Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/JdlPsEncK64ZjPn6W4tGORr10zU.roa
File:                     JdlPsEncK64ZjPn6W4tGORr10zU.roa (raw, json)
Hash identifier:          lO0cOUZrFXpbv8LiVi9xOkGRJyB6K0cP/z7foz4/e4s=
Subject key identifier:   25:D9:4F:B0:49:DC:2B:AE:19:8C:F9:FA:5B:8B:46:39:1A:F5:D3:35
Certificate issuer:       /CN=474a88bc6e9e10bbaf150f019bbf8a615a2b03c2
Certificate serial:       018CC348A6EE1726CEC40D91DDEC71CD5A16
Authority key identifier: 47:4A:88:BC:6E:9E:10:BB:AF:15:0F:01:9B:BF:8A:61:5A:2B:03:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R0qIvG6eELuvFQ8Bm7-KYVorA8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/JdlPsEncK64ZjPn6W4tGORr10zU.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44305
IP address blocks:        217.61.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/R0qIvG6eELuvFQ8Bm7-KYVorA8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/R0qIvG6eELuvFQ8Bm7-KYVorA8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R0qIvG6eELuvFQ8Bm7-KYVorA8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a6:ee:17:26:ce:c4:0d:91:dd:ec:71:cd:5a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=474a88bc6e9e10bbaf150f019bbf8a615a2b03c2
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25d94fb049dc2bae198cf9fa5b8b46391af5d335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:77:e3:31:1f:bb:5f:0c:b4:7c:5c:be:10:18:
                    a3:2f:7d:b8:98:46:bd:88:05:af:8d:6a:ef:ef:b3:
                    9b:dd:db:ee:0b:83:0e:49:75:b9:a5:23:27:80:97:
                    04:28:df:e5:20:54:be:d4:cc:b1:50:38:1a:c2:83:
                    5d:3c:f0:e3:66:04:61:f4:3d:d3:98:ca:b3:cd:65:
                    f5:50:13:cf:62:98:8e:15:05:91:a8:cb:39:ea:b8:
                    cc:0b:89:6e:2a:7a:93:8c:ef:03:7c:e9:54:2d:07:
                    db:1e:11:6c:61:64:22:95:16:41:da:63:8f:39:3d:
                    0d:6b:33:b9:1b:50:36:17:17:c1:a6:f6:21:e1:fc:
                    d2:65:fb:3f:67:1d:10:64:1c:b6:d1:93:c6:42:06:
                    82:a1:34:f3:9f:17:d6:74:9c:be:cd:29:cb:9d:de:
                    85:8e:f0:00:75:e4:77:57:d2:70:e3:a5:89:82:f6:
                    19:c1:72:37:61:61:a2:16:00:62:f2:8d:11:1f:91:
                    02:dd:2c:4f:63:d7:b9:55:84:e4:d0:b7:57:b0:52:
                    d9:ee:84:0d:6a:c5:09:79:10:33:fb:f4:2f:27:ea:
                    39:2c:1c:92:e4:d1:0e:3f:90:af:e1:aa:2a:6e:f6:
                    f9:53:62:8c:60:e7:f4:82:ba:26:d4:57:d8:4d:79:
                    79:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:D9:4F:B0:49:DC:2B:AE:19:8C:F9:FA:5B:8B:46:39:1A:F5:D3:35
            X509v3 Authority Key Identifier:
