Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/JjD70XtvsSvkaZBweUdcuKhN3yA.roa
File:                     JjD70XtvsSvkaZBweUdcuKhN3yA.roa (raw, json)
Hash identifier:          GO3gQG8eTSJNbnd5pUYnqL5orXdpm5el+bYg314piV8=
Subject key identifier:   26:30:FB:D1:7B:6F:B1:2B:E4:69:90:70:79:47:5C:B8:A8:4D:DF:20
Certificate issuer:       /CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
Certificate serial:       018CC8014CC85ECF427B8DB6713F7628DAD2
Authority key identifier: D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/JjD70XtvsSvkaZBweUdcuKhN3yA.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212213
IP address blocks:        185.59.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:03:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4c:c8:5e:cf:42:7b:8d:b6:71:3f:76:28:da:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2630fbd17b6fb12be469907079475cb8a84ddf20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5e:af:53:64:8a:b3:e0:5c:06:2b:db:53:b6:
                    cf:4b:1c:29:2b:73:e7:66:73:fc:8f:4b:48:db:c3:
                    7f:32:54:7d:1d:da:88:bf:c1:f9:3a:ac:be:e1:00:
                    7f:90:38:c9:03:d2:fd:39:fb:90:40:32:45:b3:18:
                    28:b3:fc:0e:65:d3:06:2a:36:54:34:77:c9:8d:80:
                    32:4f:23:c4:3d:2d:38:22:94:e8:97:01:84:07:55:
                    77:af:b3:11:af:85:86:4c:4f:9e:99:a9:ca:10:14:
                    47:63:89:10:b2:50:31:54:6e:36:7e:ce:09:8b:55:
                    b8:8c:1d:2d:ff:8a:0f:2e:64:a1:7c:78:ac:da:4b:
                    5c:1c:44:92:10:0e:72:4c:4a:6c:44:c4:db:08:2d:
                    f7:9b:c0:9f:bf:5a:96:55:c7:8a:fe:1a:e7:88:d0:
                    08:60:dc:ca:0a:36:a7:d5:a3:9c:63:e4:02:9d:57:
                    28:8c:f6:1c:d3:30:9d:fa:bc:68:98:8c:9c:00:5d:
                    a0:8e:0e:55:10:f5:dc:dd:0f:d2:9a:d1:a3:22:eb:
                    27:03:04:f6:32:03:b9:04:f9:ec:5f:ba:63:7b:86:
                    55:f8:69:e7:79:1c:43:7f:9f:25:20:00:2f:d3:eb:
                    96:1c:ff:ff:af:47:a7:4e:c8:0b:a1:d0:00:36:19:
                    bd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:30:FB:D1:7B:6F:B1:2B:E4:69:90:70:79:47:5C:B8:A8:4D:DF:20
            X509v3 Authority Key Identifier:
                keyid:D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/JjD70XtvsSvkaZBweUdcuKhN3yA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:6d:63:7d:da:a9:0d:58:b5:dc:97:40:cf:c9:7d:ca:70:cc:
         ec:aa:2e:fd:71:2a:5c:11:8d:f7:c8:40:fb:81:9e:0f:18:29:
         77:29:40:1b:65:fc:f9:33:8c:24:18:7d:e7:8d:a4:ff:c3:2f:
         79:9a:1f:45:2d:ee:8e:e2:b8:57:9d:1e:62:ea:ef:3f:42:cd:
         08:18:5f:32:6c:b7:aa:5a:84:e6:c8:c2:0a:73:4b:b3:e3:24:
         a6:34:ba:46:73:4b:94:50:24:53:b1:e9:b9:d4:af:c0:5f:14:
         b8:bd:7a:36:83:53:78:ee:5b:8d:b2:a2:7c:80:02:a9:05:40:
         16:ad:19:53:22:fb:b7:f5:25:de:55:80:38:84:48:2c:6a:3c:
         25:86:4f:59:a9:67:a3:23:75:13:24:8d:56:fa:98:d0:c1:f8:
         0b:07:cb:0c:7c:8f:1b:87:ba:a8:7f:ab:5e:be:67:35:57:13:
         52:88:b9:d9:f3:b7:b5:ea:fc:25:68:83:06:bc:f0:a6:8c:aa:
         13:b2:88:09:df:43:d9:52:ef:02:49:85:19:f1:7f:cd:47:ce:
         a0:e4:e4:77:69:d4:29:d2:6a:dc:8c:7d:54:e0:d0:45:3a:7f:
         c6:f7:47:4f:ff:a5:62:03:27:21:a9:0d:c8:cf:e7:73:be:95:
         a6:3d:65:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUzIXs9Ce422cT92KNrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZDFjZDQ3YTUzZWY1N2ViYjU2N2JjODgyYWQyOTg2ZmFh
YzVmMGQwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjMwZmJkMTdiNmZiMTJiZTQ2OTkwNzA3OTQ3NWNiOGE4NGRkZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoV6vU2SKs+BcBivbU7bPSxwpK3Pn
ZnP8j0tI28N/MlR9HdqIv8H5Oqy+4QB/kDjJA9L9OfuQQDJFsxgos/wOZdMGKjZU
NHfJjYAyTyPEPS04IpTolwGEB1V3r7MRr4WGTE+emanKEBRHY4kQslAxVG42fs4J
i1W4jB0t/4oPLmShfHis2ktcHESSEA5yTEpsRMTbCC33m8Cfv1qWVceK/hrniNAI
YNzKCjan1aOcY+QCnVcojPYc0zCd+rxomIycAF2gjg5VEPXc3Q/SmtGjIusnAwT2
MgO5BPnsX7pje4ZV+GnneRxDf58lIAAv0+uWHP//r0enTsgLodAANhm9CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYw+9F7b7Er5GmQcHlHXLioTd8gMB8GA1UdIwQY
MBaAFNXRzUelPvV+u1Z7yIKtKYb6rF8NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYt
ZjRkMDcxZjUwZjFkLzEvSmpENzBYdHZzU3ZrYVpCd2VVZGN1S2hOM3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYtZjRkMDcxZjUwZjFk
LzEvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTvZMA0G
CSqGSIb3DQEBCwUAA4IBAQBCbWN92qkNWLXcl0DPyX3KcMzsqi79cSpcEY33yED7
gZ4PGCl3KUAbZfz5M4wkGH3njaT/wy95mh9FLe6O4rhXnR5i6u8/Qs0IGF8ybLeq
WoTmyMIKc0uz4ySmNLpGc0uUUCRTsem51K/AXxS4vXo2g1N47luNsqJ8gAKpBUAW
rRlTIvu39SXeVYA4hEgsajwlhk9ZqWejI3UTJI1W+pjQwfgLB8sMfI8bh7qof6te
vmc1VxNSiLnZ87e16vwlaIMGvPCmjKoTsogJ30PZUu8CSYUZ8X/NR86g5OR3adQp
0mrcjH1U4NBFOn/G90dP/6ViAychqQ3Iz+dzvpWmPWW/
-----END CERTIFICATE-----