Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/jlCcD41xYb3r1Zw2isHB_ID7BD8.roa
File:                     jlCcD41xYb3r1Zw2isHB_ID7BD8.roa (raw, json)
Hash identifier:          pCDcKea3X8TeVAaOrQuAlkLewWFjg3QKuFWdS/NxUPw=
Subject key identifier:   8E:50:9C:0F:8D:71:61:BD:EB:D5:9C:36:8A:C1:C1:FC:80:FB:04:3F
Certificate issuer:       /CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Certificate serial:       018CC56EB1C50EE14F9E5B592C047058A16E
Authority key identifier: F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/jlCcD41xYb3r1Zw2isHB_ID7BD8.roa
Signing time:             Mon 01 Jan 2024 14:30:15 +0000
ROA not before:           Mon 01 Jan 2024 14:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51180
IP address blocks:        91.241.96.0/20 maxlen: 21
                          91.241.112.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b1:c5:0e:e1:4f:9e:5b:59:2c:04:70:58:a1:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
        Validity
            Not Before: Jan  1 14:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e509c0f8d7161bdebd59c368ac1c1fc80fb043f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e0:03:c3:c8:a0:31:11:9a:3b:18:93:eb:35:
                    ab:e6:f2:cd:c1:c7:72:9a:31:df:ea:af:01:32:99:
                    16:c7:61:5c:2c:6b:60:0a:ad:b2:c4:2a:fb:42:f5:
                    5b:54:19:61:af:40:88:f6:26:88:e0:44:c0:c4:07:
                    75:38:f7:1f:8b:ac:ea:24:a4:bf:b4:02:f3:79:8b:
                    ad:f1:3b:7b:c7:80:04:28:37:18:14:69:01:4b:8f:
                    82:6a:b9:1d:4d:63:ed:b8:91:1a:d2:41:5f:62:b8:
                    53:01:9a:65:0e:ac:08:6c:35:3c:64:51:7a:1a:e2:
                    f0:84:e1:83:ba:52:b8:4b:af:f3:07:50:c7:3a:a9:
                    82:36:6c:9f:6d:a7:43:8a:62:4c:50:e0:0e:b9:02:
                    5a:79:a1:32:ad:63:d3:e3:43:2d:2d:ad:eb:b1:a9:
                    e3:b7:10:5a:96:a7:f6:aa:ce:5c:2a:d8:ba:67:cf:
                    97:38:cc:73:56:ed:31:af:c9:e4:f5:a2:b8:20:44:
                    8c:94:a2:61:90:c6:73:4a:3a:53:c1:a3:2c:4a:38:
                    e3:c7:b4:6a:1e:08:1e:38:64:e8:80:2d:21:ca:1e:
                    f3:d8:47:fd:d3:ae:04:2f:c6:ed:ce:51:63:9b:f1:
                    3c:1d:f9:96:67:a9:62:92:81:a7:f6:ad:ff:72:19:
                    5a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:50:9C:0F:8D:71:61:BD:EB:D5:9C:36:8A:C1:C1:FC:80:FB:04:3F
            X509v3 Authority Key Identifier:
                keyid:F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/jlCcD41xYb3r1Zw2isHB_ID7BD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.96.0-91.241.119.255

