Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/JNiBqjiZ8o0fEuCExZ1WzPg1H04.roa
File:                     JNiBqjiZ8o0fEuCExZ1WzPg1H04.roa (raw, json)
Hash identifier:          2Fp9KPMsFl+AjIYLOyygEIe6amosXgl14EI9/qi38EM=
Subject key identifier:   24:D8:81:AA:38:99:F2:8D:1F:12:E0:84:C5:9D:56:CC:F8:35:1F:4E
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       018CC80156E9CB95ED849DB6BE2743DF6ACC
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/JNiBqjiZ8o0fEuCExZ1WzPg1H04.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211947
IP address blocks:        195.64.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 01:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:56:e9:cb:95:ed:84:9d:b6:be:27:43:df:6a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24d881aa3899f28d1f12e084c59d56ccf8351f4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d1:bd:56:a8:de:e7:69:6a:5c:d2:d3:7a:59:
                    58:4e:14:55:9c:49:b7:a1:cc:79:7d:aa:dc:4c:fd:
                    c8:2d:99:98:ab:11:17:86:3a:e9:4f:24:f5:68:39:
                    39:60:ac:53:e0:c2:9f:01:e7:ee:49:71:7b:4f:a5:
                    23:86:e4:d2:19:72:da:77:7e:20:45:11:db:be:cc:
                    d2:55:f0:1c:dd:7f:92:14:38:3c:3e:f5:54:ce:48:
                    d5:b0:c1:2a:7e:c0:35:c1:d3:42:d0:10:ad:57:99:
                    9c:45:c8:7d:50:12:5f:1b:92:68:aa:86:65:ce:f1:
                    b6:21:fe:ae:c7:e0:4e:2f:69:fa:df:a4:0d:cb:3f:
                    7b:02:e2:8d:71:f2:61:40:5d:1b:bb:12:cc:6a:77:
                    82:ae:11:9d:ba:ea:f8:be:98:47:05:d8:41:21:29:
                    74:62:ad:49:b4:98:5d:09:1d:59:4f:4f:f1:d2:f6:
                    e9:d7:76:60:be:0b:51:e5:6c:fc:69:68:f2:f5:15:
                    35:7c:b4:9a:72:b4:01:b0:7f:29:70:ac:55:c0:71:
                    4c:14:df:a6:7b:8c:68:2e:b8:1d:4f:76:c6:d6:9b:
                    68:d1:bc:f3:bf:e8:5e:6c:cd:e9:e9:d4:f3:31:7f:
                    5d:50:bc:97:d0:94:85:8f:fd:db:4d:ca:8d:f3:0d:
                    d1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D8:81:AA:38:99:F2:8D:1F:12:E0:84:C5:9D:56:CC:F8:35:1F:4E
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/JNiBqjiZ8o0fEuCExZ1WzPg1H04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c7:72:ea:da:29:01:82:3d:f0:6a:1a:88:27:88:18:1d:10:
         56:65:c3:ad:c1:28:8a:38:06:f1:24:20:52:2a:80:37:c7:df:
         ed:18:46:41:29:71:be:52:45:84:ef:b3:d9:f3:0c:c5:fe:81:
         bc:88:98:6c:df:64:b0:c0:ed:fa:4e:1d:46:02:85:90:72:12:
         fd:fa:ab:f1:8e:0f:73:31:7f:a4:f4:45:9d:07:c1:53:d3:2f:
         3d:35:38:c0:ab:04:7a:e6:ed:7f:5d:ca:da:4e:cc:1a:e4:ac:
         2a:ad:a2:eb:34:21:40:bf:06:61:cf:59:b6:33:c6:d4:7f:77:
         8b:84:f7:d8:33:31:48:63:78:8e:0f:39:5a:0a:c9:60:97:e6:
         f4:69:9c:2a:9f:59:9f:2d:26:68:c4:86:26:3d:53:bd:a1:b6:
         92:4f:6e:4d:f8:c0:b4:d9:20:40:15:83:96:25:b4:8c:01:62:
         a5:7c:fc:14:60:ad:0c:dc:0f:b3:e3:0e:a1:7e:c9:4b:78:aa:
         d7:18:46:ac:fe:46:be:a5:90:22:53:48:b2:60:41:5c:66:95:
         bb:56:c5:6a:36:05:23:ca:73:24:11:a0:e5:05:d3:94:33:47:
         3e:b7:09:5c:73:ac:73:8a:d1:06:64:81:98:ef:01:6c:0c:db:
         1f:2b:e7:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVbpy5XthJ22vidD32rMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGQ4ODFhYTM4OTlmMjhkMWYxMmUwODRjNTlkNTZjY2Y4MzUxZjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidG9Vqje52lqXNLTellYThRVnEm3
ocx5farcTP3ILZmYqxEXhjrpTyT1aDk5YKxT4MKfAefuSXF7T6UjhuTSGXLad34g
RRHbvszSVfAc3X+SFDg8PvVUzkjVsMEqfsA1wdNC0BCtV5mcRch9UBJfG5JoqoZl
zvG2If6ux+BOL2n636QNyz97AuKNcfJhQF0buxLManeCrhGduur4vphHBdhBISl0
Yq1JtJhdCR1ZT0/x0vbp13ZgvgtR5Wz8aWjy9RU1fLSacrQBsH8pcKxVwHFMFN+m
e4xoLrgdT3bG1pto0bzzv+hebM3p6dTzMX9dULyX0JSFj/3bTcqN8w3ROwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTYgao4mfKNHxLghMWdVsz4NR9OMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvSk5pQnFqaVo4bzBmRXVDRXhaMVd6UGcxSDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0DnMA0G
CSqGSIb3DQEBCwUAA4IBAQAjx3Lq2ikBgj3wahqIJ4gYHRBWZcOtwSiKOAbxJCBS
KoA3x9/tGEZBKXG+UkWE77PZ8wzF/oG8iJhs32SwwO36Th1GAoWQchL9+qvxjg9z
MX+k9EWdB8FT0y89NTjAqwR65u1/XcraTswa5KwqraLrNCFAvwZhz1m2M8bUf3eL
hPfYMzFIY3iODzlaCslgl+b0aZwqn1mfLSZoxIYmPVO9obaST25N+MC02SBAFYOW
JbSMAWKlfPwUYK0M3A+z4w6hfslLeKrXGEas/ka+pZAiU0iyYEFcZpW7VsVqNgUj
ynMkEaDlBdOUM0c+twlcc6xzitEGZIGY7wFsDNsfK+do
-----END CERTIFICATE-----