Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/JYGoUM22IwbvNZ46WJAN2YLnmkU.roa
File:                     JYGoUM22IwbvNZ46WJAN2YLnmkU.roa (raw, json)
Hash identifier:          hUEg8zHcPQpXFVDOAymbGm1TKTdTyeo8kcuc9NRSzTY=
Subject key identifier:   25:81:A8:50:CD:B6:23:06:EF:35:9E:3A:58:90:0D:D9:82:E7:9A:45
Certificate issuer:       /CN=68942e3ecb5eea792a76fadacbec01a8568e97f4
Certificate serial:       018CC5013774CD424F9CEFF6F44E35E02817
Authority key identifier: 68:94:2E:3E:CB:5E:EA:79:2A:76:FA:DA:CB:EC:01:A8:56:8E:97:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJQuPste6nkqdvray-wBqFaOl_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/JYGoUM22IwbvNZ46WJAN2YLnmkU.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48498
IP address blocks:        91.211.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/aJQuPste6nkqdvray-wBqFaOl_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/aJQuPste6nkqdvray-wBqFaOl_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJQuPste6nkqdvray-wBqFaOl_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:37:74:cd:42:4f:9c:ef:f6:f4:4e:35:e0:28:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68942e3ecb5eea792a76fadacbec01a8568e97f4
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2581a850cdb62306ef359e3a58900dd982e79a45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ba:84:60:2f:2b:80:af:85:58:26:6b:ec:8a:
                    9e:6d:bc:94:ca:8a:89:9a:2c:7c:0e:e0:17:8f:65:
                    f3:1c:4a:fc:47:34:45:18:27:26:ee:8e:78:30:4c:
                    f8:3a:ff:f2:ab:ff:30:6c:ab:aa:5f:7c:a0:2d:a5:
                    d2:70:f9:47:23:bd:78:5d:95:8f:16:a3:e9:5f:0d:
                    f1:c4:00:53:52:2f:e9:60:89:5b:1d:f4:79:e3:20:
                    b2:17:9f:db:ca:87:9e:f0:68:14:1f:23:15:19:e4:
                    3f:ce:2a:b4:17:e0:2b:f9:14:4b:b5:97:99:33:84:
                    f0:27:bc:3f:95:10:65:90:ad:51:16:ba:f4:76:c9:
                    4b:6b:bf:00:6b:0c:63:25:29:c8:4a:23:80:f0:5b:
                    56:bd:a5:87:fe:06:a9:a9:2e:26:5e:04:fd:ff:62:
                    11:ae:95:5b:fc:81:bf:71:46:49:32:e4:7e:fe:75:
                    4e:2e:b7:36:dd:dd:7e:63:63:63:f4:f1:c9:f1:36:
                    e0:9e:75:d7:7b:07:01:e8:87:1f:68:b8:78:8c:f6:
                    f2:4d:b6:b2:67:27:6b:2b:4d:42:99:1f:a3:37:e9:
                    1a:08:8e:1b:da:e5:52:d8:1d:3f:52:2c:11:e5:66:
                    e9:8e:7e:3f:7e:0c:2d:76:49:6b:8a:39:5d:f9:d4:
                    37:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:81:A8:50:CD:B6:23:06:EF:35:9E:3A:58:90:0D:D9:82:E7:9A:45
            X509v3 Authority Key Identifier:
