Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/J-fqCeGc5_fkHyjlAODkRI8rHwY.roa
File:                     J-fqCeGc5_fkHyjlAODkRI8rHwY.roa (raw, json)
Hash identifier:          rndO/LOCUxm3/ZAlUG2sr+p0II3zkKPBhwJZ9tA0goY=
Subject key identifier:   27:E7:EA:09:E1:9C:E7:F7:E4:1F:28:E5:00:E0:E4:44:8F:2B:1F:06
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018FAB5D7FF66A8CB0638CC54CB15619C093
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/J-fqCeGc5_fkHyjlAODkRI8rHwY.roa
Signing time:             Fri 24 May 2024 16:09:42 +0000
ROA not before:           Fri 24 May 2024 16:09:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39303
IP address blocks:        193.135.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ab:5d:7f:f6:6a:8c:b0:63:8c:c5:4c:b1:56:19:c0:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: May 24 16:09:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27e7ea09e19ce7f7e41f28e500e0e4448f2b1f06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2e:0f:a5:88:65:17:2d:36:7a:43:8e:c4:42:
                    a4:b1:b0:94:64:e0:f1:b1:eb:63:9f:df:2c:b6:3c:
                    6b:30:ba:dd:95:a7:79:e0:1a:db:65:5b:9b:0b:58:
                    50:03:88:9c:7e:84:66:7d:11:9d:04:4d:f9:26:54:
                    8a:01:19:7e:6d:dd:6a:8e:28:af:7c:b0:cd:3a:04:
                    56:6b:45:33:8d:94:f3:d9:2e:38:63:02:c0:e4:c0:
                    4e:02:da:33:ce:f7:be:2b:5c:d7:71:77:ec:27:ca:
                    0c:e3:82:b2:1e:ab:6c:ad:e2:ab:26:d7:0d:13:e2:
                    9b:79:bf:2c:95:ee:bb:66:e7:50:33:46:74:7d:7a:
                    71:c6:02:6e:88:be:55:8e:df:ec:2b:d5:f0:c3:cf:
                    2d:94:5e:38:cb:18:01:b1:e8:21:98:f8:8c:d1:36:
                    39:85:86:c5:14:d0:2e:d7:20:71:55:2a:47:ac:dc:
                    a4:db:0a:39:10:b7:8d:15:23:be:cf:93:1c:64:de:
                    86:c6:30:ba:c2:82:61:f6:22:a9:e3:4a:ff:e7:f7:
                    c3:cf:9c:bb:5d:01:b7:a9:a3:40:ed:5d:92:f6:31:
                    58:88:51:8a:b3:a6:4e:18:7b:ba:17:4a:25:a3:0e:
                    d2:d8:3a:8f:43:8a:d3:cc:57:10:cf:63:2d:6e:55:
                    d1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E7:EA:09:E1:9C:E7:F7:E4:1F:28:E5:00:E0:E4:44:8F:2B:1F:06
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/J-fqCeGc5_fkHyjlAODkRI8rHwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:45:fd:d3:35:f0:b7:65:54:15:b9:f9:bd:7e:0f:9a:63:2d:
         32:ae:c3:7f:96:96:fb:27:90:41:b1:2b:ca:2e:c5:4b:25:d5:
         f7:c4:1d:85:45:cb:52:8f:3c:eb:e0:33:30:35:11:25:9c:1f:
         27:34:36:de:00:de:1d:14:8f:57:69:74:97:4f:2c:e0:71:3f:
         22:cc:ff:cf:c0:32:a2:7e:31:0b:80:8f:1e:e0:da:d2:8a:b7:
         f2:b9:ea:08:d8:9a:7f:2b:61:6c:8e:1e:26:bc:a0:45:ca:14:
         48:de:9b:a8:ce:e6:33:c1:c8:b8:91:34:c2:4f:14:47:c0:f2:
         60:5b:3a:ec:d7:9f:17:d5:e3:24:d9:62:d1:2d:03:b1:1f:74:
         0f:2c:14:0a:03:d5:e7:cc:91:7f:9a:5b:56:89:99:89:33:35:
         01:f8:45:3f:d0:09:23:0e:25:ce:ec:cc:05:67:e5:d2:5b:6e:
         ee:45:b0:dd:ab:9a:72:b8:bf:80:c3:0b:37:79:d1:10:68:2e:
         69:33:c4:bf:35:50:f3:2e:b8:0c:7f:ee:69:09:d1:21:50:a9:
         0e:63:f9:14:95:43:2f:2f:0c:12:a4:e8:1b:c4:68:14:23:68:
         87:df:5c:d4:be:44:90:32:80:6f:f2:d1:9c:f3:25:47:67:16:
         d9:35:5d:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+rXX/2aoywY4zFTLFWGcCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNTI0MTYwOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2U3ZWEwOWUxOWNlN2Y3ZTQxZjI4ZTUwMGUwZTQ0NDhmMmIxZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6C4PpYhlFy02ekOOxEKksbCUZODx
setjn98stjxrMLrdlad54BrbZVubC1hQA4icfoRmfRGdBE35JlSKARl+bd1qjiiv
fLDNOgRWa0UzjZTz2S44YwLA5MBOAtozzve+K1zXcXfsJ8oM44KyHqtsreKrJtcN
E+Kbeb8sle67ZudQM0Z0fXpxxgJuiL5Vjt/sK9Xww88tlF44yxgBseghmPiM0TY5
hYbFFNAu1yBxVSpHrNyk2wo5ELeNFSO+z5McZN6GxjC6woJh9iKp40r/5/fDz5y7
XQG3qaNA7V2S9jFYiFGKs6ZOGHu6F0olow7S2DqPQ4rTzFcQz2MtblXR2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfn6gnhnOf35B8o5QDg5ESPKx8GMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvSi1mcUNlR2M1X2ZrSHlqbEFPRGtSSThySHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYeHMA0G
CSqGSIb3DQEBCwUAA4IBAQBsRf3TNfC3ZVQVufm9fg+aYy0yrsN/lpb7J5BBsSvK
LsVLJdX3xB2FRctSjzzr4DMwNRElnB8nNDbeAN4dFI9XaXSXTyzgcT8izP/PwDKi
fjELgI8e4NrSirfyueoI2Jp/K2Fsjh4mvKBFyhRI3puozuYzwci4kTTCTxRHwPJg
Wzrs158X1eMk2WLRLQOxH3QPLBQKA9XnzJF/mltWiZmJMzUB+EU/0AkjDiXO7MwF
Z+XSW27uRbDdq5pyuL+Awws3edEQaC5pM8S/NVDzLrgMf+5pCdEhUKkOY/kUlUMv
LwwSpOgbxGgUI2iH31zUvkSQMoBv8tGc8yVHZxbZNV22
-----END CERTIFICATE-----