                keyid:47:4A:88:BC:6E:9E:10:BB:AF:15:0F:01:9B:BF:8A:61:5A:2B:03:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R0qIvG6eELuvFQ8Bm7-KYVorA8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/JdlPsEncK64ZjPn6W4tGORr10zU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/R0qIvG6eELuvFQ8Bm7-KYVorA8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:d8:37:20:fa:12:4b:6b:8b:ad:43:9e:5a:75:40:a1:4b:e9:
         43:26:81:7d:31:12:67:36:a7:a3:d6:8b:21:00:1b:2c:a2:11:
         c0:00:63:2c:fe:9e:d9:35:cf:8d:cd:b0:08:45:aa:96:2c:28:
         dc:10:c6:ee:e4:5a:56:9a:c9:48:1c:a1:7f:39:66:06:c2:b2:
         ed:bf:33:28:76:b8:fd:85:65:31:4a:a8:f3:e7:66:50:28:14:
         90:ab:de:86:82:64:d8:b9:2d:9a:60:a6:7f:79:45:85:4e:7c:
         c2:fc:68:f6:0e:95:e4:0e:bd:da:ae:59:10:b9:fd:bb:66:6c:
         75:0d:bc:0e:9d:af:c2:f6:60:89:c8:59:63:ba:d0:6e:8c:d6:
         11:68:36:2e:e4:10:53:2b:28:7a:3b:56:3f:d6:25:d4:9d:a9:
         47:c0:a8:2e:ba:1d:0e:95:03:02:8a:bf:97:40:b6:ce:7d:83:
         60:bb:f2:dd:c2:8c:03:33:2b:f4:9e:f1:82:d5:60:cb:5d:1b:
         01:1d:fb:6e:dc:18:3d:07:2e:dd:e5:fa:fb:55:96:57:c9:9b:
         ae:87:6b:61:0a:b2:f2:ef:7f:d1:d8:6b:bf:83:e9:d6:e2:e8:
         e1:02:3f:23:a2:12:f6:8a:dc:05:7c:85:f2:f1:b0:a3:2a:62:
         f0:57:a6:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKbuFybOxA2R3exxzVoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NGE4OGJjNmU5ZTEwYmJhZjE1MGYwMTliYmY4YTYxNWEy
YjAzYzIwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWQ5NGZiMDQ5ZGMyYmFlMTk4Y2Y5ZmE1YjhiNDYzOTFhZjVkMzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHfjMR+7Xwy0fFy+EBijL324mEa9
iAWvjWrv77Ob3dvuC4MOSXW5pSMngJcEKN/lIFS+1MyxUDgawoNdPPDjZgRh9D3T
mMqzzWX1UBPPYpiOFQWRqMs56rjMC4luKnqTjO8DfOlULQfbHhFsYWQilRZB2mOP
OT0NazO5G1A2FxfBpvYh4fzSZfs/Zx0QZBy20ZPGQgaCoTTznxfWdJy+zSnLnd6F
jvAAdeR3V9Jw46WJgvYZwXI3YWGiFgBi8o0RH5EC3SxPY9e5VYTk0LdXsFLZ7oQN
asUJeRAz+/QvJ+o5LByS5NEOP5Cv4aoqbvb5U2KMYOf0grom1FfYTXl5bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXZT7BJ3CuuGYz5+luLRjka9dM1MB8GA1UdIwQY
MBaAFEdKiLxunhC7rxUPAZu/imFaKwPCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjBxSXZHNmVFTHV2RlE4Qm03LUtZVm9yQThJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9iYWQxYzEtMzY1ZC00MWRlLWFkN2Mt
Y2U4ZmM5M2FkYjIxLzEvSmRsUHNFbmNLNjRaalBuNlc0dEdPUnIxMHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9iYWQxYzEtMzY1ZC00MWRlLWFkN2MtY2U4ZmM5M2FkYjIx
LzEvUjBxSXZHNmVFTHV2RlE4Qm03LUtZVm9yQThJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2T26MA0G
CSqGSIb3DQEBCwUAA4IBAQCG2Dcg+hJLa4utQ55adUChS+lDJoF9MRJnNqej1osh
ABssohHAAGMs/p7ZNc+NzbAIRaqWLCjcEMbu5FpWmslIHKF/OWYGwrLtvzModrj9
hWUxSqjz52ZQKBSQq96GgmTYuS2aYKZ/eUWFTnzC/Gj2DpXkDr3arlkQuf27Zmx1
DbwOna/C9mCJyFljutBujNYRaDYu5BBTKyh6O1Y/1iXUnalHwKguuh0OlQMCir+X
QLbOfYNgu/LdwowDMyv0nvGC1WDLXRsBHftu3Bg9By7d5fr7VZZXyZuuh2thCrLy
73/R2Gu/g+nW4ujhAj8johL2itwFfIXy8bCjKmLwV6b8
-----END CERTIFICATE-----