Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3155bf-c881-4396-aefd-236ba9ee4056/1/JMSB-Af1_1eesYRiARk_EfaVV8A.roa
File:                     JMSB-Af1_1eesYRiARk_EfaVV8A.roa (raw, json)
Hash identifier:          G5peJStO0zqmy1CiRlRy5qkY8WGTQVvVZ4vqr254cCE=
Subject key identifier:   24:C4:81:F8:07:F5:FF:57:9E:B1:84:62:01:19:3F:11:F6:95:57:C0
Certificate issuer:       /CN=22f960fdeef407355ab7836dcb6b9026f44293ea
Certificate serial:       018CC86F6C97CBE3B0E83E51CAE84CA9CC98
Authority key identifier: 22:F9:60:FD:EE:F4:07:35:5A:B7:83:6D:CB:6B:90:26:F4:42:93:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ivlg_e70BzVat4Nty2uQJvRCk-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3155bf-c881-4396-aefd-236ba9ee4056/1/JMSB-Af1_1eesYRiARk_EfaVV8A.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205301
IP address blocks:        195.248.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3155bf-c881-4396-aefd-236ba9ee4056/1/Ivlg_e70BzVat4Nty2uQJvRCk-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3155bf-c881-4396-aefd-236ba9ee4056/1/Ivlg_e70BzVat4Nty2uQJvRCk-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ivlg_e70BzVat4Nty2uQJvRCk-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6c:97:cb:e3:b0:e8:3e:51:ca:e8:4c:a9:cc:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f960fdeef407355ab7836dcb6b9026f44293ea
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24c481f807f5ff579eb1846201193f11f69557c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a6:d8:db:66:ec:78:3d:1d:c9:9d:7f:57:0f:
                    db:03:b3:e4:d4:51:e5:d7:81:c7:75:0d:00:37:e6:
                    07:bf:f9:4b:ed:fa:12:c3:3d:bc:73:01:93:c6:83:
                    c4:fd:9a:99:1b:fd:03:3c:b7:64:73:2e:94:86:f2:
                    24:4b:50:76:00:9b:cb:1e:f1:7d:df:7b:f8:aa:ca:
                    6a:6b:01:3d:0a:35:a6:78:2e:65:ce:cb:e6:93:51:
                    01:2c:dc:a3:bb:e2:17:03:b5:25:41:51:3c:b1:5f:
                    97:bc:24:9b:9f:fc:4d:8b:5d:da:8b:2d:44:56:3b:
                    4f:99:25:68:64:d0:2e:86:16:6b:54:62:db:d5:96:
                    e7:99:48:8a:6d:56:39:9a:3a:25:08:7a:fb:2f:9f:
                    61:dc:23:62:dd:9f:91:e4:2b:92:2d:2d:06:e2:15:
                    50:51:e1:49:13:f4:38:79:47:ea:7a:78:e2:4a:04:
                    e9:84:d2:03:d2:60:d0:30:63:72:ef:c2:e5:c1:0b:
                    70:12:9a:46:85:8e:21:cf:82:91:06:fc:87:7c:b1:
                    58:23:6e:c2:c8:e9:b2:08:b4:70:33:18:f3:5c:06:
                    a2:fb:79:3b:4a:85:3d:fa:09:b4:02:4b:18:cc:6a:
                    d7:3e:8e:bd:77:5b:2e:d6:87:6c:6b:5a:e7:3b:30:
                    ff:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C4:81:F8:07:F5:FF:57:9E:B1:84:62:01:19:3F:11:F6:95:57:C0
            X509v3 Authority Key Identifier:
