Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/JJtGIzwMb0NH1K0xOOSJ3Svq21Y.roa
File:                     JJtGIzwMb0NH1K0xOOSJ3Svq21Y.roa (raw, json)
Hash identifier:          jzheSR9YDazpuakcyVcPFGrRDtA/Yn1wEdO6GnVDsi8=
Subject key identifier:   24:9B:46:23:3C:0C:6F:43:47:D4:AD:31:38:E4:89:DD:2B:EA:DB:56
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       018FE30983865883C67282D2247AA4BC89FD
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/JJtGIzwMb0NH1K0xOOSJ3Svq21Y.roa
Signing time:             Tue 04 Jun 2024 11:36:42 +0000
ROA not before:           Tue 04 Jun 2024 11:36:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47585
IP address blocks:        91.228.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 05:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:09:83:86:58:83:c6:72:82:d2:24:7a:a4:bc:89:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Jun  4 11:36:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=249b46233c0c6f4347d4ad3138e489dd2beadb56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:07:7f:62:3c:2b:f0:03:44:d1:85:e5:65:af:
                    f4:79:95:ad:c6:1b:39:5c:c4:7b:55:ce:c1:de:05:
                    9d:4b:23:c1:a3:03:f9:0f:4e:35:d4:d0:c7:25:57:
                    f3:c9:e6:7e:f0:74:21:2e:e4:64:6a:6f:e9:bb:f3:
                    ce:b0:d4:84:77:50:0a:11:7d:cb:17:c9:33:46:d3:
                    32:d5:4b:d1:1b:d8:8c:51:4c:de:fd:f3:b1:84:44:
                    df:71:2f:32:07:af:7e:4c:82:ef:4d:7d:9e:86:a3:
                    3b:7d:a6:9c:3a:3a:61:aa:f1:60:92:83:32:7e:83:
                    a7:f2:f3:e3:00:ab:ab:64:40:2f:5d:e2:e8:23:75:
                    9b:a6:ae:3b:90:1d:4c:35:22:9d:64:29:59:03:97:
                    8d:f5:eb:c7:20:3a:3b:b5:d3:cc:7a:df:40:01:38:
                    45:c5:e8:66:07:cd:35:51:ba:a9:e3:00:7b:1b:a6:
                    84:eb:bc:3a:d3:19:0a:c5:43:72:07:d3:f2:4b:cd:
                    8e:78:ac:d7:eb:e3:59:06:35:84:36:41:4b:c4:b2:
                    6f:6d:b0:98:3e:45:d2:63:13:ed:ad:a2:09:3d:b8:
                    d9:0e:95:2f:39:36:84:6e:99:03:dc:a1:52:5c:c3:
                    48:61:a7:b7:ca:7c:b2:27:6b:5e:93:25:0b:e5:50:
                    e1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:9B:46:23:3C:0C:6F:43:47:D4:AD:31:38:E4:89:DD:2B:EA:DB:56
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/JJtGIzwMb0NH1K0xOOSJ3Svq21Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:e4:16:02:83:5a:98:cd:23:a1:e0:18:95:bd:bb:0e:a6:7a:
         3f:37:9e:38:ef:63:63:7f:6f:1b:48:cf:0d:be:86:c4:e1:98:
         0d:5e:28:02:fb:ee:e7:a8:e9:a9:f0:2c:2b:f8:3e:7d:c3:99:
         25:aa:3a:e9:77:f9:cd:67:af:bb:dc:e2:df:ee:1e:46:da:98:
         de:82:c7:fc:08:3e:be:8e:84:2d:b1:42:39:0d:3b:85:c3:c2:
         24:c9:91:22:e9:2b:58:26:42:df:aa:a0:45:b2:67:47:13:22:
         9d:db:36:f2:82:2d:e3:63:3b:d6:09:d7:5d:04:55:bc:92:5c:
         b8:64:8c:3a:00:a0:4c:89:03:55:60:8d:12:de:f2:77:ad:96:
         80:88:04:49:4d:d4:e6:8f:6f:c3:9a:12:0b:69:f7:0e:de:5e:
         6b:7f:0d:de:06:f8:2c:d0:14:30:8d:46:c3:21:3f:70:1e:e7:
         d7:50:d4:4f:e2:85:96:1a:3b:71:8e:3b:1c:5f:58:3e:6b:36:
         c7:79:79:92:65:88:2d:14:44:e6:50:49:32:6b:f9:63:24:32:
         3e:bf:f7:45:71:81:1a:bf:f2:fa:2f:84:e3:7a:ce:7e:3a:3a:
         ba:c4:7d:4f:26:a7:c2:ae:f0:c5:38:85:2d:ae:d0:95:f7:49:
         aa:81:1f:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/jCYOGWIPGcoLSJHqkvIn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQwNjA0MTEzNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDliNDYyMzNjMGM2ZjQzNDdkNGFkMzEzOGU0ODlkZDJiZWFkYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwd/Yjwr8ANE0YXlZa/0eZWtxhs5
XMR7Vc7B3gWdSyPBowP5D0411NDHJVfzyeZ+8HQhLuRkam/pu/POsNSEd1AKEX3L
F8kzRtMy1UvRG9iMUUze/fOxhETfcS8yB69+TILvTX2ehqM7faacOjphqvFgkoMy
foOn8vPjAKurZEAvXeLoI3Wbpq47kB1MNSKdZClZA5eN9evHIDo7tdPMet9AAThF
xehmB801Ubqp4wB7G6aE67w60xkKxUNyB9PyS82OeKzX6+NZBjWENkFLxLJvbbCY
PkXSYxPtraIJPbjZDpUvOTaEbpkD3KFSXMNIYae3ynyyJ2tekyUL5VDhUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSbRiM8DG9DR9StMTjkid0r6ttWMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvSkp0R0l6d01iME5IMUsweE9PU0ozU3ZxMjFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+QNMA0G
CSqGSIb3DQEBCwUAA4IBAQAG5BYCg1qYzSOh4BiVvbsOpno/N54472Njf28bSM8N
vobE4ZgNXigC++7nqOmp8Cwr+D59w5klqjrpd/nNZ6+73OLf7h5G2pjegsf8CD6+
joQtsUI5DTuFw8IkyZEi6StYJkLfqqBFsmdHEyKd2zbygi3jYzvWCdddBFW8kly4
ZIw6AKBMiQNVYI0S3vJ3rZaAiARJTdTmj2/DmhILafcO3l5rfw3eBvgs0BQwjUbD
IT9wHufXUNRP4oWWGjtxjjscX1g+azbHeXmSZYgtFETmUEkya/ljJDI+v/dFcYEa
v/L6L4Tjes5+Ojq6xH1PJqfCrvDFOIUtrtCV90mqgR8D
-----END CERTIFICATE-----