Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JxZYPr7lGUDd3vFvHu8r0x1Dg9c.roa
File:                     JxZYPr7lGUDd3vFvHu8r0x1Dg9c.roa (raw, json)
Hash identifier:          hjO7lKqYTMfZ0IJOrjs96fVBK3999eAvC5ycKRIVY5w=
Subject key identifier:   27:16:58:3E:BE:E5:19:40:DD:DE:F1:6F:1E:EF:2B:D3:1D:43:83:D7
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       018EC2BFC914ACD9509FF8EC6FF0BA843A5F
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JxZYPr7lGUDd3vFvHu8r0x1Dg9c.roa
Signing time:             Tue 09 Apr 2024 12:05:32 +0000
ROA not before:           Tue 09 Apr 2024 12:05:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        5.42.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:bf:c9:14:ac:d9:50:9f:f8:ec:6f:f0:ba:84:3a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Apr  9 12:05:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2716583ebee51940dddef16f1eef2bd31d4383d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7c:55:42:9d:67:cc:3f:87:2f:53:ba:70:01:
                    de:26:29:7c:7a:ce:06:bc:0f:61:aa:93:67:7a:ac:
                    4d:63:53:37:cf:4e:d2:22:45:fe:99:41:4a:dc:57:
                    1e:9b:8d:be:93:57:a4:85:0f:7c:51:0f:16:dd:81:
                    27:32:f7:8a:3d:45:3f:d7:ab:59:9d:14:eb:1b:93:
                    48:ab:a2:13:f2:68:64:06:40:a3:1d:f5:fa:a2:73:
                    a3:d5:03:f5:e2:9e:1d:06:a7:97:a5:66:be:57:35:
                    7f:6d:96:16:79:08:78:0d:b3:f9:88:29:52:c9:f8:
                    23:00:1d:f0:be:bb:8b:02:b0:1e:50:3d:94:27:26:
                    5a:0d:f2:b9:28:61:b4:93:d7:75:7c:8d:6b:bf:5a:
                    f0:fe:f9:5c:d8:a2:85:e9:12:ef:0b:3f:68:05:4f:
                    54:2b:ba:b1:bb:e5:8c:35:6c:92:ea:05:9d:25:82:
                    7b:b5:2e:1b:9d:5b:89:cc:cb:0d:49:c1:42:05:2c:
                    c1:b7:f3:9c:20:fe:96:f0:b8:56:89:1a:b0:d8:0a:
                    67:26:38:bd:52:56:b6:1f:2f:94:b6:88:14:ae:64:
                    7d:c6:2e:49:15:cb:ac:60:6d:8a:ec:c7:48:cd:b8:
                    83:38:ba:f3:e1:15:7c:89:71:34:70:ab:ba:51:d7:
                    a9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:16:58:3E:BE:E5:19:40:DD:DE:F1:6F:1E:EF:2B:D3:1D:43:83:D7
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JxZYPr7lGUDd3vFvHu8r0x1Dg9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:de:2b:75:99:1a:09:a8:11:27:89:0d:9d:9b:c6:0e:d3:92:
         47:0e:a2:17:91:f6:ef:e4:ca:0f:58:e4:e3:eb:84:2f:58:fb:
         cf:d7:6a:31:b6:f7:59:4d:7e:eb:f3:62:28:8e:6d:fb:53:82:
         86:53:18:ad:95:49:9f:53:2d:1b:24:4f:a6:80:7e:b5:da:ec:
         97:9c:04:e6:7d:5b:bd:11:3d:64:ee:f9:05:13:ff:dc:23:a6:
         ad:bb:c3:f2:08:65:9e:7f:cb:6b:01:3f:bb:09:46:99:47:88:
         3e:f9:c5:a1:64:03:c1:37:c2:7f:fe:78:97:89:a3:fa:b4:fa:
         5c:58:a2:c1:0a:66:40:8f:6a:c6:65:f2:cb:db:3b:ef:cc:a4:
         0b:d6:ea:c3:97:73:48:58:49:0a:c4:e7:d1:1f:fc:a7:e3:6c:
         c5:00:33:1b:37:26:0e:68:19:b4:b5:a7:0c:a8:a2:94:c4:6f:
         f8:ba:cb:45:78:ba:df:82:27:d7:c2:a0:0c:9b:12:a8:7e:d9:
         83:76:31:e6:af:b5:5e:39:62:18:8a:7e:ad:1d:61:fb:4a:0e:
         99:60:fb:7f:49:7a:f8:90:4a:e5:7f:57:0c:c7:a8:00:10:21:
         b7:80:10:91:0e:c2:21:52:bc:e2:d9:47:1a:53:7c:5e:af:63:
         a9:cc:b0:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Cv8kUrNlQn/jsb/C6hDpfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwNDA5MTIwNTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzE2NTgzZWJlZTUxOTQwZGRkZWYxNmYxZWVmMmJkMzFkNDM4M2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznxVQp1nzD+HL1O6cAHeJil8es4G
vA9hqpNneqxNY1M3z07SIkX+mUFK3Fcem42+k1ekhQ98UQ8W3YEnMveKPUU/16tZ
nRTrG5NIq6IT8mhkBkCjHfX6onOj1QP14p4dBqeXpWa+VzV/bZYWeQh4DbP5iClS
yfgjAB3wvruLArAeUD2UJyZaDfK5KGG0k9d1fI1rv1rw/vlc2KKF6RLvCz9oBU9U
K7qxu+WMNWyS6gWdJYJ7tS4bnVuJzMsNScFCBSzBt/OcIP6W8LhWiRqw2ApnJji9
Ula2Hy+UtogUrmR9xi5JFcusYG2K7MdIzbiDOLrz4RV8iXE0cKu6UdepYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcWWD6+5RlA3d7xbx7vK9MdQ4PXMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvSnhaWVByN2xHVURkM3ZGdkh1OHIweDFEZzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrRMA0G
CSqGSIb3DQEBCwUAA4IBAQBr3it1mRoJqBEniQ2dm8YO05JHDqIXkfbv5MoPWOTj
64QvWPvP12oxtvdZTX7r82Iojm37U4KGUxitlUmfUy0bJE+mgH612uyXnATmfVu9
ET1k7vkFE//cI6atu8PyCGWef8trAT+7CUaZR4g++cWhZAPBN8J//niXiaP6tPpc
WKLBCmZAj2rGZfLL2zvvzKQL1urDl3NIWEkKxOfRH/yn42zFADMbNyYOaBm0tacM
qKKUxG/4ustFeLrfgifXwqAMmxKoftmDdjHmr7VeOWIYin6tHWH7Sg6ZYPt/SXr4
kErlf1cMx6gAECG3gBCRDsIhUrzi2UcaU3xer2OpzLAK
-----END CERTIFICATE-----