Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/jssfomqd_WNQ7FQOqFOxOgn4YzA.roa
File:                     jssfomqd_WNQ7FQOqFOxOgn4YzA.roa (raw, json)
Hash identifier:          MBS98EU0iVqJKY5a3AlpvQt6vIni5s2RsxhIDgOoUwg=
Subject key identifier:   8E:CB:1F:A2:6A:9D:FD:63:50:EC:54:0E:A8:53:B1:3A:09:F8:63:30
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC79422AF6EB51A49F912D51F5A0D6CC6
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/jssfomqd_WNQ7FQOqFOxOgn4YzA.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206424
IP address blocks:        46.8.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:22:af:6e:b5:1a:49:f9:12:d5:1f:5a:0d:6c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ecb1fa26a9dfd6350ec540ea853b13a09f86330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ad:80:c1:43:0f:6d:e4:f1:73:40:1a:98:f1:
                    fe:09:89:18:7d:f7:6f:d6:83:ac:00:a1:37:f5:0a:
                    09:26:43:6a:13:4c:71:3f:ee:4d:2d:08:a1:f0:32:
                    5e:1e:a7:c4:9a:2d:05:97:d3:c6:c6:a2:97:61:27:
                    7b:73:ba:9e:89:5a:81:79:2c:b4:f2:83:5c:40:be:
                    21:32:bc:86:cf:30:e8:00:ce:a3:eb:22:40:cd:91:
                    95:6e:0a:a3:2c:c5:e7:1d:e8:19:ec:1c:54:72:d7:
                    63:60:4b:33:8f:4a:ab:9e:88:6a:b4:80:ac:f2:0b:
                    f6:bc:b7:1b:20:1e:5c:80:1a:5a:d6:78:df:db:9e:
                    bd:e4:cd:63:a4:22:a7:bb:43:04:1b:d2:87:7b:a5:
                    93:0a:54:e3:a8:6e:dd:c3:98:65:f4:92:af:3e:bc:
                    68:e7:dc:bb:9d:3a:3f:e6:14:fb:ed:e5:66:89:c1:
                    4f:ee:f9:f9:12:cd:00:a2:1a:89:a5:7b:37:28:f4:
                    b5:00:55:df:7f:91:3a:ec:29:b6:22:04:81:54:cd:
                    48:1f:bf:0a:38:68:b6:af:50:9b:84:b4:ea:3b:51:
                    1b:31:e7:00:ab:fb:eb:9d:7e:97:46:92:a6:8d:8a:
                    b1:71:87:bb:96:b7:1b:21:22:ec:2b:ff:64:2e:9a:
                    f6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:CB:1F:A2:6A:9D:FD:63:50:EC:54:0E:A8:53:B1:3A:09:F8:63:30
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/jssfomqd_WNQ7FQOqFOxOgn4YzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:d1:30:a5:e6:2d:0d:2a:ad:bc:48:d4:c0:dd:cc:84:b0:c7:
         2f:b0:7b:9f:e1:8c:ec:7a:c4:a3:df:05:b5:7b:6f:bb:41:15:
         48:47:50:09:b5:2e:b6:c2:ce:92:6b:32:15:04:50:ca:f2:8c:
         9c:06:07:98:40:7b:3b:e0:41:f5:4a:56:49:05:46:50:04:80:
         b9:d5:aa:3e:0f:bb:a3:bb:74:54:38:41:fa:4c:63:3f:17:52:
         39:ec:c1:49:a5:b4:cd:19:c4:03:4a:35:75:be:0b:3a:bc:0e:
         34:38:4c:ee:69:71:75:ec:6b:64:21:28:19:8f:54:a6:cf:a5:
         bd:05:f4:52:10:3f:7a:ab:de:f3:a1:99:bc:42:19:15:b4:83:
         66:e7:c9:30:18:38:3a:28:51:c9:82:04:26:77:bd:2e:e0:e6:
         09:e2:d0:1f:ce:16:d3:d7:9b:7f:e9:ad:2d:2d:7e:99:f3:44:
         fa:75:25:54:c4:19:db:20:d2:f6:8e:8c:fc:02:e3:49:a4:5a:
         1a:a6:46:78:d6:23:e5:3b:9f:c5:36:a3:bb:a2:a7:31:0d:0b:
         67:67:f7:9f:f5:0f:9e:cb:e8:61:8d:7f:e3:57:df:a9:64:74:
         c7:ee:04:f4:2d:d6:9c:cc:c5:e6:ff:a0:bc:04:2a:20:a3:7d:
         5d:6b:a8:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCKvbrUaSfkS1R9aDWzGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWNiMWZhMjZhOWRmZDYzNTBlYzU0MGVhODUzYjEzYTA5Zjg2MzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAra2AwUMPbeTxc0AamPH+CYkYffdv
1oOsAKE39QoJJkNqE0xxP+5NLQih8DJeHqfEmi0Fl9PGxqKXYSd7c7qeiVqBeSy0
8oNcQL4hMryGzzDoAM6j6yJAzZGVbgqjLMXnHegZ7BxUctdjYEszj0qrnohqtICs
8gv2vLcbIB5cgBpa1njf25695M1jpCKnu0MEG9KHe6WTClTjqG7dw5hl9JKvPrxo
59y7nTo/5hT77eVmicFP7vn5Es0AohqJpXs3KPS1AFXff5E67Cm2IgSBVM1IH78K
OGi2r1CbhLTqO1EbMecAq/vrnX6XRpKmjYqxcYe7lrcbISLsK/9kLpr2JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7LH6Jqnf1jUOxUDqhTsToJ+GMwMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvanNzZm9tcWRfV05RN0ZRT3FGT3hPZ240WXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALggbMA0G
CSqGSIb3DQEBCwUAA4IBAQC20TCl5i0NKq28SNTA3cyEsMcvsHuf4YzsesSj3wW1
e2+7QRVIR1AJtS62ws6SazIVBFDK8oycBgeYQHs74EH1SlZJBUZQBIC51ao+D7uj
u3RUOEH6TGM/F1I57MFJpbTNGcQDSjV1vgs6vA40OEzuaXF17GtkISgZj1Smz6W9
BfRSED96q97zoZm8QhkVtINm58kwGDg6KFHJggQmd70u4OYJ4tAfzhbT15t/6a0t
LX6Z80T6dSVUxBnbINL2joz8AuNJpFoapkZ41iPlO5/FNqO7oqcxDQtnZ/ef9Q+e
y+hhjX/jV9+pZHTH7gT0LdaczMXm/6C8BCogo31da6jA
-----END CERTIFICATE-----