Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JXZlMcAw_wt8rSk1WpXJ9DtFYeM.roa
File:                     JXZlMcAw_wt8rSk1WpXJ9DtFYeM.roa (raw, json)
Hash identifier:          d8EInAnqZyg0HIwVDwk2PxwwF5+wmJ9gbpTh5dXWId4=
Subject key identifier:   25:76:65:31:C0:30:FF:0B:7C:AD:29:35:5A:95:C9:F4:3B:45:61:E3
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E15E55991134DC0BDF10D0BC9A1C2
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JXZlMcAw_wt8rSk1WpXJ9DtFYeM.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203704
IP address blocks:        89.190.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:15:e5:59:91:13:4d:c0:bd:f1:0d:0b:c9:a1:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25766531c030ff0b7cad29355a95c9f43b4561e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:10:16:ca:8e:d5:fe:70:e6:7c:aa:21:c0:5c:
                    8d:f6:e1:6c:23:ae:b1:f9:aa:8b:d3:11:95:a5:5d:
                    8d:49:6b:b8:13:6d:03:46:57:e1:4c:80:34:7f:21:
                    cd:02:28:46:79:72:3a:29:10:8c:a6:1b:77:5d:c5:
                    e8:b0:70:d6:c8:ac:11:eb:b7:f1:ff:15:50:34:5c:
                    f6:7d:58:a2:c4:0b:67:8d:f1:f1:ac:23:ae:a4:c3:
                    7c:c0:81:8d:89:0a:77:e1:a4:e6:1c:07:33:5b:2f:
                    f1:75:83:7a:97:67:f9:1e:0f:cf:b3:73:7b:3e:e6:
                    86:26:6d:25:13:26:dc:1c:25:09:dd:3c:58:a6:ed:
                    b2:0a:8e:db:36:db:d1:19:c2:1d:ae:97:01:98:22:
                    03:ff:fc:c5:b0:ab:6c:9b:40:a2:b8:85:5f:28:fa:
                    f9:cf:40:8d:43:14:65:7a:69:89:5e:9a:57:e2:52:
                    3b:22:be:4a:2a:70:26:0c:98:27:13:e5:fa:01:f5:
                    5d:fe:a2:a5:b7:9e:e9:d9:f8:33:5e:1d:0e:03:92:
                    e6:45:e3:d3:e5:f0:98:23:15:02:05:b7:79:da:9b:
                    18:b3:65:a8:9c:b3:ef:97:9e:53:9d:5f:55:15:2f:
                    c5:42:ee:e9:3a:f2:ca:3b:f1:72:4e:06:75:35:d0:
                    53:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:76:65:31:C0:30:FF:0B:7C:AD:29:35:5A:95:C9:F4:3B:45:61:E3
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JXZlMcAw_wt8rSk1WpXJ9DtFYeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:49:23:b8:7e:a5:8c:23:1c:2f:4a:7d:b1:78:7d:85:aa:84:
         79:73:0b:8c:a9:5e:e3:34:0f:3f:6b:cd:d4:ae:17:d8:1a:51:
         8c:54:9b:07:f5:37:be:dd:a3:a4:cf:88:63:6f:ef:fc:48:03:
         8f:c9:c7:c2:86:5a:68:a7:99:54:fe:cb:45:e4:c3:84:08:1e:
         6a:58:7e:5b:ac:7b:f5:8f:21:9c:28:10:b8:59:9f:e9:a1:21:
         7b:2c:08:ea:e5:0c:04:cc:3a:88:f3:31:ad:77:79:d7:b2:65:
         82:54:8c:9d:13:46:52:e0:54:ed:09:43:50:c3:18:13:95:e6:
         68:b2:92:2e:03:31:04:1b:34:1e:22:09:8c:4b:ed:c3:83:03:
         8d:fb:08:14:0a:f9:32:e5:59:65:97:56:73:eb:e8:3e:4a:ac:
         d0:a1:87:d1:8a:d0:66:21:72:f5:51:94:30:0c:15:4a:57:78:
         14:99:49:03:0f:ed:ba:a2:9d:99:14:51:f1:cc:0f:f8:ee:63:
         4c:10:7b:40:06:e7:ae:c8:35:8d:06:1d:cd:08:56:3a:99:15:
         7d:e1:cb:29:ed:44:67:84:8e:80:fe:6d:a4:f6:4c:bd:d9:52:
         9f:1d:54:d0:83:a5:bf:73:de:85:4b:56:0e:13:c5:a4:20:a6:
         b8:72:16:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhXlWZETTcC98Q0LyaHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTc2NjUzMWMwMzBmZjBiN2NhZDI5MzU1YTk1YzlmNDNiNDU2MWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RAWyo7V/nDmfKohwFyN9uFsI66x
+aqL0xGVpV2NSWu4E20DRlfhTIA0fyHNAihGeXI6KRCMpht3XcXosHDWyKwR67fx
/xVQNFz2fViixAtnjfHxrCOupMN8wIGNiQp34aTmHAczWy/xdYN6l2f5Hg/Ps3N7
PuaGJm0lEybcHCUJ3TxYpu2yCo7bNtvRGcIdrpcBmCID//zFsKtsm0CiuIVfKPr5
z0CNQxRlemmJXppX4lI7Ir5KKnAmDJgnE+X6AfVd/qKlt57p2fgzXh0OA5LmRePT
5fCYIxUCBbd52psYs2WonLPvl55TnV9VFS/FQu7pOvLKO/FyTgZ1NdBTDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCV2ZTHAMP8LfK0pNVqVyfQ7RWHjMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvSlhabE1jQXdfd3Q4clNrMVdwWEo5RHRGWWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWb6YMA0G
CSqGSIb3DQEBCwUAA4IBAQBBSSO4fqWMIxwvSn2xeH2FqoR5cwuMqV7jNA8/a83U
rhfYGlGMVJsH9Te+3aOkz4hjb+/8SAOPycfChlpop5lU/stF5MOECB5qWH5brHv1
jyGcKBC4WZ/poSF7LAjq5QwEzDqI8zGtd3nXsmWCVIydE0ZS4FTtCUNQwxgTleZo
spIuAzEEGzQeIgmMS+3DgwON+wgUCvky5Vlll1Zz6+g+SqzQoYfRitBmIXL1UZQw
DBVKV3gUmUkDD+26op2ZFFHxzA/47mNMEHtABueuyDWNBh3NCFY6mRV94csp7URn
hI6A/m2k9ky92VKfHVTQg6W/c96FS1YOE8WkIKa4chZJ
-----END CERTIFICATE-----