Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jj0_L5yRtHfgEdASZ9N_lfLqg3I.roa
File:                     jj0_L5yRtHfgEdASZ9N_lfLqg3I.roa (raw, json)
Hash identifier:          +1shz8OVo4tm8lAHrjtcgTZhW2wWOCbNvMQTjPUaMMk=
Subject key identifier:   8E:3D:3F:2F:9C:91:B4:77:E0:11:D0:12:67:D3:7F:95:F2:EA:83:72
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF706397462D13DBE5A1335803B91
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jj0_L5yRtHfgEdASZ9N_lfLqg3I.roa
Signing time:             Tue 02 Jan 2024 04:30:30 +0000
ROA not before:           Tue 02 Jan 2024 04:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205935
IP address blocks:        213.14.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f7:06:39:74:62:d1:3d:be:5a:13:35:80:3b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e3d3f2f9c91b477e011d01267d37f95f2ea8372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:43:4d:4d:ab:e2:41:3a:07:16:13:d1:09:86:
                    dd:db:e0:59:ec:5c:93:80:71:32:39:41:15:90:c9:
                    17:dd:20:96:a9:0d:30:8b:f2:fa:e6:6b:e2:7a:c6:
                    d8:ed:87:bd:32:20:24:e1:57:a9:42:d6:df:c1:12:
                    5a:f3:f3:46:0a:e1:bb:cd:7e:df:bd:43:16:0e:4d:
                    25:7f:64:1a:52:52:09:7a:46:15:99:68:65:cd:b0:
                    4d:63:46:d4:f2:fb:82:a4:a2:81:4b:88:49:cf:74:
                    4e:31:5d:4a:9e:cb:ca:da:62:a9:d3:1c:a9:1e:8f:
                    ee:7a:9c:5d:9a:e3:12:94:71:ce:df:0c:51:f4:f8:
                    e1:c5:4c:f9:d7:96:f0:16:5a:2a:62:78:17:34:5e:
                    31:e7:86:96:b7:d7:5d:f8:9e:b3:9e:5c:14:03:94:
                    11:c6:eb:aa:46:98:09:ce:4e:60:d7:92:96:13:5d:
                    6e:9b:79:39:ad:c8:9b:91:c1:22:63:e2:aa:6e:5c:
                    e5:9c:9d:a0:ab:11:56:0a:47:08:31:99:0e:31:79:
                    ae:c2:f4:5d:3f:7b:25:42:39:5d:de:8d:67:51:59:
                    5a:c8:28:c4:a7:66:d1:cc:60:fc:bc:7e:55:ff:93:
                    a3:13:7c:68:87:2e:d1:80:5a:2d:7a:12:ef:56:27:
                    d2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:3D:3F:2F:9C:91:B4:77:E0:11:D0:12:67:D3:7F:95:F2:EA:83:72
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jj0_L5yRtHfgEdASZ9N_lfLqg3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:67:ef:15:d7:c2:7f:f3:b0:24:0d:f1:a5:a6:0b:db:88:5a:
         56:17:f5:80:6d:f2:ce:9a:6d:25:8d:c2:9e:ee:bf:e4:59:fb:
         6d:9e:31:40:9e:41:91:ee:c6:e7:76:30:f2:9c:b6:ee:79:5c:
         97:5c:87:bf:09:d2:b8:06:10:e0:9a:c1:91:cc:2d:61:6b:da:
         46:42:94:da:04:2e:4b:6c:85:7c:5e:37:25:c1:23:8b:5c:28:
         db:a8:2a:3a:6b:6a:55:71:25:ef:76:da:cb:b3:01:08:e8:1b:
         16:3d:37:c8:f4:93:28:81:b6:43:b4:4e:9d:f8:5e:66:80:92:
         ab:7c:4a:2a:22:d9:1c:39:22:63:c0:a3:a3:e4:8b:4b:91:c9:
         9e:06:f5:af:c1:2c:7b:37:40:0b:37:2f:d8:97:d0:ab:e7:42:
         68:b6:85:a7:6b:5a:0c:cc:a0:aa:1a:ce:dc:e2:e0:f2:55:ae:
         87:99:16:84:49:b0:8f:d6:c4:02:de:9a:67:ac:99:35:ec:dc:
         3e:0d:66:3f:27:c4:c9:96:52:da:e5:12:a0:9f:04:ac:83:0c:
         ff:c6:c7:82:e6:b6:41:45:49:15:16:d7:2c:7f:04:94:d8:db:
         6f:bf:44:a7:ae:76:3c:2a:09:22:25:04:4e:1d:fe:16:12:9b:
         56:3d:b6:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/cGOXRi0T2+WhM1gDuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTNkM2YyZjljOTFiNDc3ZTAxMWQwMTI2N2QzN2Y5NWYyZWE4MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0NNTaviQToHFhPRCYbd2+BZ7FyT
gHEyOUEVkMkX3SCWqQ0wi/L65mviesbY7Ye9MiAk4VepQtbfwRJa8/NGCuG7zX7f
vUMWDk0lf2QaUlIJekYVmWhlzbBNY0bU8vuCpKKBS4hJz3ROMV1KnsvK2mKp0xyp
Ho/uepxdmuMSlHHO3wxR9PjhxUz515bwFloqYngXNF4x54aWt9dd+J6znlwUA5QR
xuuqRpgJzk5g15KWE11um3k5rcibkcEiY+KqblzlnJ2gqxFWCkcIMZkOMXmuwvRd
P3slQjld3o1nUVlayCjEp2bRzGD8vH5V/5OjE3xohy7RgFotehLvVifS7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI49Py+ckbR34BHQEmfTf5Xy6oNyMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvamowX0w1eVJ0SGZnRWRBU1o5Tl9sZkxxZzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q70MA0G
CSqGSIb3DQEBCwUAA4IBAQA/Z+8V18J/87AkDfGlpgvbiFpWF/WAbfLOmm0ljcKe
7r/kWfttnjFAnkGR7sbndjDynLbueVyXXIe/CdK4BhDgmsGRzC1ha9pGQpTaBC5L
bIV8XjclwSOLXCjbqCo6a2pVcSXvdtrLswEI6BsWPTfI9JMogbZDtE6d+F5mgJKr
fEoqItkcOSJjwKOj5ItLkcmeBvWvwSx7N0ALNy/Yl9Cr50JotoWna1oMzKCqGs7c
4uDyVa6HmRaESbCP1sQC3ppnrJk17Nw+DWY/J8TJllLa5RKgnwSsgwz/xseC5rZB
RUkVFtcsfwSU2Ntvv0SnrnY8KgkiJQROHf4WEptWPbYe
-----END CERTIFICATE-----