                keyid:22:F9:60:FD:EE:F4:07:35:5A:B7:83:6D:CB:6B:90:26:F4:42:93:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ivlg_e70BzVat4Nty2uQJvRCk-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3155bf-c881-4396-aefd-236ba9ee4056/1/JMSB-Af1_1eesYRiARk_EfaVV8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3155bf-c881-4396-aefd-236ba9ee4056/1/Ivlg_e70BzVat4Nty2uQJvRCk-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:bb:0f:45:f0:2c:81:4d:7e:29:7f:8d:85:f2:29:3a:dc:75:
         3f:c8:39:b3:8b:69:e5:76:3c:01:e6:dc:ed:20:6b:f1:0e:cd:
         c7:87:fe:2d:e8:f1:80:ba:2e:57:15:1b:df:a1:af:98:41:64:
         26:2c:9d:da:71:ca:3f:3f:c5:b8:52:cf:c3:52:d5:76:3e:c5:
         00:1d:e9:36:48:79:86:82:e3:ab:5a:a5:79:ee:0a:d0:31:19:
         28:cb:56:51:df:1f:60:6e:73:e3:c9:7d:84:04:86:16:8b:48:
         fe:e6:2b:fb:31:da:ea:be:93:60:5b:9b:4c:0e:12:c6:3d:f2:
         8b:d2:dc:6a:4a:2c:f8:44:a5:e1:d0:76:2b:9b:0b:7b:21:e4:
         c6:d2:73:6b:c5:62:03:a7:78:e0:97:4a:34:fb:35:72:da:e0:
         39:5c:82:fe:94:1d:44:5b:28:1b:eb:18:93:d8:15:ce:bc:fc:
         01:4d:fc:68:2b:35:51:22:35:06:13:71:78:60:41:40:eb:ca:
         e8:53:57:1b:a4:37:48:d4:82:09:12:d9:db:69:a1:dd:13:7e:
         8e:12:12:4b:1d:5f:59:f6:bd:88:32:a8:5d:87:c4:be:0c:76:
         eb:b2:ac:b9:47:75:e4:c6:5d:c6:5b:09:ce:4a:57:58:89:c4:
         bb:cf:87:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2yXy+Ow6D5RyuhMqcyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjk2MGZkZWVmNDA3MzU1YWI3ODM2ZGNiNmI5MDI2ZjQ0
MjkzZWEwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGM0ODFmODA3ZjVmZjU3OWViMTg0NjIwMTE5M2YxMWY2OTU1N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqbY22bseD0dyZ1/Vw/bA7Pk1FHl
14HHdQ0AN+YHv/lL7foSwz28cwGTxoPE/ZqZG/0DPLdkcy6UhvIkS1B2AJvLHvF9
33v4qspqawE9CjWmeC5lzsvmk1EBLNyju+IXA7UlQVE8sV+XvCSbn/xNi13aiy1E
VjtPmSVoZNAuhhZrVGLb1ZbnmUiKbVY5mjolCHr7L59h3CNi3Z+R5CuSLS0G4hVQ
UeFJE/Q4eUfqenjiSgTphNID0mDQMGNy78LlwQtwEppGhY4hz4KRBvyHfLFYI27C
yOmyCLRwMxjzXAai+3k7SoU9+gm0AksYzGrXPo69d1su1odsa1rnOzD/rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTEgfgH9f9XnrGEYgEZPxH2lVfAMB8GA1UdIwQY
MBaAFCL5YP3u9Ac1WreDbctrkCb0QpPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZsZ19lNzBCelZhdDROdHkydVFKdlJDay1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zMTU1YmYtYzg4MS00Mzk2LWFlZmQt
MjM2YmE5ZWU0MDU2LzEvSk1TQi1BZjFfMWVlc1lSaUFSa19FZmFWVjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zMTU1YmYtYzg4MS00Mzk2LWFlZmQtMjM2YmE5ZWU0MDU2
LzEvSXZsZ19lNzBCelZhdDROdHkydVFKdlJDay1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/haMA0G
CSqGSIb3DQEBCwUAA4IBAQA/uw9F8CyBTX4pf42F8ik63HU/yDmzi2nldjwB5tzt
IGvxDs3Hh/4t6PGAui5XFRvfoa+YQWQmLJ3acco/P8W4Us/DUtV2PsUAHek2SHmG
guOrWqV57grQMRkoy1ZR3x9gbnPjyX2EBIYWi0j+5iv7MdrqvpNgW5tMDhLGPfKL
0txqSiz4RKXh0HYrmwt7IeTG0nNrxWIDp3jgl0o0+zVy2uA5XIL+lB1EWygb6xiT
2BXOvPwBTfxoKzVRIjUGE3F4YEFA68roU1cbpDdI1IIJEtnbaaHdE36OEhJLHV9Z
9r2IMqhdh8S+DHbrsqy5R3Xkxl3GWwnOSldYicS7z4cA
-----END CERTIFICATE-----