Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9c0278-542c-4467-ac7c-24aee2b0e82b/1/JR0CGFaP7PLQS5yWXmvSs5_EJkA.roa
File:                     JR0CGFaP7PLQS5yWXmvSs5_EJkA.roa (raw, json)
Hash identifier:          Ufnc3fcAtCQv0J3xOCE4gl6vgJXavt1q6PfnN2+TnxI=
Subject key identifier:   25:1D:02:18:56:8F:EC:F2:D0:4B:9C:96:5E:6B:D2:B3:9F:C4:26:40
Certificate issuer:       /CN=5be719f985df394a42ac11e5cbc8f82b4b7aec5d
Certificate serial:       018CC4939E6A51F4E3CA79DFAD6EA1A38E97
Authority key identifier: 5B:E7:19:F9:85:DF:39:4A:42:AC:11:E5:CB:C8:F8:2B:4B:7A:EC:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-cZ-YXfOUpCrBHly8j4K0t67F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9c0278-542c-4467-ac7c-24aee2b0e82b/1/JR0CGFaP7PLQS5yWXmvSs5_EJkA.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56818
IP address blocks:        91.227.254.0/24 maxlen: 24
                          192.162.200.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9c0278-542c-4467-ac7c-24aee2b0e82b/1/W-cZ-YXfOUpCrBHly8j4K0t67F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9c0278-542c-4467-ac7c-24aee2b0e82b/1/W-cZ-YXfOUpCrBHly8j4K0t67F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-cZ-YXfOUpCrBHly8j4K0t67F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9e:6a:51:f4:e3:ca:79:df:ad:6e:a1:a3:8e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5be719f985df394a42ac11e5cbc8f82b4b7aec5d
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=251d0218568fecf2d04b9c965e6bd2b39fc42640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:db:52:02:70:ae:f2:7a:e1:d4:3c:ca:2f:8d:
                    ff:c0:9a:49:d8:18:08:40:71:5a:48:23:23:f2:72:
                    2c:18:65:77:83:fb:a8:a9:31:9c:fe:7b:d2:cb:4b:
                    a5:c1:c9:f9:5d:03:74:17:50:06:63:22:e0:f8:99:
                    92:73:60:4e:3a:1d:9a:13:74:66:fe:0b:0a:b8:20:
                    0f:4f:d6:6a:72:31:1a:be:a0:76:7b:a8:27:81:31:
                    f0:3f:a4:7a:d1:7c:fc:09:91:6c:8f:e4:bc:b8:3f:
                    57:0b:c1:6d:a3:e6:b0:ec:c6:eb:27:7d:9d:b5:b5:
                    5f:aa:f6:74:7f:b9:0d:85:6c:9f:3b:4e:71:71:47:
                    ff:b4:43:c8:63:da:ee:dd:04:de:97:f4:b4:a4:c4:
                    de:bc:a8:69:ec:ec:dd:db:1f:31:e9:c7:d1:17:14:
                    1c:b9:50:63:47:d9:8a:4e:09:86:fa:14:37:24:9c:
                    91:7f:dd:25:04:ce:68:1e:08:3e:61:5f:53:b5:c3:
                    e3:b3:aa:fd:e6:5a:6d:14:d5:b5:16:8d:78:a0:30:
                    03:8b:97:a4:cb:7c:22:8f:af:85:ac:13:d5:5d:75:
                    d6:6f:a8:cc:63:45:43:d0:c3:f1:e7:98:11:0c:41:
                    05:a5:44:8a:14:30:88:1b:23:63:a5:45:7d:2d:d9:
                    4c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:1D:02:18:56:8F:EC:F2:D0:4B:9C:96:5E:6B:D2:B3:9F:C4:26:40
            X509v3 Authority Key Identifier:
                keyid:5B:E7:19:F9:85:DF:39:4A:42:AC:11:E5:CB:C8:F8:2B:4B:7A:EC:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-cZ-YXfOUpCrBHly8j4K0t67F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9c0278-542c-4467-ac7c-24aee2b0e82b/1/JR0CGFaP7PLQS5yWXmvSs5_EJkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9c0278-542c-4467-ac7c-24aee2b0e82b/1/W-cZ-YXfOUpCrBHly8j4K0t67F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.254.0/24
                  192.162.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:ba:f2:8c:d3:80:c4:ba:98:0f:a9:d9:42:46:f8:16:3c:4d:
         be:be:3c:3c:14:57:52:68:94:1e:6c:6c:56:30:0a:01:a1:02:
         1a:a7:66:00:79:41:7b:20:92:51:a2:56:b1:dd:a7:4d:03:ab:
         3f:c4:76:e5:50:71:8e:28:cc:df:96:91:42:32:8a:e8:e3:ca:
         f4:61:ca:46:3f:9e:36:73:ce:7d:50:7d:05:94:f0:64:fa:f1:
         aa:64:6f:fa:3f:d3:5f:ee:a0:d6:3a:9d:76:00:9a:2d:56:98:
         49:5d:11:13:b7:5b:33:28:72:d6:bc:5e:59:3e:c3:95:eb:40:
         9e:a6:fd:f0:99:df:3c:04:07:ce:5e:66:d9:ca:31:17:eb:93:
         80:09:c0:2d:11:8f:a1:73:0a:85:52:ea:16:c4:29:a2:64:52:
         57:ac:b4:c2:a8:a4:83:ae:2d:aa:cd:b5:90:77:44:a2:a3:75:
         0a:95:20:70:03:7b:b6:00:0c:34:02:51:43:01:34:c9:22:27:
         6d:9a:e7:63:96:3d:2d:c5:6f:fe:85:9c:85:ce:d8:ad:ae:0d:
         9d:11:bf:2f:81:5d:1f:82:5c:66:ec:23:0f:c1:89:16:29:53:
         a7:87:8c:c4:97:20:7d:5d:7c:ac:dd:dc:2e:28:ab:ee:df:b3:
         e9:4b:58:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk55qUfTjynnfrW6ho46XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZTcxOWY5ODVkZjM5NGE0MmFjMTFlNWNiYzhmODJiNGI3
YWVjNWQwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTFkMDIxODU2OGZlY2YyZDA0YjljOTY1ZTZiZDJiMzlmYzQyNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdtSAnCu8nrh1DzKL43/wJpJ2BgI
QHFaSCMj8nIsGGV3g/uoqTGc/nvSy0ulwcn5XQN0F1AGYyLg+JmSc2BOOh2aE3Rm
/gsKuCAPT9ZqcjEavqB2e6gngTHwP6R60Xz8CZFsj+S8uD9XC8Fto+aw7MbrJ32d
tbVfqvZ0f7kNhWyfO05xcUf/tEPIY9ru3QTel/S0pMTevKhp7Ozd2x8x6cfRFxQc
uVBjR9mKTgmG+hQ3JJyRf90lBM5oHgg+YV9TtcPjs6r95lptFNW1Fo14oDADi5ek
y3wij6+FrBPVXXXWb6jMY0VD0MPx55gRDEEFpUSKFDCIGyNjpUV9LdlMHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCUdAhhWj+zy0Eucll5r0rOfxCZAMB8GA1UdIwQY
MBaAFFvnGfmF3zlKQqwR5cvI+CtLeuxdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1jWi1ZWGZPVXBDckJIbHk4ajRLMHQ2N0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85YzAyNzgtNTQyYy00NDY3LWFjN2Mt
MjRhZWUyYjBlODJiLzEvSlIwQ0dGYVA3UExRUzV5V1htdlNzNV9FSmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85YzAyNzgtNTQyYy00NDY3LWFjN2MtMjRhZWUyYjBlODJi
LzEvVy1jWi1ZWGZPVXBDckJIbHk4ajRLMHQ2N0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+P+AwQC
wKLIMA0GCSqGSIb3DQEBCwUAA4IBAQAluvKM04DEupgPqdlCRvgWPE2+vjw8FFdS
aJQebGxWMAoBoQIap2YAeUF7IJJRolax3adNA6s/xHblUHGOKMzflpFCMoro48r0
YcpGP542c859UH0FlPBk+vGqZG/6P9Nf7qDWOp12AJotVphJXRETt1szKHLWvF5Z
PsOV60Cepv3wmd88BAfOXmbZyjEX65OACcAtEY+hcwqFUuoWxCmiZFJXrLTCqKSD
ri2qzbWQd0Sio3UKlSBwA3u2AAw0AlFDATTJIidtmudjlj0txW/+hZyFztitrg2d
Eb8vgV0fglxm7CMPwYkWKVOnh4zElyB9XXys3dwuKKvu37PpS1jQ
-----END CERTIFICATE-----