Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/Js_ZCpI62fW6OCCGbgI42AQD63A.roa
File:                     Js_ZCpI62fW6OCCGbgI42AQD63A.roa (raw, json)
Hash identifier:          y1QtIlCFgvFDRAKbl39ccWmnyp1D08bd/RLyotLjbgk=
Subject key identifier:   26:CF:D9:0A:92:3A:D9:F5:BA:38:20:86:6E:02:38:D8:04:03:EB:70
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       018CC4936B7D426FE6C590859427342D9229
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/Js_ZCpI62fW6OCCGbgI42AQD63A.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25176
IP address blocks:        193.10.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6b:7d:42:6f:e6:c5:90:85:94:27:34:2d:92:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26cfd90a923ad9f5ba3820866e0238d80403eb70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:43:d0:45:49:72:4d:fa:30:cc:c5:45:0d:e6:
                    23:27:10:fe:76:76:f2:6d:4f:c7:48:5c:bf:55:6d:
                    ab:00:e5:46:50:91:de:93:aa:b3:33:c7:25:54:90:
                    39:6d:81:90:97:0d:e3:f4:12:7f:58:c6:77:82:e9:
                    3e:c5:2c:83:cd:67:04:aa:8b:54:05:ed:32:fc:4f:
                    ef:27:98:dd:68:be:50:7a:14:30:c3:5a:c9:9c:e4:
                    7a:c0:63:f3:68:93:33:50:9f:c0:d6:c7:ec:bd:37:
                    36:53:1d:95:bf:0b:b4:68:81:0b:5f:c0:0d:91:71:
                    98:b1:89:bd:0f:5e:83:89:a0:2b:94:8d:d3:ae:ec:
                    0d:ed:55:08:8c:45:a4:d4:2d:eb:06:b9:bb:a7:c9:
                    6a:e0:96:af:bd:a5:5b:ab:5a:94:9f:14:c6:c4:c1:
                    ce:b3:b6:ee:fb:eb:f4:08:aa:2b:5e:96:94:b6:59:
                    92:95:0f:73:ea:2f:29:8d:dc:a0:e4:9b:98:5d:32:
                    37:bb:19:b0:79:e8:16:01:bc:41:75:27:df:60:36:
                    7d:2b:cd:42:73:17:1e:43:03:ec:9a:b4:38:16:d5:
                    8e:ad:36:45:31:a1:c7:02:80:b3:63:8c:1d:6a:85:
                    e5:41:00:59:b4:18:dc:4a:a2:8c:33:24:7b:fc:45:
                    73:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:CF:D9:0A:92:3A:D9:F5:BA:38:20:86:6E:02:38:D8:04:03:EB:70
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/Js_ZCpI62fW6OCCGbgI42AQD63A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.10.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:91:bb:6a:7b:ba:1a:0e:35:21:b9:48:18:ce:2a:93:3f:3a:
         55:85:bc:b1:9e:46:4e:2f:24:72:5d:22:e4:de:17:be:31:c6:
         a4:3d:73:8e:e7:a3:f2:82:b4:aa:09:ce:71:ad:64:30:b0:69:
         83:98:0d:3f:d6:75:bf:b5:e7:e7:8a:a6:20:1e:3b:c0:08:8f:
         0c:75:63:bf:40:29:34:df:bc:b3:16:1d:2b:a4:80:22:cc:5c:
         81:82:f4:a5:cf:e6:9a:cb:59:b6:42:c5:34:6b:08:6a:e9:51:
         90:bd:a0:8c:fc:31:e8:0c:fe:2c:40:06:5a:cd:19:dc:67:9c:
         28:79:f4:13:f2:d1:20:49:36:de:26:c0:3e:8a:2f:7c:f9:ca:
         60:17:72:0a:01:f8:96:db:6c:e7:c6:62:c2:99:a2:93:7d:82:
         95:e6:70:b0:a5:00:02:52:28:5c:b6:33:f2:af:75:b2:2b:ae:
         19:22:78:05:d8:5d:b4:d7:69:7a:0e:a3:d2:10:a2:28:bd:f8:
         3f:92:02:2b:66:95:61:a0:9d:a5:44:8f:ab:69:94:d5:1c:9c:
         a1:87:6f:f9:1c:35:2f:7d:23:6f:41:df:3e:9b:dd:33:cf:67:
         61:f3:c8:99:a3:5f:c5:91:ed:a9:b9:bb:ba:cd:82:6e:b4:28:
         6a:31:f7:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2t9Qm/mxZCFlCc0LZIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmNmZDkwYTkyM2FkOWY1YmEzODIwODY2ZTAyMzhkODA0MDNlYjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokPQRUlyTfowzMVFDeYjJxD+dnby
bU/HSFy/VW2rAOVGUJHek6qzM8clVJA5bYGQlw3j9BJ/WMZ3guk+xSyDzWcEqotU
Be0y/E/vJ5jdaL5QehQww1rJnOR6wGPzaJMzUJ/A1sfsvTc2Ux2Vvwu0aIELX8AN
kXGYsYm9D16DiaArlI3TruwN7VUIjEWk1C3rBrm7p8lq4JavvaVbq1qUnxTGxMHO
s7bu++v0CKorXpaUtlmSlQ9z6i8pjdyg5JuYXTI3uxmweegWAbxBdSffYDZ9K81C
cxceQwPsmrQ4FtWOrTZFMaHHAoCzY4wdaoXlQQBZtBjcSqKMMyR7/EVzNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbP2QqSOtn1ujgghm4CONgEA+twMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvSnNfWkNwSTYyZlc2T0NDR2JnSTQyQVFENjNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQogMA0G
CSqGSIb3DQEBCwUAA4IBAQAokbtqe7oaDjUhuUgYziqTPzpVhbyxnkZOLyRyXSLk
3he+McakPXOO56PygrSqCc5xrWQwsGmDmA0/1nW/tefniqYgHjvACI8MdWO/QCk0
37yzFh0rpIAizFyBgvSlz+aay1m2QsU0awhq6VGQvaCM/DHoDP4sQAZazRncZ5wo
efQT8tEgSTbeJsA+ii98+cpgF3IKAfiW22znxmLCmaKTfYKV5nCwpQACUihctjPy
r3WyK64ZIngF2F2012l6DqPSEKIovfg/kgIrZpVhoJ2lRI+raZTVHJyhh2/5HDUv
fSNvQd8+m90zz2dh88iZo1/Fke2pubu6zYJutChqMffd
-----END CERTIFICATE-----