Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/JnDau4UDHLZRxJIrt3HHzjUuXU4.roa
File:                     JnDau4UDHLZRxJIrt3HHzjUuXU4.roa (raw, json)
Hash identifier:          07KdPtztYma6kgeyd5aoSQTj76spj++0mQTjyhSVWAk=
Subject key identifier:   26:70:DA:BB:85:03:1C:B6:51:C4:92:2B:B7:71:C7:CE:35:2E:5D:4E
Certificate issuer:       /CN=407bc1dc2e11d491b9b85e08d01c222f9776c3cc
Certificate serial:       018CC726E2842E7F7FAF3015FE407BC89E47
Authority key identifier: 40:7B:C1:DC:2E:11:D4:91:B9:B8:5E:08:D0:1C:22:2F:97:76:C3:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHvB3C4R1JG5uF4I0BwiL5d2w8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/JnDau4UDHLZRxJIrt3HHzjUuXU4.roa
Signing time:             Mon 01 Jan 2024 22:31:03 +0000
ROA not before:           Mon 01 Jan 2024 22:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        91.198.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/QHvB3C4R1JG5uF4I0BwiL5d2w8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/QHvB3C4R1JG5uF4I0BwiL5d2w8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHvB3C4R1JG5uF4I0BwiL5d2w8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e2:84:2e:7f:7f:af:30:15:fe:40:7b:c8:9e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407bc1dc2e11d491b9b85e08d01c222f9776c3cc
        Validity
            Not Before: Jan  1 22:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2670dabb85031cb651c4922bb771c7ce352e5d4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:87:d4:ba:dc:36:ed:82:a9:54:1a:1c:5e:c3:
                    78:b9:58:56:b5:69:1f:1e:4e:8b:29:f4:89:09:fd:
                    37:3f:09:4d:37:97:73:57:dd:3d:93:53:49:27:2c:
                    e7:06:47:22:cf:bf:07:6b:57:27:15:f5:c3:b0:ac:
                    6d:15:96:79:d2:fc:20:72:58:28:fe:83:70:ee:4f:
                    5f:32:4d:dc:af:4e:df:a3:8e:8f:46:eb:49:20:f9:
                    1c:0b:ea:e4:00:10:7e:ee:8f:9d:48:8e:fc:7b:23:
                    eb:56:ca:8e:9d:4b:92:74:44:10:1e:84:ea:5d:48:
                    c9:fb:f9:68:16:ee:77:93:c9:61:45:35:32:17:3f:
                    36:bf:f6:91:bf:ba:98:e3:3c:74:38:ad:1b:31:51:
                    86:24:90:8e:9f:4b:f2:20:27:bd:22:44:41:dd:4a:
                    1e:67:e7:a0:3d:e2:9f:58:80:39:e0:97:91:36:ea:
                    48:84:1a:a4:7f:ed:d9:50:65:ee:fa:4d:bb:0b:34:
                    6f:f8:f7:ec:1d:7c:75:50:bf:20:8f:1c:30:bf:fa:
                    cb:02:e6:49:d5:9a:30:01:ac:26:6c:52:0d:59:8a:
                    cd:63:ab:82:b8:95:2b:4a:01:5e:30:96:de:b2:ba:
                    21:1b:93:aa:dd:2a:f8:45:84:3f:4d:17:50:f5:3f:
                    02:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:70:DA:BB:85:03:1C:B6:51:C4:92:2B:B7:71:C7:CE:35:2E:5D:4E
            X509v3 Authority Key Identifier:
                keyid:40:7B:C1:DC:2E:11:D4:91:B9:B8:5E:08:D0:1C:22:2F:97:76:C3:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHvB3C4R1JG5uF4I0BwiL5d2w8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/JnDau4UDHLZRxJIrt3HHzjUuXU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/QHvB3C4R1JG5uF4I0BwiL5d2w8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:58:9b:f0:02:47:45:3d:76:97:8b:ac:51:6f:9a:99:59:3f:
         1c:ea:8e:0c:a7:de:c3:98:94:b1:a6:31:b3:d8:13:a9:03:1b:
         59:c1:29:bd:7c:64:ce:66:70:b1:a1:60:16:14:bd:02:c4:43:
         d1:e3:69:2e:7d:aa:a7:8d:05:ab:c4:86:40:5e:ce:d3:ae:48:
         ab:29:51:6e:00:93:b6:06:76:e3:50:de:20:c7:b0:c8:aa:ea:
         31:9a:ff:a2:5b:f4:ac:4c:28:48:fe:f7:d1:37:cb:68:26:e7:
         be:44:cf:c8:ba:20:d3:6f:4f:12:7a:8f:43:0a:87:71:da:34:
         c2:34:7f:19:55:1d:83:52:ee:7e:df:f2:27:fa:bd:f5:a3:53:
         0a:5a:da:94:86:aa:fe:aa:fc:db:7d:8d:0c:71:da:b6:1e:5f:
         d1:06:68:63:cc:c0:94:06:de:4b:57:e5:aa:e6:0b:c7:07:69:
         46:f7:8a:f5:1c:ff:83:e5:f3:13:27:4a:0c:ac:11:a2:33:79:
         27:55:80:1c:7f:7c:39:32:59:67:87:95:b6:92:a3:36:ba:fe:
         d3:ed:96:71:39:63:b2:e4:73:6e:2b:b9:26:3e:d2:a1:27:98:
         e0:f2:72:14:76:63:9d:73:7e:52:a4:27:42:02:ee:91:72:2e:
         a1:93:df:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuKELn9/rzAV/kB7yJ5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2JjMWRjMmUxMWQ0OTFiOWI4NWUwOGQwMWMyMjJmOTc3
NmMzY2MwHhcNMjQwMTAxMjIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjcwZGFiYjg1MDMxY2I2NTFjNDkyMmJiNzcxYzdjZTM1MmU1ZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4fUutw27YKpVBocXsN4uVhWtWkf
Hk6LKfSJCf03PwlNN5dzV909k1NJJyznBkciz78Ha1cnFfXDsKxtFZZ50vwgclgo
/oNw7k9fMk3cr07fo46PRutJIPkcC+rkABB+7o+dSI78eyPrVsqOnUuSdEQQHoTq
XUjJ+/loFu53k8lhRTUyFz82v/aRv7qY4zx0OK0bMVGGJJCOn0vyICe9IkRB3Uoe
Z+egPeKfWIA54JeRNupIhBqkf+3ZUGXu+k27CzRv+PfsHXx1UL8gjxwwv/rLAuZJ
1ZowAawmbFINWYrNY6uCuJUrSgFeMJbesrohG5Oq3Sr4RYQ/TRdQ9T8C4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZw2ruFAxy2UcSSK7dxx841Ll1OMB8GA1UdIwQY
MBaAFEB7wdwuEdSRubheCNAcIi+XdsPMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUh2QjNDNFIxSkc1dUY0STBCd2lMNWQydzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mMTBiYzctN2M5ZS00ZDk4LThkN2It
N2FmMGExNWY0MGI1LzEvSm5EYXU0VURITFpSeEpJcnQzSEh6alV1WFU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mMTBiYzctN2M5ZS00ZDk4LThkN2ItN2FmMGExNWY0MGI1
LzEvUUh2QjNDNFIxSkc1dUY0STBCd2lMNWQydzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bFMA0G
CSqGSIb3DQEBCwUAA4IBAQBlWJvwAkdFPXaXi6xRb5qZWT8c6o4Mp97DmJSxpjGz
2BOpAxtZwSm9fGTOZnCxoWAWFL0CxEPR42kufaqnjQWrxIZAXs7TrkirKVFuAJO2
BnbjUN4gx7DIquoxmv+iW/SsTChI/vfRN8toJue+RM/IuiDTb08Seo9DCodx2jTC
NH8ZVR2DUu5+3/In+r31o1MKWtqUhqr+qvzbfY0Mcdq2Hl/RBmhjzMCUBt5LV+Wq
5gvHB2lG94r1HP+D5fMTJ0oMrBGiM3knVYAcf3w5Mllnh5W2kqM2uv7T7ZZxOWOy
5HNuK7kmPtKhJ5jg8nIUdmOdc35SpCdCAu6Rci6hk9/m
-----END CERTIFICATE-----