Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/JRUnR0TDivSF9LmmF6-7wlpOfcA.roa
File:                     JRUnR0TDivSF9LmmF6-7wlpOfcA.roa (raw, json)
Hash identifier:          E8P/qfpdFP4uh7X7luUnsAdnuhfLieGCz+/vCSgSURk=
Subject key identifier:   25:15:27:47:44:C3:8A:F4:85:F4:B9:A6:17:AF:BB:C2:5A:4E:7D:C0
Certificate issuer:       /CN=f16225a500454e62f1d25253ba7a2d8c1e254429
Certificate serial:       018CC4246DD7CBC31F275ED49DA0D9AF912B
Authority key identifier: F1:62:25:A5:00:45:4E:62:F1:D2:52:53:BA:7A:2D:8C:1E:25:44:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8WIlpQBFTmLx0lJTunotjB4lRCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/JRUnR0TDivSF9LmmF6-7wlpOfcA.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     926
IP address blocks:        37.10.116.0/24 maxlen: 24
                          185.184.229.0/24 maxlen: 24
                          2a13:9440::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/8WIlpQBFTmLx0lJTunotjB4lRCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/8WIlpQBFTmLx0lJTunotjB4lRCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8WIlpQBFTmLx0lJTunotjB4lRCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6d:d7:cb:c3:1f:27:5e:d4:9d:a0:d9:af:91:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f16225a500454e62f1d25253ba7a2d8c1e254429
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2515274744c38af485f4b9a617afbbc25a4e7dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d6:4c:ba:ed:f0:af:60:36:b2:2c:53:72:d8:
                    fe:2e:08:33:2d:06:28:49:f4:aa:2c:7b:85:0c:77:
                    ee:1c:5b:77:83:70:e6:15:a9:94:a4:fc:d8:2c:87:
                    c0:51:74:8f:17:fa:e9:d5:26:c9:96:d4:7d:76:d0:
                    24:af:9f:a0:b5:5c:5b:48:87:be:82:8e:13:28:4a:
                    65:00:54:cf:45:02:e6:2d:cf:ce:dd:30:78:b6:ea:
                    4c:8c:37:16:b0:6b:3e:7c:3c:ea:41:2a:7e:6f:60:
                    44:5f:40:fb:39:75:b7:c8:b6:31:4a:4e:53:b8:d9:
                    54:47:b1:21:b6:ce:6e:0d:4d:c6:95:7a:81:b0:3e:
                    06:7d:0a:6f:59:0f:d6:6e:1f:99:e4:3b:88:c6:0b:
                    be:2c:db:3b:4a:87:e1:56:71:e3:05:8d:50:4e:c9:
                    1c:5c:41:f5:6f:e8:65:a4:11:33:9f:65:1d:31:47:
                    66:24:fa:71:ae:fe:39:38:db:8f:38:f1:d0:5d:46:
                    53:f8:e0:59:9f:7c:b6:40:17:a0:61:f3:9c:f9:ec:
                    ac:b0:8e:86:83:0d:58:0b:47:3a:71:6a:d1:40:88:
                    95:af:fa:37:cb:88:17:b9:c2:a3:cb:46:44:a3:b3:
                    4d:ce:55:0d:35:0b:6e:67:f4:8d:a1:e0:1f:a7:3a:
                    9b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:15:27:47:44:C3:8A:F4:85:F4:B9:A6:17:AF:BB:C2:5A:4E:7D:C0
            X509v3 Authority Key Identifier:
