Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/JMKKlMj2L2cbiavAVDby_H5v49s.roa
File:                     JMKKlMj2L2cbiavAVDby_H5v49s.roa (raw, json)
Hash identifier:          xtsignWJ1FFxJExbBssG9mMTURu12E554fQHnTpIuKE=
Subject key identifier:   24:C2:8A:94:C8:F6:2F:67:1B:89:AB:C0:54:36:F2:FC:7E:6F:E3:DB
Certificate issuer:       /CN=66f983138969f8da674f7b5c0133e0c2d029b4c8
Certificate serial:       018CC424C3406E0A5D04FC27FF0CF064FD1D
Authority key identifier: 66:F9:83:13:89:69:F8:DA:67:4F:7B:5C:01:33:E0:C2:D0:29:B4:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvmDE4lp-NpnT3tcATPgwtAptMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/JMKKlMj2L2cbiavAVDby_H5v49s.roa
Signing time:             Mon 01 Jan 2024 08:29:52 +0000
ROA not before:           Mon 01 Jan 2024 08:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61417
IP address blocks:        185.90.124.0/22 maxlen: 22
                          2a03:87a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/ZvmDE4lp-NpnT3tcATPgwtAptMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/ZvmDE4lp-NpnT3tcATPgwtAptMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvmDE4lp-NpnT3tcATPgwtAptMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c3:40:6e:0a:5d:04:fc:27:ff:0c:f0:64:fd:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f983138969f8da674f7b5c0133e0c2d029b4c8
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24c28a94c8f62f671b89abc05436f2fc7e6fe3db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ab:af:4c:a6:0a:60:4d:ff:32:2e:51:93:6b:
                    16:f8:07:33:b0:a4:76:52:6f:1e:cc:ea:87:37:a5:
                    76:cc:c9:51:c6:6a:67:2b:8d:ba:2f:97:e2:a1:f9:
                    4c:d9:23:b5:47:00:5c:6c:c3:4d:c1:7b:81:7f:8e:
                    8e:4c:08:3b:f8:2e:1c:1f:1f:40:19:44:a5:cf:a6:
                    08:95:be:a4:54:f2:0f:6e:83:dc:ac:20:13:5c:01:
                    45:23:8d:36:c9:48:ef:f7:75:e0:ea:e2:97:05:86:
                    a2:ca:d0:c5:67:2b:a3:10:18:a0:4a:0f:5f:90:8b:
                    d0:49:97:96:6c:79:61:64:9e:0e:af:7b:5d:1d:34:
                    24:93:bd:7a:2f:af:99:74:b6:82:83:44:f1:c6:c0:
                    f2:cc:bb:23:73:98:e6:84:68:3c:fb:c9:b2:80:2f:
                    75:de:54:fe:d6:fa:37:b2:61:d4:8f:fe:40:37:0d:
                    b8:7a:d0:19:16:c5:d6:b1:d2:b9:7b:84:9f:4a:91:
                    c3:13:e0:f5:43:c5:22:b4:72:14:df:f4:8b:74:9f:
                    5a:6f:ac:4c:ec:c7:67:2c:3d:ce:f0:22:ad:b3:08:
                    3f:46:c6:c6:96:5a:2e:f4:91:20:60:57:70:3e:13:
                    f7:c7:f9:b9:47:05:f6:ab:b2:ff:48:7c:62:a9:c6:
                    00:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C2:8A:94:C8:F6:2F:67:1B:89:AB:C0:54:36:F2:FC:7E:6F:E3:DB
            X509v3 Authority Key Identifier:
                keyid:66:F9:83:13:89:69:F8:DA:67:4F:7B:5C:01:33:E0:C2:D0:29:B4:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvmDE4lp-NpnT3tcATPgwtAptMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/JMKKlMj2L2cbiavAVDby_H5v49s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/ZvmDE4lp-NpnT3tcATPgwtAptMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.124.0/22
                IPv6:
                  2a03:87a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:50:e7:e5:12:d7:72:46:73:28:e6:e4:a1:f7:95:a2:4a:a1:
         96:82:de:be:70:c1:5b:54:38:39:1b:87:8a:38:c3:bb:ca:98:
         8d:8e:da:b0:f7:47:43:c1:14:93:23:55:05:0c:4c:40:b1:11:
         76:e3:9e:6c:55:16:51:06:2e:d4:93:a4:00:d2:fb:4b:14:20:
         15:e6:d0:6a:3c:44:af:a6:2e:94:a4:e5:96:e0:75:18:ce:da:
         f8:aa:fe:19:b5:46:42:3a:da:97:ec:5d:97:b7:90:e2:98:aa:
         93:cb:77:23:55:f9:8a:57:1d:62:26:f6:5f:ec:8b:8b:1d:66:
         48:51:4b:04:72:c5:c8:e2:45:a7:b8:59:41:5c:c7:83:6d:1b:
         bd:1d:8c:5a:85:d3:72:88:00:c9:a6:24:59:ad:ac:dd:d9:29:
         5f:fa:60:37:c9:90:24:2e:f0:e2:7e:c5:df:10:ac:5b:f6:90:
         5d:f5:fa:2f:00:87:3a:f2:f7:3e:3b:67:d5:fb:f0:c5:15:db:
         54:16:16:b1:19:35:59:2d:04:64:e5:17:d1:73:aa:fb:1e:cd:
         0f:2b:07:62:2f:53:a4:0a:45:1d:b1:34:19:d4:1f:dd:bc:94:
         ac:ff:3b:34:0b:c5:bb:8a:df:25:9b:a4:10:ab:b4:a5:e7:1f:
         3b:82:f4:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJMNAbgpdBPwn/wzwZP0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2Zjk4MzEzODk2OWY4ZGE2NzRmN2I1YzAxMzNlMGMyZDAy
OWI0YzgwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGMyOGE5NGM4ZjYyZjY3MWI4OWFiYzA1NDM2ZjJmYzdlNmZlM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6uvTKYKYE3/Mi5Rk2sW+AczsKR2
Um8ezOqHN6V2zMlRxmpnK426L5fioflM2SO1RwBcbMNNwXuBf46OTAg7+C4cHx9A
GUSlz6YIlb6kVPIPboPcrCATXAFFI402yUjv93Xg6uKXBYaiytDFZyujEBigSg9f
kIvQSZeWbHlhZJ4Or3tdHTQkk716L6+ZdLaCg0TxxsDyzLsjc5jmhGg8+8mygC91
3lT+1vo3smHUj/5ANw24etAZFsXWsdK5e4SfSpHDE+D1Q8UitHIU3/SLdJ9ab6xM
7MdnLD3O8CKtswg/RsbGllou9JEgYFdwPhP3x/m5RwX2q7L/SHxiqcYAyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCTCipTI9i9nG4mrwFQ28vx+b+PbMB8GA1UdIwQY
MBaAFGb5gxOJafjaZ097XAEz4MLQKbTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZtREU0bHAtTnBuVDN0Y0FUUGd3dEFwdE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iODE2OWItOGJmZC00MGZmLWI5YmEt
NDAzMDQzMDQ4MTE4LzEvSk1LS2xNajJMMmNiaWF2QVZEYnlfSDV2NDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iODE2OWItOGJmZC00MGZmLWI5YmEtNDAzMDQzMDQ4MTE4
LzEvWnZtREU0bHAtTnBuVDN0Y0FUUGd3dEFwdE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVp8MA0E
AgACMAcDBQAqA4egMA0GCSqGSIb3DQEBCwUAA4IBAQBkUOflEtdyRnMo5uSh95Wi
SqGWgt6+cMFbVDg5G4eKOMO7ypiNjtqw90dDwRSTI1UFDExAsRF2455sVRZRBi7U
k6QA0vtLFCAV5tBqPESvpi6UpOWW4HUYztr4qv4ZtUZCOtqX7F2Xt5DimKqTy3cj
VfmKVx1iJvZf7IuLHWZIUUsEcsXI4kWnuFlBXMeDbRu9HYxahdNyiADJpiRZrazd
2Slf+mA3yZAkLvDifsXfEKxb9pBd9fovAIc68vc+O2fV+/DFFdtUFhaxGTVZLQRk
5RfRc6r7Hs0PKwdiL1OkCkUdsTQZ1B/dvJSs/zs0C8W7it8lm6QQq7Sl5x87gvSM
-----END CERTIFICATE-----