Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/JsJLg7dcsL33mvU1lpZSdfdT8-c.roa
File:                     JsJLg7dcsL33mvU1lpZSdfdT8-c.roa (raw, json)
Hash identifier:          uYz87DEzors7nUYkby4SnluU3HvRHfYw4DP9xdpmcCE=
Subject key identifier:   26:C2:4B:83:B7:5C:B0:BD:F7:9A:F5:35:96:96:52:75:F7:53:F3:E7
Certificate issuer:       /CN=af030d3b4c589e94a3ef61ddd5401a8f3ff79b6d
Certificate serial:       01902A8B9C2E550ECE9E55174CB0724E4A8F
Authority key identifier: AF:03:0D:3B:4C:58:9E:94:A3:EF:61:DD:D5:40:1A:8F:3F:F7:9B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/JsJLg7dcsL33mvU1lpZSdfdT8-c.roa
Signing time:             Tue 18 Jun 2024 08:51:50 +0000
ROA not before:           Tue 18 Jun 2024 08:51:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62119
IP address blocks:        95.131.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:8b:9c:2e:55:0e:ce:9e:55:17:4c:b0:72:4e:4a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af030d3b4c589e94a3ef61ddd5401a8f3ff79b6d
        Validity
            Not Before: Jun 18 08:51:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26c24b83b75cb0bdf79af53596965275f753f3e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1a:4c:46:b9:cc:d7:5c:55:55:86:dd:ed:86:
                    a9:d3:58:bb:ac:ee:87:b2:fe:25:8a:57:7c:23:67:
                    29:77:51:98:8c:da:72:e4:d1:86:db:a7:f6:ca:d8:
                    bb:cc:5a:d2:d2:6e:13:b0:57:f7:db:ee:57:a1:18:
                    c8:e3:78:b3:79:9b:d8:2d:7d:c4:42:fa:9b:71:af:
                    a5:7b:af:91:8b:63:92:dc:f1:c6:fa:18:85:45:b1:
                    e8:6b:09:24:90:3a:3a:80:b1:27:fd:d0:89:a0:d0:
                    b7:af:f1:00:10:5c:4b:42:fb:79:63:e0:2f:57:7e:
                    02:c4:e7:f7:15:6c:b1:eb:de:19:71:bc:21:95:e7:
                    43:ba:75:8f:2a:44:71:02:05:d7:0d:29:fe:45:d5:
                    97:e5:79:f3:b7:39:c2:ac:ee:72:ff:10:d9:c0:a8:
                    fb:72:5e:40:1f:85:ec:3b:22:e4:43:d9:8a:05:fa:
                    89:5b:ca:20:53:94:ce:83:eb:05:40:20:17:85:b8:
                    26:d7:c8:0c:a7:28:d4:bf:b6:f9:6d:94:0e:a3:76:
                    06:00:3c:41:49:a2:6b:04:4b:16:e3:8d:fa:e0:49:
                    a1:c0:ec:91:1c:59:53:76:b9:2f:63:29:40:f5:ae:
                    1d:5b:c4:63:67:de:21:b5:53:bf:32:f0:6d:9d:a9:
                    8f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C2:4B:83:B7:5C:B0:BD:F7:9A:F5:35:96:96:52:75:F7:53:F3:E7
            X509v3 Authority Key Identifier:
                keyid:AF:03:0D:3B:4C:58:9E:94:A3:EF:61:DD:D5:40:1A:8F:3F:F7:9B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/JsJLg7dcsL33mvU1lpZSdfdT8-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:1b:4d:8e:0a:24:e8:59:df:07:11:b1:3c:0f:d9:34:3c:ce:
