Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/JmKqTrVrJjssPKmw4hDMJTr72YI.roa
File:                     JmKqTrVrJjssPKmw4hDMJTr72YI.roa (raw, json)
Hash identifier:          HFbXc9r8HILPmA338MuiUlwg47hn6ftCy+NHSVW6mzU=
Subject key identifier:   26:62:AA:4E:B5:6B:26:3B:2C:3C:A9:B0:E2:10:CC:25:3A:FB:D9:82
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018F6DA0F79676D6971B05C7CF3FBE93C24C
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/JmKqTrVrJjssPKmw4hDMJTr72YI.roa
Signing time:             Sun 12 May 2024 16:26:56 +0000
ROA not before:           Sun 12 May 2024 16:26:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140042
IP address blocks:        46.249.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:6d:a0:f7:96:76:d6:97:1b:05:c7:cf:3f:be:93:c2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: May 12 16:26:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2662aa4eb56b263b2c3ca9b0e210cc253afbd982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:21:f4:e5:e6:74:b8:66:dc:8c:01:3a:02:73:
                    34:71:ed:05:2c:27:39:b1:cf:81:ce:56:38:b2:84:
                    86:59:10:19:cf:94:61:0d:cd:35:49:ba:3b:3a:9c:
                    1b:cd:ce:93:a6:3f:d0:65:3a:fc:ac:dd:96:0f:e6:
                    7d:d3:25:b0:77:42:09:4c:44:88:e2:43:b2:3b:07:
                    e1:2d:f7:49:b6:a1:f5:b1:99:56:27:34:30:05:4d:
                    d2:6b:8f:f1:00:a7:97:d3:0e:e4:a1:af:21:66:03:
                    52:46:2e:18:81:50:5d:6e:81:be:9e:a8:ec:42:f0:
                    06:7c:0c:0a:0a:3d:88:73:98:95:47:3d:fc:ea:eb:
                    d6:93:e5:7e:a3:ba:97:8f:f0:52:55:b1:3a:af:ff:
                    a5:9c:b2:6a:7b:42:03:3c:ab:45:72:16:3b:90:fe:
                    5d:7e:0d:bd:13:93:9b:b9:ca:2e:ba:44:f3:0a:99:
                    9c:33:28:93:51:8a:b3:79:ed:aa:42:75:a1:2b:bd:
                    2a:79:79:92:b7:65:8f:8c:8c:f6:74:39:a2:6e:b7:
                    b0:e6:f3:5b:5d:f1:94:d9:08:d2:00:3a:01:73:5b:
                    63:71:de:87:60:d9:28:8a:3b:81:c5:97:31:e9:1e:
                    88:c5:fd:e2:99:ce:33:63:81:f1:6f:71:ad:eb:46:
                    76:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:62:AA:4E:B5:6B:26:3B:2C:3C:A9:B0:E2:10:CC:25:3A:FB:D9:82
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/JmKqTrVrJjssPKmw4hDMJTr72YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:2f:ad:7c:95:d3:08:5d:de:4f:08:73:6c:80:84:29:5f:56:
         35:bd:af:d0:23:b5:d4:6f:7e:25:7b:73:ef:ae:de:44:72:0b:
         26:7c:75:7a:e5:02:79:26:66:f3:4f:95:5b:80:9f:25:ec:2f:
         21:f7:8a:24:60:9e:b8:05:a3:42:5a:4d:0e:85:96:8b:f6:45:
         5e:64:1d:b9:b3:8c:c0:b9:b7:5b:ad:8b:06:d2:51:52:b2:69:
         02:03:1d:e1:d0:68:19:d0:59:68:33:e2:a5:62:c8:6c:b0:23:
         ad:e8:55:a1:59:59:fb:8d:6e:a9:72:81:15:7a:e7:f5:ca:35:
         a8:9a:ca:9c:b3:cb:ec:37:ba:ca:88:47:41:d8:7e:0b:05:97:
         60:9d:f7:21:5f:03:dd:d9:3f:a9:e0:a1:34:43:25:07:18:40:
         a1:f4:5f:0c:14:b5:63:34:b4:66:82:0a:90:ca:33:c1:2a:47:
         ed:05:aa:6b:90:9a:b6:62:dd:5f:cb:29:4c:65:94:57:96:ed:
         9e:d1:8a:5f:a4:e1:16:bd:b8:b7:b6:59:69:4d:fc:b0:5d:ba:
         91:e4:1f:58:aa:63:5e:0d:0a:fe:8c:37:9a:7a:e1:0f:29:eb:
         3d:d8:1e:09:03:b2:76:26:76:63:05:23:ca:a4:3c:cd:8f:8d:
         8b:81:9d:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9toPeWdtaXGwXHzz++k8JMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNTEyMTYyNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjYyYWE0ZWI1NmIyNjNiMmMzY2E5YjBlMjEwY2MyNTNhZmJkOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCH05eZ0uGbcjAE6AnM0ce0FLCc5
sc+BzlY4soSGWRAZz5RhDc01Sbo7Opwbzc6Tpj/QZTr8rN2WD+Z90yWwd0IJTESI
4kOyOwfhLfdJtqH1sZlWJzQwBU3Sa4/xAKeX0w7koa8hZgNSRi4YgVBdboG+nqjs
QvAGfAwKCj2Ic5iVRz386uvWk+V+o7qXj/BSVbE6r/+lnLJqe0IDPKtFchY7kP5d
fg29E5ObucouukTzCpmcMyiTUYqzee2qQnWhK70qeXmSt2WPjIz2dDmibrew5vNb
XfGU2QjSADoBc1tjcd6HYNkoijuBxZcx6R6Ixf3imc4zY4Hxb3Gt60Z2/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZiqk61ayY7LDypsOIQzCU6+9mCMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvSm1LcVRyVnJKanNzUEttdzRoRE1KVHI3MllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvlsMA0G
CSqGSIb3DQEBCwUAA4IBAQBoL618ldMIXd5PCHNsgIQpX1Y1va/QI7XUb34le3Pv
rt5EcgsmfHV65QJ5JmbzT5VbgJ8l7C8h94okYJ64BaNCWk0OhZaL9kVeZB25s4zA
ubdbrYsG0lFSsmkCAx3h0GgZ0FloM+KlYshssCOt6FWhWVn7jW6pcoEVeuf1yjWo
msqcs8vsN7rKiEdB2H4LBZdgnfchXwPd2T+p4KE0QyUHGECh9F8MFLVjNLRmggqQ
yjPBKkftBaprkJq2Yt1fyylMZZRXlu2e0YpfpOEWvbi3tllpTfywXbqR5B9YqmNe
DQr+jDeaeuEPKes92B4JA7J2JnZjBSPKpDzNj42LgZ25
-----END CERTIFICATE-----