Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/JKBe194GtTE6-jtROjlvi6ISDwE.roa
File:                     JKBe194GtTE6-jtROjlvi6ISDwE.roa (raw, json)
Hash identifier:          ECqICTzRBzYMc+lUuuWPVyHqU8Zqtygn4BtTESjsaLI=
Subject key identifier:   24:A0:5E:D7:DE:06:B5:31:3A:FA:3B:51:3A:39:6F:8B:A2:12:0F:01
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       018CC794DBF8B8D3F100948CD4346BB42F93
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/JKBe194GtTE6-jtROjlvi6ISDwE.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42233
IP address blocks:        81.19.134.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:db:f8:b8:d3:f1:00:94:8c:d4:34:6b:b4:2f:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24a05ed7de06b5313afa3b513a396f8ba2120f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e1:1a:ab:f5:b3:82:5c:24:f5:c0:13:1d:af:
                    ca:a1:37:28:33:05:68:17:90:82:9c:8f:2b:ba:1d:
                    b2:95:79:4d:f3:27:eb:96:d7:6c:b3:97:f0:2b:0f:
                    a9:93:56:56:65:9f:74:2b:d2:2f:55:7f:4f:c3:12:
                    06:a0:94:e5:f4:f3:c8:3a:27:cb:6e:8e:0a:4f:25:
                    ea:fa:a4:ba:c5:5f:83:6e:4c:9d:1b:5c:bf:69:b0:
                    e0:27:2d:a0:71:ff:e4:97:ec:a8:ea:9d:b0:b5:ea:
                    1a:bb:18:d1:4c:34:e1:ac:07:22:b3:a3:d3:eb:d5:
                    82:95:f1:9d:61:28:13:3d:79:4f:64:1f:38:7e:24:
                    29:f5:2e:d0:1c:1d:c4:f1:95:ee:ac:c2:a1:33:1f:
                    b2:ac:08:4f:89:04:40:80:3c:f6:ea:1d:91:f1:a8:
                    48:f2:df:77:5d:58:28:7c:56:8d:8e:d1:a7:16:22:
                    f5:db:07:c8:19:d2:4a:08:6f:db:47:3f:52:33:c2:
                    ce:e8:6e:ad:c8:1f:06:0a:e9:de:23:33:56:4a:db:
                    e5:0a:cc:d0:e2:b9:f2:23:d8:c5:51:c8:2b:57:8d:
                    83:fe:cd:90:74:2c:6c:82:73:18:36:3f:29:b2:94:
                    28:1e:64:6c:46:30:95:be:20:63:5e:67:d5:76:74:
                    99:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A0:5E:D7:DE:06:B5:31:3A:FA:3B:51:3A:39:6F:8B:A2:12:0F:01
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/JKBe194GtTE6-jtROjlvi6ISDwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:38:2f:07:53:25:23:09:ff:49:c1:24:b2:95:03:3a:aa:7e:
         16:07:37:75:2d:94:86:db:82:41:15:46:52:a9:f0:2d:b6:62:
         53:30:9e:bd:dc:9a:56:db:c8:32:c3:60:53:cb:6d:df:0e:ce:
         e6:d6:14:e7:84:83:66:17:46:31:8f:1a:e3:48:f8:c8:1f:de:
         71:96:9a:85:c7:ee:2e:0a:39:94:6b:7e:10:84:b8:25:0a:69:
         ef:b4:52:62:1d:08:10:ae:60:3f:0c:24:d2:83:f1:f9:96:ec:
         0f:dd:b4:64:d3:16:3f:bd:65:08:9e:28:63:22:e8:c5:35:c7:
         45:80:27:39:80:3e:6b:fc:4a:d3:24:8d:dc:ab:3a:50:06:38:
         2b:49:bf:ea:3b:2d:1c:3f:83:c3:49:6a:4f:d4:3e:e6:e2:93:
         00:1c:5d:64:58:c9:c3:07:29:9b:de:44:b8:b7:07:17:f3:0b:
         4a:ff:82:2c:fb:18:32:be:ee:1c:41:80:02:d9:9d:5d:ff:95:
         ce:0c:88:ba:bf:06:5f:0a:83:38:9b:e0:a9:42:2e:ec:27:0d:
         e3:8b:62:cd:55:c2:b0:48:27:62:8b:43:a1:bf:23:4c:2c:ff:
         8f:b1:e8:cf:52:9f:72:bb:29:2b:44:c6:8e:59:ca:17:9d:6f:
         fd:22:d5:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNv4uNPxAJSM1DRrtC+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEwNWVkN2RlMDZiNTMxM2FmYTNiNTEzYTM5NmY4YmEyMTIwZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuEaq/Wzglwk9cATHa/KoTcoMwVo
F5CCnI8ruh2ylXlN8yfrltdss5fwKw+pk1ZWZZ90K9IvVX9PwxIGoJTl9PPIOifL
bo4KTyXq+qS6xV+DbkydG1y/abDgJy2gcf/kl+yo6p2wteoauxjRTDThrAcis6PT
69WClfGdYSgTPXlPZB84fiQp9S7QHB3E8ZXurMKhMx+yrAhPiQRAgDz26h2R8ahI
8t93XVgofFaNjtGnFiL12wfIGdJKCG/bRz9SM8LO6G6tyB8GCuneIzNWStvlCszQ
4rnyI9jFUcgrV42D/s2QdCxsgnMYNj8pspQoHmRsRjCVviBjXmfVdnSZDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSgXtfeBrUxOvo7UTo5b4uiEg8BMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvSktCZTE5NEd0VEU2LWp0Uk9qbHZpNklTRHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUROGMA0G
CSqGSIb3DQEBCwUAA4IBAQAXOC8HUyUjCf9JwSSylQM6qn4WBzd1LZSG24JBFUZS
qfAttmJTMJ693JpW28gyw2BTy23fDs7m1hTnhINmF0YxjxrjSPjIH95xlpqFx+4u
CjmUa34QhLglCmnvtFJiHQgQrmA/DCTSg/H5luwP3bRk0xY/vWUInihjIujFNcdF
gCc5gD5r/ErTJI3cqzpQBjgrSb/qOy0cP4PDSWpP1D7m4pMAHF1kWMnDBymb3kS4
twcX8wtK/4Is+xgyvu4cQYAC2Z1d/5XODIi6vwZfCoM4m+CpQi7sJw3ji2LNVcKw
SCdii0OhvyNMLP+PsejPUp9yuykrRMaOWcoXnW/9ItVC
-----END CERTIFICATE-----