         4d:c6:e1:d8:b6:00:aa:a1:19:87:30:0a:5b:49:c0:8c:fc:7c:
         b8:16:8d:3b:17:a5:32:28:e0:6d:87:fc:c9:e7:91:a6:5c:9b:
         e1:a9:d6:5a:30:6b:74:49:e9:39:84:2b:50:1e:53:9c:af:ac:
         82:0f:7c:2d:90:a3:ea:79:1a:7b:e4:b2:8c:28:a7:93:0e:15:
         8d:ed:05:cc:6b:ba:6f:74:56:52:e2:40:4c:c8:f2:7f:08:41:
         87:df:09:ce:70:33:7c:6a:9a:20:fa:67:a9:08:a3:07:2e:1f:
         69:e6:4a:bc:79:c8:da:90:40:86:e0:9f:10:f9:67:f6:78:04:
         88:6c:61:55:1e:60:fe:01:dd:33:ea:1c:25:38:3d:13:e2:47:
         a3:65:f1:ec:16:88:93:0e:86:f5:f7:29:de:3f:91:4a:8f:6b:
         31:22:4d:0c:e1:1a:ed:12:e6:1c:57:c8:09:14:d7:84:f4:a9:
         53:c1:8e:95:6f:9c:28:12:48:3e:d2:ef:df:77:d6:da:51:90:
         00:40:b9:1f:6f:52:5c:59:3c:e4:57:f8:f8:23:08:15:ac:14:
         fe:72:bd:21:3a:a1:5c:c6:f3:77:b9:ac:8f:b3:68:44:e4:60:
         f1:ae:42:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAqi5wuVQ7OnlUXTLByTkqPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDMwZDNiNGM1ODllOTRhM2VmNjFkZGQ1NDAxYThmM2Zm
NzliNmQwHhcNMjQwNjE4MDg1MTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmMyNGI4M2I3NWNiMGJkZjc5YWY1MzU5Njk2NTI3NWY3NTNmM2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhpMRrnM11xVVYbd7Yap01i7rO6H
sv4lild8I2cpd1GYjNpy5NGG26f2yti7zFrS0m4TsFf32+5XoRjI43izeZvYLX3E
Qvqbca+le6+Ri2OS3PHG+hiFRbHoawkkkDo6gLEn/dCJoNC3r/EAEFxLQvt5Y+Av
V34CxOf3FWyx694ZcbwhledDunWPKkRxAgXXDSn+RdWX5XnztznCrO5y/xDZwKj7
cl5AH4XsOyLkQ9mKBfqJW8ogU5TOg+sFQCAXhbgm18gMpyjUv7b5bZQOo3YGADxB
SaJrBEsW44364EmhwOyRHFlTdrkvYylA9a4dW8RjZ94htVO/MvBtnamPiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbCS4O3XLC995r1NZaWUnX3U/PnMB8GA1UdIwQY
MBaAFK8DDTtMWJ6Uo+9h3dVAGo8/95ttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndNTk8weFlucFNqNzJIZDFVQWFqel8zbTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8wZGE4NDctMWFlOS00OTZjLTg5ZmEt
OTI0NWE5YWI5NzhiLzEvSnNKTGc3ZGNzTDMzbXZVMWxwWlNkZmRUOC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8wZGE4NDctMWFlOS00OTZjLTg5ZmEtOTI0NWE5YWI5Nzhi
LzEvcndNTk8weFlucFNqNzJIZDFVQWFqel8zbTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4PNMA0G
CSqGSIb3DQEBCwUAA4IBAQCFG02OCiToWd8HEbE8D9k0PM5NxuHYtgCqoRmHMApb
ScCM/Hy4Fo07F6UyKOBth/zJ55GmXJvhqdZaMGt0Sek5hCtQHlOcr6yCD3wtkKPq
eRp75LKMKKeTDhWN7QXMa7pvdFZS4kBMyPJ/CEGH3wnOcDN8apog+mepCKMHLh9p
5kq8ecjakECG4J8Q+Wf2eASIbGFVHmD+Ad0z6hwlOD0T4kejZfHsFoiTDob19yne
P5FKj2sxIk0M4RrtEuYcV8gJFNeE9KlTwY6Vb5woEkg+0u/fd9baUZAAQLkfb1Jc
WTzkV/j4IwgVrBT+cr0hOqFcxvN3uayPs2hE5GDxrkID
-----END CERTIFICATE-----