Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/jprbCq9AFDjNP46V3MRZPP3_HnE.roa
File:                     jprbCq9AFDjNP46V3MRZPP3_HnE.roa (raw, json)
Hash identifier:          neDCtacWjpbbAnRDZzHD7aot59/ZjJQHbYrIZeEecgQ=
Subject key identifier:   8E:9A:DB:0A:AF:40:14:38:CD:3F:8E:95:DC:C4:59:3C:FD:FF:1E:71
Certificate issuer:       /CN=5ed99d49c4b0e46b2786842731e153485c8ac48b
Certificate serial:       018CC492D4A318953F2A423846B960240F56
Authority key identifier: 5E:D9:9D:49:C4:B0:E4:6B:27:86:84:27:31:E1:53:48:5C:8A:C4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/jprbCq9AFDjNP46V3MRZPP3_HnE.roa
Signing time:             Mon 01 Jan 2024 10:30:06 +0000
ROA not before:           Mon 01 Jan 2024 10:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        91.209.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/XtmdScSw5GsnhoQnMeFTSFyKxIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/XtmdScSw5GsnhoQnMeFTSFyKxIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d4:a3:18:95:3f:2a:42:38:46:b9:60:24:0f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ed99d49c4b0e46b2786842731e153485c8ac48b
        Validity
            Not Before: Jan  1 10:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e9adb0aaf401438cd3f8e95dcc4593cfdff1e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:86:e4:60:48:c6:59:6e:44:49:d3:52:fb:2a:
                    6a:7f:8c:2a:c9:79:b3:0a:35:4d:98:d1:4c:d5:cd:
                    a4:21:72:eb:77:21:a4:18:f3:15:8a:31:03:21:98:
                    28:97:6c:46:5a:b8:b7:9a:d7:ff:66:b6:77:71:58:
                    ab:01:e8:eb:29:f1:02:00:13:3e:85:98:8c:0e:7f:
                    04:7a:c9:85:5a:85:07:79:1f:ca:c7:1f:3c:b9:2b:
                    91:f0:d8:72:48:92:58:17:66:51:4a:40:37:d9:b8:
                    6b:58:31:85:ac:79:38:2b:84:67:14:b5:68:ac:f9:
                    d9:aa:52:49:61:f8:0d:ed:7e:f8:7b:80:f4:8a:1d:
                    9c:1a:da:95:41:33:9a:62:44:ce:5e:6f:3b:29:d1:
                    5d:76:6b:a1:e6:87:23:ab:ae:de:66:4b:00:ea:dd:
                    6e:12:ac:fe:97:c5:15:5d:7d:21:94:99:1d:ac:e2:
                    c6:94:b5:08:1d:52:3c:cc:52:26:f2:ca:87:0b:df:
                    fb:c7:e8:46:0e:64:68:24:cf:57:3b:ea:ad:73:35:
                    d4:82:a5:cc:2a:f5:89:18:7e:ac:0f:0d:ce:68:75:
                    02:f7:ba:d2:2c:43:7a:ba:54:16:93:89:1b:05:5b:
                    02:4b:76:bf:9f:b5:16:34:b5:8e:73:a7:33:c0:6e:
                    35:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:9A:DB:0A:AF:40:14:38:CD:3F:8E:95:DC:C4:59:3C:FD:FF:1E:71
            X509v3 Authority Key Identifier:
                keyid:5E:D9:9D:49:C4:B0:E4:6B:27:86:84:27:31:E1:53:48:5C:8A:C4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/jprbCq9AFDjNP46V3MRZPP3_HnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/XtmdScSw5GsnhoQnMeFTSFyKxIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ee:a6:95:06:d8:00:56:33:fd:20:3c:d7:d5:b2:1c:a1:e3:
         a8:a9:77:aa:9b:f7:ac:ba:b7:e8:4a:e4:56:da:81:a0:e5:46:
         5b:96:c2:3a:e2:83:24:a4:cd:75:41:17:99:32:79:90:eb:e3:
         07:b3:60:b4:a4:7d:f5:83:68:55:1a:94:4d:21:16:43:f5:a7:
         0a:61:18:a5:99:7f:d2:3a:e5:d7:b1:38:4f:a7:2b:06:a6:27:
         c0:1d:bf:55:41:2a:ef:7d:a5:1f:0d:99:e4:59:cb:85:c9:5c:
         87:60:bd:ad:2e:4c:65:cb:99:a4:ee:e9:ef:89:bc:39:7e:58:
         56:a6:c1:38:5d:62:27:cc:25:05:fe:97:ae:b4:6a:6d:15:73:
         60:e5:b2:3f:91:73:29:34:a8:a3:3c:c2:9f:d3:7a:c9:0f:1e:
         87:18:3f:ae:2c:9d:c7:b4:c2:db:14:a9:65:62:96:4f:23:d6:
         f0:37:77:62:67:06:45:5c:93:eb:35:d4:af:08:72:8a:d9:9a:
         c9:06:56:7d:35:c9:fa:b0:e1:58:a9:5e:a7:cd:0a:5c:0b:30:
         f3:b0:af:0f:68:6d:05:29:17:8e:07:5e:23:2c:b2:5c:b4:67:
         60:21:75:c9:d7:1a:8d:de:41:c1:88:82:dd:6e:c8:da:b2:75:
         43:60:a7:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktSjGJU/KkI4RrlgJA9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZDk5ZDQ5YzRiMGU0NmIyNzg2ODQyNzMxZTE1MzQ4NWM4
YWM0OGIwHhcNMjQwMTAxMTAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTlhZGIwYWFmNDAxNDM4Y2QzZjhlOTVkY2M0NTkzY2ZkZmYxZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIbkYEjGWW5ESdNS+ypqf4wqyXmz
CjVNmNFM1c2kIXLrdyGkGPMVijEDIZgol2xGWri3mtf/ZrZ3cVirAejrKfECABM+
hZiMDn8EesmFWoUHeR/Kxx88uSuR8NhySJJYF2ZRSkA32bhrWDGFrHk4K4RnFLVo
rPnZqlJJYfgN7X74e4D0ih2cGtqVQTOaYkTOXm87KdFddmuh5ocjq67eZksA6t1u
Eqz+l8UVXX0hlJkdrOLGlLUIHVI8zFIm8sqHC9/7x+hGDmRoJM9XO+qtczXUgqXM
KvWJGH6sDw3OaHUC97rSLEN6ulQWk4kbBVsCS3a/n7UWNLWOc6czwG41rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6a2wqvQBQ4zT+OldzEWTz9/x5xMB8GA1UdIwQY
MBaAFF7ZnUnEsORrJ4aEJzHhU0hcisSLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHRtZFNjU3c1R3NuaG9Rbk1lRlRTRnlLeElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85Yjg5M2UtN2IwYy00MWFhLWE5NTEt
OTBjM2FmYzdjOTQ3LzEvanByYkNxOUFGRGpOUDQ2VjNNUlpQUDNfSG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85Yjg5M2UtN2IwYy00MWFhLWE5NTEtOTBjM2FmYzdjOTQ3
LzEvWHRtZFNjU3c1R3NuaG9Rbk1lRlRTRnlLeElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GqMA0G
CSqGSIb3DQEBCwUAA4IBAQBA7qaVBtgAVjP9IDzX1bIcoeOoqXeqm/esurfoSuRW
2oGg5UZblsI64oMkpM11QReZMnmQ6+MHs2C0pH31g2hVGpRNIRZD9acKYRilmX/S
OuXXsThPpysGpifAHb9VQSrvfaUfDZnkWcuFyVyHYL2tLkxly5mk7unvibw5flhW
psE4XWInzCUF/peutGptFXNg5bI/kXMpNKijPMKf03rJDx6HGD+uLJ3HtMLbFKll
YpZPI9bwN3diZwZFXJPrNdSvCHKK2ZrJBlZ9Ncn6sOFYqV6nzQpcCzDzsK8PaG0F
KReOB14jLLJctGdgIXXJ1xqN3kHBiILdbsjasnVDYKcr
-----END CERTIFICATE-----