Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/f2a66f-2b4a-4610-8da8-09dd4c28b1e4/1/Ji4sou3Slw8YIhYNoVVUvH3ejRM.roa
File:                     Ji4sou3Slw8YIhYNoVVUvH3ejRM.roa (raw, json)
Hash identifier:          x0qcVxp8ATOZHKRCmGByOANukSYZqZYdVLr7LKi7c34=
Subject key identifier:   26:2E:2C:A2:ED:D2:97:0F:18:22:16:0D:A1:55:54:BC:7D:DE:8D:13
Certificate issuer:       /CN=5f75203151d3b23ecccb64f520fb42549860cff0
Certificate serial:       018CC3B6D560E13314AC8DEA5E860F7CE2CC
Authority key identifier: 5F:75:20:31:51:D3:B2:3E:CC:CB:64:F5:20:FB:42:54:98:60:CF:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X3UgMVHTsj7My2T1IPtCVJhgz_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/f2a66f-2b4a-4610-8da8-09dd4c28b1e4/1/Ji4sou3Slw8YIhYNoVVUvH3ejRM.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43532
IP address blocks:        185.191.48.0/22 maxlen: 22
                          2a0a:1540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/f2a66f-2b4a-4610-8da8-09dd4c28b1e4/1/X3UgMVHTsj7My2T1IPtCVJhgz_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/f2a66f-2b4a-4610-8da8-09dd4c28b1e4/1/X3UgMVHTsj7My2T1IPtCVJhgz_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X3UgMVHTsj7My2T1IPtCVJhgz_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d5:60:e1:33:14:ac:8d:ea:5e:86:0f:7c:e2:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f75203151d3b23ecccb64f520fb42549860cff0
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=262e2ca2edd2970f1822160da15554bc7dde8d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5a:42:07:a7:e2:84:12:73:02:51:0c:03:9c:
                    73:48:2a:6d:2b:e6:b7:4d:6e:92:ad:57:e1:6f:6d:
                    68:3c:34:6b:b2:27:d3:18:f9:6f:45:9f:52:ff:b1:
                    39:19:52:5e:56:b5:63:cf:a5:70:9a:cf:3d:70:9c:
                    38:56:b3:66:f5:9f:d5:b6:e0:59:71:4e:d5:cf:fb:
                    cd:55:e3:c4:ac:a5:fa:e5:53:cd:6f:b8:09:b0:35:
                    69:cf:8b:e7:3b:db:2f:f7:46:47:50:38:04:32:a0:
                    cd:f7:f8:7d:6f:70:d5:43:da:7e:2d:98:1e:2e:4e:
                    19:a3:31:72:2d:cc:bf:73:5b:20:99:d9:94:ea:f4:
                    be:a8:c7:67:2b:e6:ff:d6:29:4a:1c:ad:01:90:17:
                    10:69:dd:6f:dc:8a:6f:8c:eb:1f:41:88:9d:75:97:
                    72:b3:79:ff:05:7f:c5:8d:9d:6b:45:21:e4:58:b8:
                    b6:3a:f1:79:a2:07:13:3f:ac:cc:d1:55:f1:0f:32:
                    ae:1f:c4:97:16:d1:e8:28:74:3c:32:c4:51:2e:ec:
                    47:be:2b:21:9d:57:e8:e8:63:47:a4:2d:88:ec:a6:
                    f8:ef:cf:ef:da:c6:7d:1d:50:b1:eb:b6:74:69:4f:
                    00:23:d3:70:07:9b:55:39:59:6c:b5:91:31:f1:a0:
                    c1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:2E:2C:A2:ED:D2:97:0F:18:22:16:0D:A1:55:54:BC:7D:DE:8D:13
            X509v3 Authority Key Identifier:
                keyid:5F:75:20:31:51:D3:B2:3E:CC:CB:64:F5:20:FB:42:54:98:60:CF:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X3UgMVHTsj7My2T1IPtCVJhgz_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/f2a66f-2b4a-4610-8da8-09dd4c28b1e4/1/Ji4sou3Slw8YIhYNoVVUvH3ejRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/f2a66f-2b4a-4610-8da8-09dd4c28b1e4/1/X3UgMVHTsj7My2T1IPtCVJhgz_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.48.0/22
                IPv6:
                  2a0a:1540::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:df:c4:a6:0c:e4:2b:a0:ac:11:73:27:5f:af:4f:87:be:ac:
         df:11:6d:2e:b1:e2:89:6d:4f:27:7c:4a:1c:30:24:32:a4:db:
         3c:54:f2:4c:b1:da:ce:32:ff:40:6f:fe:b4:20:55:9b:39:ec:
         92:92:38:1d:88:ac:15:0c:62:73:ff:5d:b1:b2:73:bf:ed:67:
         c8:aa:79:49:fc:bb:d3:84:d6:83:53:d9:c4:75:66:e9:90:29:
         d7:ec:a3:60:29:de:85:cc:5d:39:6c:92:84:f9:9e:de:c9:80:
         7c:49:28:4c:85:72:ef:d8:fe:0e:28:07:18:80:05:57:d9:4d:
         ff:9f:c0:ca:43:70:37:04:77:45:24:9c:82:88:73:e7:50:2d:
         d6:ed:9f:00:84:96:a6:ee:34:77:09:58:aa:c4:76:eb:f4:ec:
         03:f8:bd:9d:53:32:da:ae:14:fa:72:9a:41:e9:f4:93:22:da:
         e6:32:80:6b:02:92:2e:c6:8c:fc:94:c8:29:c3:ca:3f:15:66:
         9d:d6:62:b9:6c:82:1d:83:9d:19:a0:52:d7:53:6a:e9:4a:20:
         8d:4b:82:b6:d9:74:e4:15:e9:d3:16:5e:b6:d2:dc:74:6d:54:
         4a:0e:8c:bd:e4:95:24:da:35:7a:d8:a4:be:4e:0c:63:17:2f:
         45:ed:05:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDttVg4TMUrI3qXoYPfOLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNzUyMDMxNTFkM2IyM2VjY2NiNjRmNTIwZmI0MjU0OTg2
MGNmZjAwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjJlMmNhMmVkZDI5NzBmMTgyMjE2MGRhMTU1NTRiYzdkZGU4ZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFpCB6fihBJzAlEMA5xzSCptK+a3
TW6SrVfhb21oPDRrsifTGPlvRZ9S/7E5GVJeVrVjz6Vwms89cJw4VrNm9Z/VtuBZ
cU7Vz/vNVePErKX65VPNb7gJsDVpz4vnO9sv90ZHUDgEMqDN9/h9b3DVQ9p+LZge
Lk4ZozFyLcy/c1sgmdmU6vS+qMdnK+b/1ilKHK0BkBcQad1v3IpvjOsfQYiddZdy
s3n/BX/FjZ1rRSHkWLi2OvF5ogcTP6zM0VXxDzKuH8SXFtHoKHQ8MsRRLuxHvish
nVfo6GNHpC2I7Kb478/v2sZ9HVCx67Z0aU8AI9NwB5tVOVlstZEx8aDBwQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCYuLKLt0pcPGCIWDaFVVLx93o0TMB8GA1UdIwQY
MBaAFF91IDFR07I+zMtk9SD7QlSYYM/wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDNVZ01WSFRzajdNeTJUMUlQdENWSmhnel9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9mMmE2NmYtMmI0YS00NjEwLThkYTgt
MDlkZDRjMjhiMWU0LzEvSmk0c291M1NsdzhZSWhZTm9WVlV2SDNlalJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9mMmE2NmYtMmI0YS00NjEwLThkYTgtMDlkZDRjMjhiMWU0
LzEvWDNVZ01WSFRzajdNeTJUMUlQdENWSmhnel9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub8wMA0E
AgACMAcDBQMqChVAMA0GCSqGSIb3DQEBCwUAA4IBAQBs38SmDOQroKwRcydfr0+H
vqzfEW0useKJbU8nfEocMCQypNs8VPJMsdrOMv9Ab/60IFWbOeySkjgdiKwVDGJz
/12xsnO/7WfIqnlJ/LvThNaDU9nEdWbpkCnX7KNgKd6FzF05bJKE+Z7eyYB8SShM
hXLv2P4OKAcYgAVX2U3/n8DKQ3A3BHdFJJyCiHPnUC3W7Z8AhJam7jR3CViqxHbr
9OwD+L2dUzLarhT6cppB6fSTItrmMoBrApIuxoz8lMgpw8o/FWad1mK5bIIdg50Z
oFLXU2rpSiCNS4K22XTkFenTFl620tx0bVRKDoy95JUk2jV62KS+TgxjFy9F7QXg
-----END CERTIFICATE-----