Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jyOxZvnR119yiuWoMu6epibCnLE.roa
File:                     jyOxZvnR119yiuWoMu6epibCnLE.roa (raw, json)
Hash identifier:          dW1gmpoVpmB/xyPHTwm5hAARurUNurMDgadm+vNHTu8=
Subject key identifier:   8F:23:B1:66:F9:D1:D7:5F:72:8A:E5:A8:32:EE:9E:A6:26:C2:9C:B1
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018F8BA089171DED4F54AA2981C2772DBFCB
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jyOxZvnR119yiuWoMu6epibCnLE.roa
Signing time:             Sat 18 May 2024 12:15:04 +0000
ROA not before:           Sat 18 May 2024 12:15:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     251
IP address blocks:        193.34.48.0/22 maxlen: 24
                          195.13.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 08:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8b:a0:89:17:1d:ed:4f:54:aa:29:81:c2:77:2d:bf:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: May 18 12:15:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f23b166f9d1d75f728ae5a832ee9ea626c29cb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b4:54:d2:96:4e:76:31:4d:9f:50:ad:7d:bb:
                    f3:64:2e:a6:f1:2e:d0:71:78:5d:84:ad:5c:f9:58:
                    8a:3d:f1:45:3d:0e:8a:fc:c3:95:e8:21:7b:7f:25:
                    51:f9:ba:33:0d:d3:1c:62:5d:ea:eb:86:27:55:16:
                    03:e0:61:c5:99:89:22:3e:51:b8:79:5d:d0:a0:2a:
                    52:7c:55:ae:9c:94:55:a8:ca:5f:2e:92:15:d3:ca:
                    2f:2e:3f:52:58:cc:1f:dd:69:e2:f8:ea:17:a3:e9:
                    69:7f:13:d5:d5:2b:b7:f2:b7:8b:59:bd:ea:4d:03:
                    c1:3f:95:c1:1e:49:23:c6:d9:25:86:50:bc:4a:41:
                    7a:e9:32:2a:03:fb:05:18:62:09:16:42:5a:f2:9d:
                    d0:54:03:e5:fd:71:91:7e:c1:14:ac:8e:4d:50:54:
                    35:a1:65:f8:7e:d7:0e:32:fd:3d:5c:f0:ab:f9:d2:
                    fe:c0:f2:b4:7c:01:7b:e7:41:0a:b2:42:1d:0c:01:
                    70:54:bd:ba:f3:00:c5:3e:7f:ea:b5:06:33:32:20:
                    56:8f:9b:e5:81:f5:fe:fc:43:c0:b3:aa:08:3a:78:
                    0a:42:1f:99:1a:37:ce:02:bd:db:e2:2b:2c:3c:1b:
                    20:3a:62:96:83:f1:19:3d:77:30:2f:ff:d7:eb:a1:
                    28:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:23:B1:66:F9:D1:D7:5F:72:8A:E5:A8:32:EE:9E:A6:26:C2:9C:B1
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jyOxZvnR119yiuWoMu6epibCnLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.48.0/22
                  195.13.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:5b:78:ca:ff:52:8e:7d:70:c6:1f:ea:bd:24:e9:b6:fe:95:
         e0:ea:d4:bc:cf:c0:ce:54:65:b1:d2:4b:58:08:a6:1f:2a:c2:
         4c:40:1b:1c:a6:9b:ca:29:f0:e5:0b:78:91:d6:e8:4d:86:dc:
         43:98:e0:eb:8a:8e:5a:3c:41:40:a3:8d:bd:37:69:fe:c2:18:
         55:7a:20:6d:b9:e9:4c:f5:f8:75:c6:55:22:cf:99:20:09:a7:
         c4:f8:ee:f2:64:6b:90:ff:9c:56:09:e1:15:90:85:5a:07:06:
         2c:1f:d0:e8:75:41:a9:70:01:2b:dc:06:8c:d4:16:61:71:3e:
         0e:75:8d:a7:26:58:36:60:ab:37:91:06:34:24:28:43:14:e3:
         ac:7d:aa:2d:7b:81:ff:74:19:22:48:f2:dc:ca:f3:83:60:12:
         fb:f6:fb:be:ef:11:c6:a7:25:10:dd:86:72:95:04:79:42:4f:
         4d:91:cb:49:16:5e:01:29:7d:98:ce:ba:b8:4b:25:dd:33:d0:
         96:b9:56:64:28:8b:4f:c6:5a:77:f9:8c:39:b5:69:10:d4:b9:
         e1:46:e5:02:97:b9:33:72:33:52:f0:5d:b9:a2:69:b0:15:a4:
         89:de:da:d9:54:37:46:5c:87:48:3b:b3:97:b3:dd:d7:b3:87:
         40:28:6d:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+LoIkXHe1PVKopgcJ3Lb/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwNTE4MTIxNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjIzYjE2NmY5ZDFkNzVmNzI4YWU1YTgzMmVlOWVhNjI2YzI5Y2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17RU0pZOdjFNn1CtfbvzZC6m8S7Q
cXhdhK1c+ViKPfFFPQ6K/MOV6CF7fyVR+bozDdMcYl3q64YnVRYD4GHFmYkiPlG4
eV3QoCpSfFWunJRVqMpfLpIV08ovLj9SWMwf3Wni+OoXo+lpfxPV1Su38reLWb3q
TQPBP5XBHkkjxtklhlC8SkF66TIqA/sFGGIJFkJa8p3QVAPl/XGRfsEUrI5NUFQ1
oWX4ftcOMv09XPCr+dL+wPK0fAF750EKskIdDAFwVL268wDFPn/qtQYzMiBWj5vl
gfX+/EPAs6oIOngKQh+ZGjfOAr3b4issPBsgOmKWg/EZPXcwL//X66Eo9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI8jsWb50ddfcorlqDLunqYmwpyxMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvanlPeFp2blIxMTl5aXVXb011NmVwaWJDbkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwSIwAwQC
ww08MA0GCSqGSIb3DQEBCwUAA4IBAQBZW3jK/1KOfXDGH+q9JOm2/pXg6tS8z8DO
VGWx0ktYCKYfKsJMQBscppvKKfDlC3iR1uhNhtxDmODrio5aPEFAo429N2n+whhV
eiBtuelM9fh1xlUiz5kgCafE+O7yZGuQ/5xWCeEVkIVaBwYsH9DodUGpcAEr3AaM
1BZhcT4OdY2nJlg2YKs3kQY0JChDFOOsfaote4H/dBkiSPLcyvODYBL79vu+7xHG
pyUQ3YZylQR5Qk9NkctJFl4BKX2Yzrq4SyXdM9CWuVZkKItPxlp3+Yw5tWkQ1Lnh
RuUCl7kzcjNS8F25ommwFaSJ3trZVDdGXIdIO7OXs93Xs4dAKG2i
-----END CERTIFICATE-----