:f2:78:93:4c:d8:65:b2:79:28:af:de:
                    5a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:33:B4:53:DE:D3:F2:BD:6E:49:4A:54:32:CF:97:79:6B:FC:BF:57
            X509v3 Authority Key Identifier:
                keyid:4A:C2:BC:0E:3E:59:33:2F:4B:E2:C5:8F:F2:5A:18:61:F5:FD:E8:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SsK8Dj5ZMy9L4sWP8loYYfX96Bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/48afe0-5a18-4d99-91b6-8073dce09628/1/JDO0U97T8r1uSUpUMs-XeWv8v1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/48afe0-5a18-4d99-91b6-8073dce09628/1/SsK8Dj5ZMy9L4sWP8loYYfX96Bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.245.176.0/20
                  185.244.112.0/22
                  217.194.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6a:36:aa:0b:b6:0c:59:a2:e4:31:9a:c2:46:bd:d3:0f:c5:76:
         98:0d:92:82:e0:8f:e5:d6:40:e2:f0:52:ac:16:4d:f4:a2:0f:
         e9:da:02:b4:3c:fd:ef:49:0b:b7:17:81:51:63:77:19:4b:c9:
         5c:70:80:67:73:53:a0:02:44:41:7b:38:65:c1:21:0d:5a:b4:
         64:62:bf:fc:6a:a1:d4:1b:09:ed:c3:85:ba:8a:87:ae:73:a0:
         3a:d9:d4:12:b0:d1:30:e4:82:ae:06:be:33:75:5d:9e:bc:77:
         3b:6b:c0:d1:b1:2d:d9:af:47:e2:2c:ea:31:b2:36:64:e9:b4:
         22:f3:38:5a:1e:4b:d2:9a:3f:f1:0a:31:b9:35:6f:b6:3f:24:
         50:20:d0:f1:cb:7f:56:c6:d8:e5:f9:aa:44:8d:35:1a:b0:6d:
         5e:3e:e4:fe:20:49:67:31:fc:cc:60:dc:4c:75:57:a7:75:c2:
         a6:18:2d:0b:97:ee:61:b8:7e:74:6c:2f:7d:7d:91:e3:9e:f3:
         41:38:3c:62:23:95:56:ba:eb:00:c0:25:2c:07:cc:cc:58:c2:
         7e:0a:b4:4d:56:d8:c7:da:31:b7:56:39:cb:5a:3b:c9:63:dd:
         4f:88:92:f0:6c:bc:60:8b:77:62:72:77:0e:ca:99:ca:85:b3:
         63:3b:0f:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAwJuivT6INEK3cZJJxzU1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYzJiYzBlM2U1OTMzMmY0YmUyYzU4ZmYyNWExODYxZjVm
ZGU4MTkwHhcNMjQwNjE5MTA1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDMzYjQ1M2RlZDNmMmJkNmU0OTRhNTQzMmNmOTc3OTZiZmNiZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaW/lISlJXtEv7U3TYedEC3e0MLo
Aq1ml04AW6gX3Th775GngcmK9roZ3BkP7okEBaBWST3EfC3+PntxJp/jIbXt6sZ3
inuBsZ0Oe/JIpvtbQeIXR/nPWkkwF9BEBUXEy7h7H5cBPeLezNefQPDKAEzcARmE
NYgKMp7NzYV7sbwSpmF/dg8vYlViCh/bjJ7ATXV4tWW31JnRsa6l+h64Sz0s2Yg7
K3v4L7/zX9IbA7l+SqJBU+sCdiDibM90XGRnpS1cKuskBEy2tUuuuHixC8Ufc+bq
GTp3FutZ/FPhXIKeRNJ+BRD0SW5FLMkSLS9/Si3F8niTTNhlsnkor95aCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCQztFPe0/K9bklKVDLPl3lr/L9XMB8GA1UdIwQY
MBaAFErCvA4+WTMvS+LFj/JaGGH1/egZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3NLOERqNVpNeTlMNHNXUDhsb1lZZlg5NkJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80OGFmZTAtNWExOC00ZDk5LTkxYjYt
ODA3M2RjZTA5NjI4LzEvSkRPMFU5N1Q4cjF1U1VwVU1zLVhlV3Y4djFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80OGFmZTAtNWExOC00ZDk5LTkxYjYtODA3M2RjZTA5NjI4
LzEvU3NLOERqNVpNeTlMNHNXUDhsb1lZZlg5NkJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQETfWwAwQC
ufRwAwQE2cIwMA0GCSqGSIb3DQEBCwUAA4IBAQBqNqoLtgxZouQxmsJGvdMPxXaY
DZKC4I/l1kDi8FKsFk30og/p2gK0PP3vSQu3F4FRY3cZS8lccIBnc1OgAkRBezhl
wSENWrRkYr/8aqHUGwntw4W6ioeuc6A62dQSsNEw5IKuBr4zdV2evHc7a8DRsS3Z
r0fiLOoxsjZk6bQi8zhaHkvSmj/xCjG5NW+2PyRQINDxy39Wxtjl+apEjTUasG1e
PuT+IElnMfzMYNxMdVendcKmGC0Ll+5huH50bC99fZHjnvNBODxiI5VWuusAwCUs
B8zMWMJ+CrRNVtjH2jG3VjnLWjvJY91PiJLwbLxgi3dicncOypnKhbNjOw8N
-----END CERTIFICATE-----