                keyid:F1:62:25:A5:00:45:4E:62:F1:D2:52:53:BA:7A:2D:8C:1E:25:44:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8WIlpQBFTmLx0lJTunotjB4lRCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/JRUnR0TDivSF9LmmF6-7wlpOfcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/8WIlpQBFTmLx0lJTunotjB4lRCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.116.0/24
                  185.184.229.0/24
                IPv6:
                  2a13:9440::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:6e:55:bf:0a:80:46:52:80:eb:cc:5f:5b:e8:11:de:81:c7:
         e0:65:52:d9:3e:4d:96:55:a6:16:ad:fa:84:45:e8:9c:49:1b:
         f6:b2:b2:e8:a6:07:18:d4:ff:8d:52:34:8d:06:d9:d0:eb:ca:
         56:d6:5a:d7:d8:3f:85:9d:1a:73:1b:b1:1a:3a:ee:f8:c1:34:
         4a:f0:a5:e0:80:5a:0f:0f:59:bf:3b:ef:82:af:da:8f:3b:db:
         56:b3:6b:f8:99:ad:dd:78:ce:3b:c0:29:f5:0b:99:43:14:b2:
         20:f3:b0:89:17:02:a8:bd:6b:ec:29:ed:2c:f0:39:dd:70:b3:
         89:e9:3d:f5:85:8f:8a:f2:30:c1:76:11:2e:48:97:b6:55:dc:
         12:50:f9:0f:1e:1c:0f:0e:e4:4f:c1:08:58:b6:4b:e4:89:57:
         2c:a5:38:94:e8:14:20:0e:90:c1:48:b1:c0:ac:6a:4c:d6:4e:
         50:98:6b:6f:ff:07:ee:fa:50:bc:c4:24:8b:14:2d:8c:d1:83:
         d7:7c:05:e3:78:c0:b0:fd:e8:ed:56:0d:60:8d:18:7c:36:5f:
         e6:e8:67:51:72:7e:38:c0:f8:4e:71:5d:f8:db:10:d4:2e:15:
         c6:d5:40:c3:30:b9:9e:a3:16:fb:e7:09:3a:52:ec:b4:61:b5:
         6a:5c:c0:ce
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJG3Xy8MfJ17UnaDZr5ErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNjIyNWE1MDA0NTRlNjJmMWQyNTI1M2JhN2EyZDhjMWUy
NTQ0MjkwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTE1Mjc0NzQ0YzM4YWY0ODVmNGI5YTYxN2FmYmJjMjVhNGU3ZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtZMuu3wr2A2sixTctj+LggzLQYo
SfSqLHuFDHfuHFt3g3DmFamUpPzYLIfAUXSPF/rp1SbJltR9dtAkr5+gtVxbSIe+
go4TKEplAFTPRQLmLc/O3TB4tupMjDcWsGs+fDzqQSp+b2BEX0D7OXW3yLYxSk5T
uNlUR7Ehts5uDU3GlXqBsD4GfQpvWQ/Wbh+Z5DuIxgu+LNs7SofhVnHjBY1QTskc
XEH1b+hlpBEzn2UdMUdmJPpxrv45ONuPOPHQXUZT+OBZn3y2QBegYfOc+eyssI6G
gw1YC0c6cWrRQIiVr/o3y4gXucKjy0ZEo7NNzlUNNQtuZ/SNoeAfpzqbHwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCUVJ0dEw4r0hfS5phevu8JaTn3AMB8GA1UdIwQY
MBaAFPFiJaUARU5i8dJSU7p6LYweJUQpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFdJbHBRQkZUbUx4MGxKVHVub3RqQjRsUkNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zODQ2NDUtNjE4YS00NWIyLTlkMmIt
NTZmYWRjOTJlNDAwLzEvSlJVblIwVERpdlNGOUxtbUY2LTd3bHBPZmNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zODQ2NDUtNjE4YS00NWIyLTlkMmItNTZmYWRjOTJlNDAw
LzEvOFdJbHBRQkZUbUx4MGxKVHVub3RqQjRsUkNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJQp0AwQA
ubjlMA0EAgACMAcDBQMqE5RAMA0GCSqGSIb3DQEBCwUAA4IBAQCRblW/CoBGUoDr
zF9b6BHegcfgZVLZPk2WVaYWrfqEReicSRv2srLopgcY1P+NUjSNBtnQ68pW1lrX
2D+FnRpzG7EaOu74wTRK8KXggFoPD1m/O++Cr9qPO9tWs2v4ma3deM47wCn1C5lD
FLIg87CJFwKovWvsKe0s8DndcLOJ6T31hY+K8jDBdhEuSJe2VdwSUPkPHhwPDuRP
wQhYtkvkiVcspTiU6BQgDpDBSLHArGpM1k5QmGtv/wfu+lC8xCSLFC2M0YPXfAXj
eMCw/ejtVg1gjRh8Nl/m6GdRcn44wPhOcV342xDULhXG1UDDMLmeoxb75wk6Uuy0
YbVqXMDO
-----END CERTIFICATE-----