Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/JCOCR54I-E-R5Qm7B0J_mqQWaPU.roa
File:                     JCOCR54I-E-R5Qm7B0J_mqQWaPU.roa (raw, json)
Hash identifier:          3dNLonbDzUPX4D9fezzq2RwDElzl3oVWoK7rU8LI2Vw=
Subject key identifier:   24:23:82:47:9E:08:F8:4F:91:E5:09:BB:07:42:7F:9A:A4:16:68:F5
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7FA999E51C62B1E4A6B7897CA766F922
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/JCOCR54I-E-R5Qm7B0J_mqQWaPU.roa
Signing time:             Wed 27 Mar 2024 11:26:45 +0000
ROA not before:           Wed 27 Mar 2024 11:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43639
IP address blocks:        2.16.55.0/24 maxlen: 24
                          2a02:26f0:80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:a9:99:e5:1c:62:b1:e4:a6:b7:89:7c:a7:66:f9:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=242382479e08f84f91e509bb07427f9aa41668f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cb:e4:ea:55:ed:bd:30:ac:42:79:70:60:15:
                    bc:af:53:22:b2:cc:f4:6d:1d:40:a0:56:29:32:dd:
                    3c:c0:83:37:f5:f9:37:4d:37:c7:3c:1b:69:2c:a4:
                    88:e9:47:ac:f4:c1:13:6d:1e:d9:ca:a4:6f:81:51:
                    c2:ef:b9:a4:22:9e:dd:bb:3d:aa:e2:06:10:94:61:
                    c2:fd:f5:32:12:5c:54:db:4e:e2:8e:81:46:ad:fd:
                    1c:72:73:7e:93:4b:fb:83:be:f1:13:ff:ba:fe:5b:
                    70:8c:f3:85:02:76:61:2e:be:fa:35:84:40:e1:5e:
                    b8:3d:f4:c0:d5:c5:f3:c3:bc:19:08:b0:86:17:d4:
                    3b:09:3e:e7:63:9b:00:1d:fc:64:25:c1:0d:b6:0e:
                    07:d9:d5:02:63:9a:bd:42:7b:16:a2:80:ae:f9:84:
                    ea:7e:3b:da:e0:ef:30:d3:96:d9:c6:dd:39:13:f4:
                    d9:a9:5e:ee:4f:3e:a1:0c:74:b0:4a:78:99:a1:ad:
                    0e:3c:76:9a:fc:e9:ec:23:05:c0:7a:fc:57:1e:03:
                    0e:72:7f:52:07:78:da:37:bd:9c:be:b3:44:94:d5:
                    0a:1d:d4:af:f1:e3:e7:60:b4:81:26:6b:df:33:92:
                    0d:48:94:12:03:31:b2:bd:52:48:d9:e5:6a:8f:cc:
                    9b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:23:82:47:9E:08:F8:4F:91:E5:09:BB:07:42:7F:9A:A4:16:68:F5
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/JCOCR54I-E-R5Qm7B0J_mqQWaPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.16.55.0/24
                IPv6:
                  2a02:26f0:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:10:fb:65:d6:55:c6:f1:ca:05:c1:86:5a:0f:5e:b2:1d:df:
         98:2a:41:5a:43:78:ae:48:7e:9f:f1:78:4e:65:74:90:87:48:
         70:a8:85:42:4b:5f:f5:57:a5:5f:40:16:a1:1e:c5:8a:a4:5b:
         3f:fe:9b:cd:62:e1:04:45:db:59:e3:be:00:78:ea:c3:0e:0d:
         27:15:3d:05:0c:cb:1c:67:f5:6a:01:f1:e5:5d:34:35:df:4d:
         81:3d:37:be:8c:07:31:a0:27:fd:f4:d2:c9:10:55:34:63:f1:
         1f:f6:a4:51:52:96:7b:45:b0:62:a8:33:e6:3d:2b:c7:0e:d9:
         05:19:db:58:ad:dd:e1:e7:89:cc:19:54:ec:30:45:8a:2f:6b:
         ba:c0:6a:6a:15:f9:d0:85:24:5f:4d:92:f4:e9:d2:e0:46:ac:
         4e:e8:ea:14:d4:78:d0:c1:16:5b:99:76:e0:2e:ff:d7:41:a0:
         ab:b7:f4:64:e7:27:ad:b3:52:af:83:32:87:92:88:aa:9f:db:
         d7:13:81:a3:a5:72:06:6e:01:22:dc:f6:df:84:76:a9:1d:d7:
         16:56:eb:91:fc:50:de:b4:51:e6:92:4a:72:bc:40:c8:d0:ed:
         f4:de:f2:7a:e2:0a:ca:30:f2:71:cc:c4:67:99:ff:46:54:40:
         10:59:fc:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY5/qZnlHGKx5Ka3iXynZvkiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDIzODI0NzllMDhmODRmOTFlNTA5YmIwNzQyN2Y5YWE0MTY2OGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcvk6lXtvTCsQnlwYBW8r1Missz0
bR1AoFYpMt08wIM39fk3TTfHPBtpLKSI6Ues9METbR7ZyqRvgVHC77mkIp7duz2q
4gYQlGHC/fUyElxU207ijoFGrf0ccnN+k0v7g77xE/+6/ltwjPOFAnZhLr76NYRA
4V64PfTA1cXzw7wZCLCGF9Q7CT7nY5sAHfxkJcENtg4H2dUCY5q9QnsWooCu+YTq
fjva4O8w05bZxt05E/TZqV7uTz6hDHSwSniZoa0OPHaa/OnsIwXAevxXHgMOcn9S
B3jaN72cvrNElNUKHdSv8ePnYLSBJmvfM5INSJQSAzGyvVJI2eVqj8ybuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCQjgkeeCPhPkeUJuwdCf5qkFmj1MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvSkNPQ1I1NEktRS1SNVFtN0IwSl9tcVFXYVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAAhA3MA8E
AgACMAkDBwAqAibwAIAwDQYJKoZIhvcNAQELBQADggEBAIkQ+2XWVcbxygXBhloP
XrId35gqQVpDeK5Ifp/xeE5ldJCHSHCohUJLX/VXpV9AFqEexYqkWz/+m81i4QRF
21njvgB46sMODScVPQUMyxxn9WoB8eVdNDXfTYE9N76MBzGgJ/300skQVTRj8R/2
pFFSlntFsGKoM+Y9K8cO2QUZ21it3eHnicwZVOwwRYova7rAamoV+dCFJF9NkvTp
0uBGrE7o6hTUeNDBFluZduAu/9dBoKu39GTnJ62zUq+DMoeSiKqf29cTgaOlcgZu
ASLc9t+Edqkd1xZW65H8UN60UeaSSnK8QMjQ7fTe8nriCsow8nHMxGeZ/0ZUQBBZ
/GA=
-----END CERTIFICATE-----