Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/ba4640-163e-465f-90f9-ea587fd658b2/1/JNqofKdTCyKuFPaKJyP6SgPUo-U.roa
File:                     JNqofKdTCyKuFPaKJyP6SgPUo-U.roa (raw, json)
Hash identifier:          45wsfdI11Lb9wpD2yzKU9os/SaZqc85cR8n+5rmxjjE=
Subject key identifier:   24:DA:A8:7C:A7:53:0B:22:AE:14:F6:8A:27:23:FA:4A:03:D4:A3:E5
Certificate issuer:       /CN=6beb6094bcab4bd3b1f6f56c5182ba1220e22b6f
Certificate serial:       018FA02668B6DD9477730B1C79D65030724B
Authority key identifier: 6B:EB:60:94:BC:AB:4B:D3:B1:F6:F5:6C:51:82:BA:12:20:E2:2B:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a-tglLyrS9Ox9vVsUYK6EiDiK28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/ba4640-163e-465f-90f9-ea587fd658b2/1/JNqofKdTCyKuFPaKJyP6SgPUo-U.roa
Signing time:             Wed 22 May 2024 11:53:42 +0000
ROA not before:           Wed 22 May 2024 11:53:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28928
IP address blocks:        194.11.172.0/22 maxlen: 22
                          194.11.176.0/21 maxlen: 21
                          194.11.184.0/23 maxlen: 23
                          194.11.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/ba4640-163e-465f-90f9-ea587fd658b2/1/a-tglLyrS9Ox9vVsUYK6EiDiK28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/ba4640-163e-465f-90f9-ea587fd658b2/1/a-tglLyrS9Ox9vVsUYK6EiDiK28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a-tglLyrS9Ox9vVsUYK6EiDiK28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:26:68:b6:dd:94:77:73:0b:1c:79:d6:50:30:72:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6beb6094bcab4bd3b1f6f56c5182ba1220e22b6f
        Validity
            Not Before: May 22 11:53:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24daa87ca7530b22ae14f68a2723fa4a03d4a3e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:99:1b:d6:4e:7c:8e:dd:12:e3:b7:da:a2:61:
                    75:f4:37:0d:12:4a:58:74:ce:59:cb:ba:53:e4:2d:
                    44:40:b1:35:07:ce:3a:9b:d4:79:c2:6c:30:cd:4f:
                    d9:94:92:28:cf:40:a8:c7:33:96:41:fa:50:ed:78:
                    22:f9:d8:59:9d:d3:ac:e9:ee:65:db:61:0f:15:eb:
                    2e:2b:35:8b:06:11:53:91:02:20:b3:0e:95:a2:29:
                    48:17:44:08:74:4a:08:a0:5b:07:6e:dd:c1:ff:de:
                    40:d5:8d:d9:6f:ea:49:d6:32:d0:18:ab:4e:58:e3:
                    0e:db:88:d0:dc:ea:18:41:85:2e:0e:91:3f:cb:da:
                    a6:52:87:d6:0a:93:30:5d:71:af:32:75:5d:e5:bb:
                    1f:1e:f8:48:b1:b8:bd:af:9a:42:1d:88:b0:dc:3e:
                    a1:96:4c:1a:81:39:e6:cb:e8:ac:d7:06:3d:15:6d:
                    55:21:c9:15:24:cd:5f:2c:62:b5:6e:d8:d8:60:fe:
                    3d:e0:21:96:0e:1e:bf:d4:5c:74:b1:b5:77:ef:fd:
                    6a:91:37:ad:f0:d3:6f:18:e6:78:87:dc:ef:6a:6b:
                    27:08:6f:ed:78:95:25:3a:9b:77:40:93:7f:34:20:
                    06:3f:80:53:42:b5:b4:f7:13:73:b4:35:ee:2b:3a:
                    4c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:DA:A8:7C:A7:53:0B:22:AE:14:F6:8A:27:23:FA:4A:03:D4:A3:E5
            X509v3 Authority Key Identifier:
                keyid:6B:EB:60:94:BC:AB:4B:D3:B1:F6:F5:6C:51:82:BA:12:20:E2:2B:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a-tglLyrS9Ox9vVsUYK6EiDiK28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ba4640-163e-465f-90f9-ea587fd658b2/1/JNqofKdTCyKuFPaKJyP6SgPUo-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ba4640-163e-465f-90f9-ea587fd658b2/1/a-tglLyrS9Ox9vVsUYK6EiDiK28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.172.0-194.11.186.255

    Signature Algorithm: sha256WithRSAEncryption
         27:dc:b4:fc:01:96:e5:6e:b4:72:1f:5b:2c:1d:e7:05:7d:8c:
         37:e2:d3:a5:9a:e4:7c:47:c2:f4:13:11:c1:19:3d:a0:bb:f2:
         21:ae:b9:a3:61:c8:4a:fd:17:5a:99:86:19:cc:53:26:8f:77:
         7f:a6:68:e4:f2:3e:99:9e:74:64:54:f9:2d:42:a0:c2:b1:c7:
         bb:47:87:be:cb:7f:7a:d8:2f:16:09:e9:c6:c9:27:11:7d:c1:
         83:f9:b1:8d:0f:06:b4:02:2e:d9:e5:2f:7d:0d:14:64:6b:fa:
         39:45:32:1f:17:ce:2f:91:f5:43:5a:ed:4e:26:3b:51:2b:fb:
         05:eb:6e:62:79:84:56:4c:36:9a:c4:90:90:dc:4e:4e:6b:8a:
         94:fa:b4:e2:af:c9:82:71:3f:9f:4c:41:09:47:9b:26:73:51:
         ed:8f:84:43:e3:16:eb:98:ab:cf:75:19:39:aa:62:9b:55:de:
         bb:9c:ec:0a:d0:80:6e:3e:aa:5a:7b:94:62:94:39:d1:0a:5f:
         00:fb:fb:33:4b:d7:84:83:81:f5:19:96:15:42:8b:33:74:1b:
         41:01:56:d9:51:6e:f5:61:7f:c4:c2:b1:cd:42:ac:3c:cb:fe:
         d0:a4:0f:b3:b4:7d:4f:27:d0:9c:61:d5:a1:08:94:6a:7c:d9:
         1a:45:a7:39
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY+gJmi23ZR3cwscedZQMHJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiZWI2MDk0YmNhYjRiZDNiMWY2ZjU2YzUxODJiYTEyMjBl
MjJiNmYwHhcNMjQwNTIyMTE1MzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGRhYTg3Y2E3NTMwYjIyYWUxNGY2OGEyNzIzZmE0YTAzZDRhM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Zkb1k58jt0S47faomF19DcNEkpY
dM5Zy7pT5C1EQLE1B846m9R5wmwwzU/ZlJIoz0CoxzOWQfpQ7Xgi+dhZndOs6e5l
22EPFesuKzWLBhFTkQIgsw6VoilIF0QIdEoIoFsHbt3B/95A1Y3Zb+pJ1jLQGKtO
WOMO24jQ3OoYQYUuDpE/y9qmUofWCpMwXXGvMnVd5bsfHvhIsbi9r5pCHYiw3D6h
lkwagTnmy+is1wY9FW1VIckVJM1fLGK1btjYYP494CGWDh6/1Fx0sbV37/1qkTet
8NNvGOZ4h9zvamsnCG/teJUlOpt3QJN/NCAGP4BTQrW09xNztDXuKzpMGwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCTaqHynUwsirhT2iicj+koD1KPlMB8GA1UdIwQY
MBaAFGvrYJS8q0vTsfb1bFGCuhIg4itvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYS10Z2xMeXJTOU94OXZWc1VZSzZFaURpSzI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iYTQ2NDAtMTYzZS00NjVmLTkwZjkt
ZWE1ODdmZDY1OGIyLzEvSk5xb2ZLZFRDeUt1RlBhS0p5UDZTZ1BVby1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iYTQ2NDAtMTYzZS00NjVmLTkwZjktZWE1ODdmZDY1OGIy
LzEvYS10Z2xMeXJTOU94OXZWc1VZSzZFaURpSzI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCC6wD
BADCC7owDQYJKoZIhvcNAQELBQADggEBACfctPwBluVutHIfWywd5wV9jDfi06Wa
5HxHwvQTEcEZPaC78iGuuaNhyEr9F1qZhhnMUyaPd3+maOTyPpmedGRU+S1CoMKx
x7tHh77Lf3rYLxYJ6cbJJxF9wYP5sY0PBrQCLtnlL30NFGRr+jlFMh8Xzi+R9UNa
7U4mO1Er+wXrbmJ5hFZMNprEkJDcTk5ripT6tOKvyYJxP59MQQlHmyZzUe2PhEPj
FuuYq891GTmqYptV3ruc7ArQgG4+qlp7lGKUOdEKXwD7+zNL14SDgfUZlhVCizN0
G0EBVtlRbvVhf8TCsc1CrDzL/tCkD7O0fU8n0Jxh1aEIlGp82RpFpzk=
-----END CERTIFICATE-----