Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JL54i7IJIw4dGMCireMqNgXiWjo.roa
File:                     JL54i7IJIw4dGMCireMqNgXiWjo.roa (raw, json)
Hash identifier:          8rVx6bZzxX+JNAKGWp0Yb/FjTQnH2/NpH2zyv0S6KVg=
Subject key identifier:   24:BE:78:8B:B2:09:23:0E:1D:18:C0:A2:AD:E3:2A:36:05:E2:5A:3A
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941A2D3D9F31811542036FB0EF38D1
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JL54i7IJIw4dGMCireMqNgXiWjo.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49478
IP address blocks:        109.248.252.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1a:2d:3d:9f:31:81:15:42:03:6f:b0:ef:38:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24be788bb209230e1d18c0a2ade32a3605e25a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4a:ab:2a:93:32:b2:16:37:a9:fc:56:1c:80:
                    8f:37:d4:4f:23:15:44:0e:bb:55:15:b8:f9:a2:5b:
                    6d:fd:f9:7b:e5:e3:24:0e:03:39:d0:2b:41:68:97:
                    3e:70:43:ea:60:8d:8c:2f:e4:19:d7:15:8a:d6:1d:
                    45:31:a6:85:84:43:5b:b3:a9:99:6c:e0:09:23:60:
                    5a:5b:f7:75:3c:69:60:16:7d:3e:c5:4f:9a:5d:43:
                    cb:cd:cc:3f:90:98:91:77:0a:0e:92:70:bb:4a:17:
                    ee:3b:38:48:35:2d:6a:8b:d0:52:7b:d6:f6:c7:78:
                    ac:0b:ed:4a:aa:00:e8:bb:b5:fb:94:55:80:92:43:
                    f3:54:9e:55:8f:8c:37:6b:0b:d6:e1:50:35:d5:c0:
                    02:6b:e7:24:90:6b:8c:a3:82:5d:0b:3e:62:3a:4b:
                    67:5c:40:1b:76:ee:6e:ed:41:e1:76:ba:3a:19:d8:
                    46:ca:25:b0:76:94:61:f2:c7:50:b8:42:e4:f5:2b:
                    28:55:e1:f4:9c:1a:e5:a1:96:f3:a2:07:28:19:79:
                    a3:2a:4a:59:44:9b:fb:73:95:47:9d:16:9d:dd:d2:
                    61:a4:57:a8:7a:e9:4e:25:38:91:a6:59:21:0b:a7:
                    89:82:7f:19:cd:3e:17:0b:38:b1:90:d2:2e:0e:5d:
                    8a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:BE:78:8B:B2:09:23:0E:1D:18:C0:A2:AD:E3:2A:36:05:E2:5A:3A
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JL54i7IJIw4dGMCireMqNgXiWjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:41:5f:38:08:08:6c:34:f7:ba:8a:57:33:e5:18:c4:f7:e6:
         19:bf:eb:00:11:55:a3:bc:59:83:ac:ba:60:a6:8a:c5:91:87:
         40:f4:9e:56:a6:9b:39:fa:55:bf:b6:54:b0:30:5c:a2:50:24:
         79:e0:d4:1b:98:6c:3e:f8:af:f7:c0:e1:2c:b6:5b:d3:83:1b:
         16:4d:c3:f0:49:5a:68:2f:64:1a:f7:a2:72:b1:12:a4:f6:c9:
         0c:56:90:5e:ac:77:3d:f1:fa:89:4c:e7:41:f6:58:0a:38:27:
         b5:40:48:ff:87:a0:b1:cf:d8:62:7a:b1:ac:1f:47:a2:c8:3a:
         c2:98:b4:7a:24:c1:9a:53:08:f6:51:c1:04:16:62:8a:ba:a7:
         fb:83:65:ac:4d:4c:62:6e:74:db:7a:cf:72:c5:cd:34:6e:23:
         a6:11:bb:e0:e5:17:45:f2:91:52:6d:89:fb:e0:9a:0c:50:8a:
         46:9a:d8:08:53:8b:e1:8e:f8:e9:c7:b4:7f:a1:b1:1e:74:e0:
         3b:47:b3:9d:87:46:97:b6:dc:06:f0:00:a6:19:7e:bd:11:bd:
         76:34:5b:63:da:18:17:45:3f:62:a3:b5:1e:db:f5:b1:d5:3c:
         f9:5c:ea:61:23:ca:3d:27:c4:0d:c9:b3:d3:ab:cd:20:3e:04:
         8b:aa:38:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBotPZ8xgRVCA2+w7zjRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGJlNzg4YmIyMDkyMzBlMWQxOGMwYTJhZGUzMmEzNjA1ZTI1YTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikqrKpMyshY3qfxWHICPN9RPIxVE
DrtVFbj5oltt/fl75eMkDgM50CtBaJc+cEPqYI2ML+QZ1xWK1h1FMaaFhENbs6mZ
bOAJI2BaW/d1PGlgFn0+xU+aXUPLzcw/kJiRdwoOknC7ShfuOzhINS1qi9BSe9b2
x3isC+1KqgDou7X7lFWAkkPzVJ5Vj4w3awvW4VA11cACa+ckkGuMo4JdCz5iOktn
XEAbdu5u7UHhdro6GdhGyiWwdpRh8sdQuELk9SsoVeH0nBrloZbzogcoGXmjKkpZ
RJv7c5VHnRad3dJhpFeoeulOJTiRplkhC6eJgn8ZzT4XCzixkNIuDl2K4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCS+eIuyCSMOHRjAoq3jKjYF4lo6MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvSkw1NGk3SUpJdzRkR01DaXJlTXFOZ1hpV2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbfj8MA0G
CSqGSIb3DQEBCwUAA4IBAQBmQV84CAhsNPe6ilcz5RjE9+YZv+sAEVWjvFmDrLpg
porFkYdA9J5Wpps5+lW/tlSwMFyiUCR54NQbmGw++K/3wOEstlvTgxsWTcPwSVpo
L2Qa96JysRKk9skMVpBerHc98fqJTOdB9lgKOCe1QEj/h6Cxz9hierGsH0eiyDrC
mLR6JMGaUwj2UcEEFmKKuqf7g2WsTUxibnTbes9yxc00biOmEbvg5RdF8pFSbYn7
4JoMUIpGmtgIU4vhjvjpx7R/obEedOA7R7Odh0aXttwG8ACmGX69Eb12NFtj2hgX
RT9io7Ue2/Wx1Tz5XOphI8o9J8QNybPTq80gPgSLqjj7
-----END CERTIFICATE-----