Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jFx9oLtmYXPGC7NTWmH6T1rgEcQ.roa
File:                     jFx9oLtmYXPGC7NTWmH6T1rgEcQ.roa (raw, json)
Hash identifier:          kpcCATxXviG6ca84qLp+YM3OcIboFWhsjfMK8RVgnsw=
Subject key identifier:   8C:5C:7D:A0:BB:66:61:73:C6:0B:B3:53:5A:61:FA:4F:5A:E0:11:C4
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019423699D571C1522FA02D87BD3CB784A21
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jFx9oLtmYXPGC7NTWmH6T1rgEcQ.roa
Signing time:             Wed 01 Jan 2025 19:48:31 +0000
ROA not before:           Wed 01 Jan 2025 19:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50614
IP address blocks:        188.210.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:9d:57:1c:15:22:fa:02:d8:7b:d3:cb:78:4a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c5c7da0bb666173c60bb3535a61fa4f5ae011c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:68:78:47:a8:87:22:77:16:42:c3:b5:4a:c2:
                    fb:a8:7b:48:f4:21:08:cf:15:5b:7d:5f:74:47:41:
                    63:a3:62:e9:64:23:22:3c:ec:04:18:a4:38:03:54:
                    d8:05:b2:77:58:4d:99:c9:10:5c:65:d2:05:82:81:
                    01:aa:ab:88:48:6b:9f:b5:e5:55:8f:e1:7d:64:97:
                    78:63:06:4d:c6:62:9a:1b:43:21:fe:6a:d5:ae:aa:
                    03:eb:41:bc:70:54:d6:4e:4e:e1:37:64:f4:5e:b3:
                    9f:6f:7e:8f:f8:87:ad:9d:42:0e:0c:a2:46:bd:1f:
                    c5:44:e1:20:92:1b:e8:2c:22:23:36:6c:23:4d:1e:
                    50:5d:1e:ae:8e:b4:d3:39:84:20:07:dc:60:3b:2e:
                    f3:bc:2a:36:62:3d:4e:3f:ed:18:ce:79:f1:9f:1e:
                    0d:9e:96:2b:2c:61:5a:b4:a0:85:75:18:f1:1b:95:
                    86:91:0d:54:6d:7f:81:a6:f3:02:06:13:92:3f:24:
                    96:34:4e:62:ef:0b:2c:3f:5c:56:91:ee:56:73:66:
                    6e:9b:78:92:12:4a:0b:89:85:1e:a3:78:b3:7a:31:
                    22:d9:9c:ad:b5:d9:0c:03:c3:fb:b9:12:c2:01:17:
                    a9:0b:12:98:ee:3d:a9:31:dc:22:fd:b5:8b:2c:21:
                    c3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:5C:7D:A0:BB:66:61:73:C6:0B:B3:53:5A:61:FA:4F:5A:E0:11:C4
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jFx9oLtmYXPGC7NTWmH6T1rgEcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.210.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:35:7a:0d:5d:d2:06:49:93:66:ba:11:a0:4d:66:3e:b8:f5:
         fe:b1:7a:32:f1:86:bc:5f:fe:60:9c:da:94:d9:e1:2e:e0:9a:
         4f:cb:70:bd:95:06:6f:49:3d:df:63:d8:33:ec:bb:ac:09:9b:
         02:e0:3c:cf:c7:b1:e5:9e:07:ff:c1:c3:f3:ac:51:a7:86:4d:
         ac:7e:29:92:2b:fa:c2:73:44:33:14:fd:19:b9:a9:c3:19:79:
         94:04:4f:3f:20:c6:e1:0c:b0:87:29:fc:a4:df:41:4d:b2:f9:
         d3:23:8c:b8:60:1d:e9:45:6a:32:0c:66:17:10:a8:be:b1:6a:
         51:97:a5:1b:41:57:65:ae:a3:28:c1:f0:42:fa:58:e7:e0:c0:
         12:3e:e6:83:ed:f7:23:c8:4d:38:7b:03:a1:b1:9b:71:4a:97:
         c7:73:e7:ba:9c:1f:32:c0:15:28:00:95:4b:5f:f1:01:c4:fe:
         d6:79:b6:43:4d:71:3a:c0:8f:57:9c:ac:41:44:f1:84:48:86:
         87:5e:57:92:1a:c0:fb:a4:16:24:7e:3f:0d:ae:8f:a2:e9:e5:
         32:10:52:e2:73:7c:0f:99:9f:68:38:e1:e5:cc:6c:68:60:9b:
         e8:39:fa:71:44:49:40:1d:6b:28:e2:a2:d0:be:89:54:09:70:
         c0:c3:c6:01
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaZ1XHBUi+gLYe9PLeEohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzVjN2RhMGJiNjY2MTczYzYwYmIzNTM1YTYxZmE0ZjVhZTAxMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWh4R6iHIncWQsO1SsL7qHtI9CEI
zxVbfV90R0Fjo2LpZCMiPOwEGKQ4A1TYBbJ3WE2ZyRBcZdIFgoEBqquISGufteVV
j+F9ZJd4YwZNxmKaG0Mh/mrVrqoD60G8cFTWTk7hN2T0XrOfb36P+IetnUIODKJG
vR/FROEgkhvoLCIjNmwjTR5QXR6ujrTTOYQgB9xgOy7zvCo2Yj1OP+0Yznnxnx4N
npYrLGFatKCFdRjxG5WGkQ1UbX+BpvMCBhOSPySWNE5i7wssP1xWke5Wc2Zum3iS
EkoLiYUeo3izejEi2ZyttdkMA8P7uRLCARepCxKY7j2pMdwi/bWLLCHDOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIxcfaC7ZmFzxguzU1ph+k9a4BHEMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2pGeDlvTHRtWVhQR0M3TlRXbUg2VDFyZ0VjUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC80lsw
DQYJKoZIhvcNAQELBQADggEBANI1eg1d0gZJk2a6EaBNZj649f6xejLxhrxf/mCc
2pTZ4S7gmk/LcL2VBm9JPd9j2DPsu6wJmwLgPM/HseWeB//Bw/OsUaeGTax+KZIr
+sJzRDMU/Rm5qcMZeZQETz8gxuEMsIcp/KTfQU2y+dMjjLhgHelFajIMZhcQqL6x
alGXpRtBV2WuoyjB8EL6WOfgwBI+5oPt9yPITTh7A6Gxm3FKl8dz57qcHzLAFSgA
lUtf8QHE/tZ5tkNNcTrAj1ecrEFE8YRIhodeV5IawPukFiR+Pw2uj6Lp5TIQUuJz
fA+Zn2g44eXMbGhgm+g5+nFESUAdayjiotC+iVQJcMDDxgE=
-----END CERTIFICATE-----