    Signature Algorithm: sha256WithRSAEncryption
         8f:36:94:c9:c3:46:c1:75:bf:2a:c5:09:9c:b6:11:5e:21:9d:
         0a:57:a3:2c:96:75:b8:34:cb:e2:a5:98:c0:2f:3c:eb:10:ab:
         19:39:c8:f4:a6:ef:85:17:3d:44:71:00:f6:be:47:27:5f:6d:
         2a:96:c0:f0:c3:9e:bc:7b:50:ed:a5:14:92:e7:00:a3:80:b9:
         c8:09:d9:9e:e5:6c:3a:eb:db:e8:1a:b4:c1:97:2e:a2:c7:67:
         29:4f:a7:d1:2e:2b:f7:9d:d4:98:01:82:4e:4a:81:59:46:ce:
         0c:52:4b:79:6b:5b:bc:34:d1:a7:2c:70:b5:b4:37:12:45:a8:
         4c:68:ba:d4:c4:ad:b7:e5:d2:6e:a1:1b:b2:41:04:c6:8b:30:
         23:33:1b:37:b1:1f:0e:eb:36:c5:3d:7c:1a:51:8c:55:7d:dc:
         88:e9:2e:37:71:6f:50:fa:05:ef:9d:3a:c1:98:ca:11:0b:46:
         5f:4d:f0:1a:1d:a1:ea:f0:9a:31:b0:81:a9:29:c2:e1:73:3d:
         9c:cd:f6:17:30:de:8d:f2:a4:f4:15:73:ed:73:48:5c:ac:f7:
         20:75:d2:43:99:04:7c:d1:29:db:17:06:05:6f:1e:3f:3b:3a:
         72:2c:15:48:5b:74:d0:42:64:aa:d4:e4:08:60:49:3a:e4:62:
         d2:32:62:2c
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzFbrHFDuFPnltZLARwWKFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDEyODE0NmI3YmVjOGJkMTE4NWJiZTBjM2I5MzQwYWFm
NWI3MTQwHhcNMjQwMTAxMTQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTUwOWMwZjhkNzE2MWJkZWJkNTljMzY4YWMxYzFmYzgwZmIwNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuADw8igMRGaOxiT6zWr5vLNwcdy
mjHf6q8BMpkWx2FcLGtgCq2yxCr7QvVbVBlhr0CI9iaI4ETAxAd1OPcfi6zqJKS/
tALzeYut8Tt7x4AEKDcYFGkBS4+CarkdTWPtuJEa0kFfYrhTAZplDqwIbDU8ZFF6
GuLwhOGDulK4S6/zB1DHOqmCNmyfbadDimJMUOAOuQJaeaEyrWPT40MtLa3rsanj
txBalqf2qs5cKti6Z8+XOMxzVu0xr8nk9aK4IESMlKJhkMZzSjpTwaMsSjjjx7Rq
HggeOGTogC0hyh7z2Ef9064EL8btzlFjm/E8HfmWZ6likoGn9q3/chlaRwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFI5QnA+NcWG969WcNorBwfyA+wQ/MB8GA1UdIwQY
MBaAFPhBKBRre+yL0Rhbvgw7k0Cq9bcUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FRW9GR3Q3N0l2UkdGdS1ERHVUUUtyMXR4US5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQx
LTEzODM5NjQwYTYwNC8xL2psQ2NENDF4WWIzcjFadzJpc0hCX0lEN0JEOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQxLTEzODM5NjQwYTYw
NC8xLzEtRUVvRkd0NzdJdlJHRnUtRER1VFFLcjF0eFEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEBVvx
YAMEA1vxcDANBgkqhkiG9w0BAQsFAAOCAQEAjzaUycNGwXW/KsUJnLYRXiGdClej
LJZ1uDTL4qWYwC886xCrGTnI9KbvhRc9RHEA9r5HJ19tKpbA8MOevHtQ7aUUkucA
o4C5yAnZnuVsOuvb6Bq0wZcuosdnKU+n0S4r953UmAGCTkqBWUbODFJLeWtbvDTR
pyxwtbQ3EkWoTGi61MStt+XSbqEbskEExoswIzMbN7EfDus2xT18GlGMVX3ciOku
N3FvUPoF7506wZjKEQtGX03wGh2h6vCaMbCBqSnC4XM9nM32FzDejfKk9BVz7XNI
XKz3IHXSQ5kEfNEp2xcGBW8ePzs6ciwVSFt00EJkqtTkCGBJOuRi0jJiLA==
-----END CERTIFICATE-----