                keyid:68:94:2E:3E:CB:5E:EA:79:2A:76:FA:DA:CB:EC:01:A8:56:8E:97:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJQuPste6nkqdvray-wBqFaOl_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/JYGoUM22IwbvNZ46WJAN2YLnmkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/aJQuPste6nkqdvray-wBqFaOl_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:15:08:24:61:a7:a8:df:04:07:0f:85:dc:d0:ad:a9:75:c7:
         2a:ea:78:21:97:82:d8:3f:44:4d:96:7e:c0:3f:75:11:84:ec:
         60:1c:b8:ec:1e:20:fb:76:1c:ef:de:0e:e8:92:72:4e:57:24:
         4f:20:29:2e:31:9a:5f:b3:16:96:ab:da:9b:7a:21:bd:31:91:
         c3:85:26:25:da:5b:ba:80:30:33:95:b3:22:66:4a:69:4a:d6:
         2a:b5:47:78:8f:4b:30:59:bc:d1:24:15:7f:d1:12:45:a5:cf:
         9f:40:d8:18:ef:5f:80:b4:d7:50:8c:73:13:8f:d7:01:34:21:
         06:a9:a0:c7:cb:fa:12:c1:e3:ad:93:e6:ec:25:54:de:19:38:
         12:37:47:d5:86:f3:77:8f:81:22:6f:d3:a3:ab:10:9a:d9:5e:
         d6:4f:da:6f:3a:8f:73:f6:21:0c:13:30:02:a8:1b:b1:9b:1b:
         e5:06:41:b4:02:c5:70:3d:e8:84:b7:68:63:0b:2c:ca:35:fe:
         03:6d:af:af:b4:8f:72:2a:d8:da:c3:e5:26:99:b1:08:ea:cd:
         c3:8a:6e:35:91:9c:bd:f7:ae:97:ee:c7:12:31:c8:a1:97:c4:
         3d:a2:51:63:52:4e:c4:3a:f1:e6:c3:50:ba:ba:94:cf:71:94:
         46:b4:6f:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATd0zUJPnO/29E414CgXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTQyZTNlY2I1ZWVhNzkyYTc2ZmFkYWNiZWMwMWE4NTY4
ZTk3ZjQwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTgxYTg1MGNkYjYyMzA2ZWYzNTllM2E1ODkwMGRkOTgyZTc5YTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrqEYC8rgK+FWCZr7IqebbyUyoqJ
mix8DuAXj2XzHEr8RzRFGCcm7o54MEz4Ov/yq/8wbKuqX3ygLaXScPlHI714XZWP
FqPpXw3xxABTUi/pYIlbHfR54yCyF5/byoee8GgUHyMVGeQ/ziq0F+Ar+RRLtZeZ
M4TwJ7w/lRBlkK1RFrr0dslLa78AawxjJSnISiOA8FtWvaWH/gapqS4mXgT9/2IR
rpVb/IG/cUZJMuR+/nVOLrc23d1+Y2Nj9PHJ8TbgnnXXewcB6IcfaLh4jPbyTbay
ZydrK01CmR+jN+kaCI4b2uVS2B0/UiwR5Wbpjn4/fgwtdklrijld+dQ39wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWBqFDNtiMG7zWeOliQDdmC55pFMB8GA1UdIwQY
MBaAFGiULj7LXup5Knb62svsAahWjpf0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpRdVBzdGU2bmtxZHZyYXktd0JxRmFPbF9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9iZWIzYTgtNGI3Mi00OGVjLThlMDQt
MDNjY2UzOTY5ZjljLzEvSllHb1VNMjJJd2J2Tlo0NldKQU4yWUxubWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9iZWIzYTgtNGI3Mi00OGVjLThlMDQtMDNjY2UzOTY5Zjlj
LzEvYUpRdVBzdGU2bmtxZHZyYXktd0JxRmFPbF9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9MkMA0G
CSqGSIb3DQEBCwUAA4IBAQBXFQgkYaeo3wQHD4Xc0K2pdccq6nghl4LYP0RNln7A
P3URhOxgHLjsHiD7dhzv3g7oknJOVyRPICkuMZpfsxaWq9qbeiG9MZHDhSYl2lu6
gDAzlbMiZkppStYqtUd4j0swWbzRJBV/0RJFpc+fQNgY71+AtNdQjHMTj9cBNCEG
qaDHy/oSweOtk+bsJVTeGTgSN0fVhvN3j4Eib9OjqxCa2V7WT9pvOo9z9iEMEzAC
qBuxmxvlBkG0AsVwPeiEt2hjCyzKNf4Dba+vtI9yKtjaw+UmmbEI6s3Dim41kZy9
966X7scSMcihl8Q9olFjUk7EOvHmw1C6upTPcZRGtG8f
-----END CERTIFICATE-----