Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/jobPq6FT6gVEdlgpwAiGCUL4MIc.roa
File:                     jobPq6FT6gVEdlgpwAiGCUL4MIc.roa (raw, json)
Hash identifier:          aK8/IJGyg9nD6U6IjC6YPxxVDwWN3ImQp0D/IOJULgo=
Subject key identifier:   8E:86:CF:AB:A1:53:EA:05:44:76:58:29:C0:08:86:09:42:F8:30:87
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01925E194D6E2C5767C86153C0EAFC25D5CB
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/jobPq6FT6gVEdlgpwAiGCUL4MIc.roa
Signing time:             Sat 05 Oct 2024 19:12:49 +0000
ROA not before:           Sat 05 Oct 2024 19:12:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209604
IP address blocks:        193.223.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:19:4d:6e:2c:57:67:c8:61:53:c0:ea:fc:25:d5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Oct  5 19:12:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e86cfaba153ea0544765829c008860942f83087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a0:77:51:bb:6e:9a:4d:53:ee:bb:5e:df:3f:
                    93:1a:e9:39:41:a0:9b:8d:ac:49:74:57:c9:4d:f1:
                    0f:a7:f2:73:93:83:d9:07:1b:31:d4:82:00:b8:56:
                    68:cf:e4:69:0f:b0:6d:20:f6:a9:3d:07:ad:22:e4:
                    e7:3f:07:c3:13:30:bf:26:99:10:61:0e:88:f1:f9:
                    29:bb:fc:13:e5:ac:a5:19:c4:ac:0c:df:b1:9d:91:
                    8f:77:20:86:13:47:87:e2:f7:ac:e2:25:04:5f:f1:
                    d4:96:9d:51:cd:d4:16:23:ad:17:8c:54:ce:d8:13:
                    1b:3f:ad:26:6b:5f:95:cd:97:e9:6e:80:e9:07:9e:
                    31:64:b5:0e:ff:3d:f4:b1:df:7c:68:73:4e:5c:c2:
                    a4:7b:f4:05:be:a1:66:37:14:48:c7:43:0a:81:9a:
                    65:19:aa:a5:84:9b:8e:92:d7:35:09:18:a0:ba:f6:
                    8d:8e:1c:bb:5e:f9:d7:3e:f7:df:bd:42:a2:7f:36:
                    e7:78:e4:f3:06:97:3d:68:4b:e6:2c:32:c7:12:b2:
                    36:14:f9:f6:42:1f:e9:17:26:c9:2e:d1:5a:fb:16:
                    6d:16:a4:3d:fd:b2:2e:a0:f5:78:05:95:06:4c:3a:
                    07:57:db:ba:ca:e8:7e:60:bd:16:95:2f:30:b2:77:
                    d6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:86:CF:AB:A1:53:EA:05:44:76:58:29:C0:08:86:09:42:F8:30:87
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/jobPq6FT6gVEdlgpwAiGCUL4MIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.223.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:17:fd:28:46:a0:11:38:85:6a:f6:8d:83:e4:45:d4:23:f8:
         65:9d:13:99:b1:97:b8:ff:9f:1b:60:72:62:05:15:cc:54:58:
         f9:a8:31:b9:9b:12:e1:76:e4:28:f4:54:b2:a2:3c:87:1d:e6:
         e7:a5:03:fe:70:c9:84:28:3e:72:de:36:ae:c2:88:bc:4f:2b:
         18:08:8e:e3:57:1f:dc:75:ca:78:83:90:72:b1:9c:d9:e4:28:
         0a:11:b7:df:0e:35:a7:c8:b3:7c:49:9d:29:dd:06:7f:87:5d:
         b9:8a:01:4f:26:4e:be:5f:53:cc:16:d8:e7:1d:c8:a9:d5:7a:
         3c:a2:25:76:29:46:80:23:93:30:49:26:d6:1d:fb:a9:d1:01:
         61:b7:78:57:68:d6:91:38:f1:b3:c4:c4:dc:46:f7:43:86:32:
         e6:84:f0:7e:78:f4:2b:92:f9:23:cf:af:65:9f:2b:ae:b1:60:
         6e:90:db:3e:48:b8:4f:d0:c2:ab:a7:ee:ca:85:9b:ac:f2:f3:
         d9:6a:5c:f8:a0:88:70:b2:cb:75:bd:f3:ac:35:ee:42:4a:89:
         2d:6e:dc:6f:2e:4b:8e:c5:aa:18:12:db:2a:58:4c:f5:3d:77:
         d0:46:50:90:0f:12:98:cd:fa:3a:e3:42:35:d7:6e:28:90:73:
         15:c1:ad:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJeGU1uLFdnyGFTwOr8JdXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQxMDA1MTkxMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTg2Y2ZhYmExNTNlYTA1NDQ3NjU4MjljMDA4ODYwOTQyZjgzMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqB3Ubtumk1T7rte3z+TGuk5QaCb
jaxJdFfJTfEPp/Jzk4PZBxsx1IIAuFZoz+RpD7BtIPapPQetIuTnPwfDEzC/JpkQ
YQ6I8fkpu/wT5aylGcSsDN+xnZGPdyCGE0eH4ves4iUEX/HUlp1RzdQWI60XjFTO
2BMbP60ma1+VzZfpboDpB54xZLUO/z30sd98aHNOXMKke/QFvqFmNxRIx0MKgZpl
GaqlhJuOktc1CRiguvaNjhy7XvnXPvffvUKifzbneOTzBpc9aEvmLDLHErI2FPn2
Qh/pFybJLtFa+xZtFqQ9/bIuoPV4BZUGTDoHV9u6yuh+YL0WlS8wsnfWOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6Gz6uhU+oFRHZYKcAIhglC+DCHMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvam9iUHE2RlQ2Z1ZFZGxncHdBaUdDVUw0TUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd9rMA0G
CSqGSIb3DQEBCwUAA4IBAQCHF/0oRqAROIVq9o2D5EXUI/hlnROZsZe4/58bYHJi
BRXMVFj5qDG5mxLhduQo9FSyojyHHebnpQP+cMmEKD5y3jauwoi8TysYCI7jVx/c
dcp4g5BysZzZ5CgKEbffDjWnyLN8SZ0p3QZ/h125igFPJk6+X1PMFtjnHcip1Xo8
oiV2KUaAI5MwSSbWHfup0QFht3hXaNaROPGzxMTcRvdDhjLmhPB+ePQrkvkjz69l
nyuusWBukNs+SLhP0MKrp+7KhZus8vPZalz4oIhwsst1vfOsNe5CSoktbtxvLkuO
xaoYEtsqWEz1PXfQRlCQDxKYzfo640I1124okHMVwa3c
-----END CERTIFICATE-----