Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/94b7ba-d12e-4d92-8f31-7ae93fd2ad04/1/JabBtT4Y-3SNc881LtBdtXlkpDA.roa
File:                     JabBtT4Y-3SNc881LtBdtXlkpDA.roa (raw, json)
Hash identifier:          Cs0MP/1jQOx8fdNXUhkeBls4htWSTRJEAC6zpsChZJM=
Subject key identifier:   25:A6:C1:B5:3E:18:FB:74:8D:73:CF:35:2E:D0:5D:B5:79:64:A4:30
Certificate issuer:       /CN=967e0fe73eee759b771fb72023c54a79c0a61717
Certificate serial:       0190DED06A9FE2D4F5CD06C41C2F7141A455
Authority key identifier: 96:7E:0F:E7:3E:EE:75:9B:77:1F:B7:20:23:C5:4A:79:C0:A6:17:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ln4P5z7udZt3H7cgI8VKecCmFxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/94b7ba-d12e-4d92-8f31-7ae93fd2ad04/1/JabBtT4Y-3SNc881LtBdtXlkpDA.roa
Signing time:             Tue 23 Jul 2024 08:58:39 +0000
ROA not before:           Tue 23 Jul 2024 08:58:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49551
IP address blocks:        91.214.220.0/22 maxlen: 22
                          91.214.220.0/23 maxlen: 23
                          91.214.222.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/94b7ba-d12e-4d92-8f31-7ae93fd2ad04/1/ln4P5z7udZt3H7cgI8VKecCmFxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/94b7ba-d12e-4d92-8f31-7ae93fd2ad04/1/ln4P5z7udZt3H7cgI8VKecCmFxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ln4P5z7udZt3H7cgI8VKecCmFxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:de:d0:6a:9f:e2:d4:f5:cd:06:c4:1c:2f:71:41:a4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=967e0fe73eee759b771fb72023c54a79c0a61717
        Validity
            Not Before: Jul 23 08:58:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25a6c1b53e18fb748d73cf352ed05db57964a430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:36:76:5f:5c:89:b3:1d:f1:7b:62:ac:1f:de:
                    99:d5:b1:84:e1:01:d0:2b:04:ca:37:04:83:54:1c:
                    2b:39:72:4a:c8:56:9d:ff:62:b8:42:a5:92:15:48:
                    0e:86:4b:ba:93:2a:7b:7d:a0:7e:6f:cc:58:08:03:
                    7d:f2:d0:b7:1e:34:d1:19:c3:2c:48:3c:8a:da:0c:
                    c8:7b:5d:6b:4d:bb:0a:1b:18:02:20:59:bd:f3:35:
                    75:25:eb:13:14:89:f5:95:a8:b3:d9:30:bf:d8:a9:
                    6f:ed:b8:d0:aa:ac:47:a6:ff:f2:7b:12:22:df:09:
                    6a:32:46:73:79:71:eb:62:5e:2b:54:ec:0d:30:09:
                    83:ef:d2:d0:37:bd:42:35:e2:14:77:b1:14:1b:89:
                    38:fe:75:41:71:63:d0:62:c8:24:1e:6a:e3:c2:ed:
                    4c:91:f4:71:dc:f1:bb:9f:7f:09:e8:e1:07:0e:9d:
                    a1:11:07:6e:c7:78:9f:cb:9f:b6:f5:20:03:03:34:
                    e7:87:8b:5b:e4:07:d6:55:ad:13:69:ce:91:4e:18:
                    e7:4c:5d:c4:fc:ad:f9:4f:bc:b2:0a:92:35:8b:7e:
                    31:46:d8:c2:19:33:c0:f4:2b:4f:6b:92:59:20:55:
                    7b:af:bc:38:5a:be:fd:d9:8d:fa:3c:de:82:a4:02:
                    69:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A6:C1:B5:3E:18:FB:74:8D:73:CF:35:2E:D0:5D:B5:79:64:A4:30
            X509v3 Authority Key Identifier:
                keyid:96:7E:0F:E7:3E:EE:75:9B:77:1F:B7:20:23:C5:4A:79:C0:A6:17:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ln4P5z7udZt3H7cgI8VKecCmFxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94b7ba-d12e-4d92-8f31-7ae93fd2ad04/1/JabBtT4Y-3SNc881LtBdtXlkpDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94b7ba-d12e-4d92-8f31-7ae93fd2ad04/1/ln4P5z7udZt3H7cgI8VKecCmFxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:3f:3f:c4:ab:ad:24:cd:bf:92:56:5b:a9:49:bd:4e:18:86:
         b0:88:05:f2:2f:c2:44:b4:2c:71:8e:22:ef:81:e9:ca:3b:87:
         e4:62:ee:b7:23:82:ee:34:6d:f7:64:8d:ab:d1:42:80:11:9e:
         ca:c0:6e:88:58:a8:34:06:fb:7d:2e:9f:b6:c6:50:da:2f:75:
         b5:37:ac:09:5f:a6:87:cd:6e:13:9a:09:01:e1:99:d7:16:16:
         15:e4:8c:97:07:d1:aa:b9:46:4a:7a:c8:57:c1:89:be:47:3e:
         39:27:d7:ac:d3:de:04:69:17:f6:b4:a8:ff:fc:36:54:52:75:
         f5:a7:ce:94:cd:ac:21:12:48:5e:55:41:cb:95:08:67:11:63:
         d4:4a:d2:a1:eb:a3:9c:33:60:dc:4c:b0:0d:31:73:8d:3d:5a:
         90:25:9f:db:a8:ed:33:e7:2e:33:17:05:61:cf:35:5b:8e:3e:
         80:9c:1c:89:33:3e:7c:ce:de:73:6f:b2:de:69:0f:4c:7f:2a:
         11:2e:90:2f:a5:5b:8c:dc:e9:f3:d2:68:59:eb:b3:38:09:ef:
         ba:d0:97:44:7b:06:6c:f3:f4:ed:e1:73:98:46:18:d4:90:e7:
         99:a1:af:7d:8c:32:c2:ab:5f:8b:73:c5:f1:4b:fd:2b:b2:1d:
         1e:1b:d7:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDe0Gqf4tT1zQbEHC9xQaRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2N2UwZmU3M2VlZTc1OWI3NzFmYjcyMDIzYzU0YTc5YzBh
NjE3MTcwHhcNMjQwNzIzMDg1ODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE2YzFiNTNlMThmYjc0OGQ3M2NmMzUyZWQwNWRiNTc5NjRhNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zZ2X1yJsx3xe2KsH96Z1bGE4QHQ
KwTKNwSDVBwrOXJKyFad/2K4QqWSFUgOhku6kyp7faB+b8xYCAN98tC3HjTRGcMs
SDyK2gzIe11rTbsKGxgCIFm98zV1JesTFIn1laiz2TC/2Klv7bjQqqxHpv/yexIi
3wlqMkZzeXHrYl4rVOwNMAmD79LQN71CNeIUd7EUG4k4/nVBcWPQYsgkHmrjwu1M
kfRx3PG7n38J6OEHDp2hEQdux3ify5+29SADAzTnh4tb5AfWVa0Tac6RThjnTF3E
/K35T7yyCpI1i34xRtjCGTPA9CtPa5JZIFV7r7w4Wr792Y36PN6CpAJpwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWmwbU+GPt0jXPPNS7QXbV5ZKQwMB8GA1UdIwQY
MBaAFJZ+D+c+7nWbdx+3ICPFSnnAphcXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG40UDV6N3VkWnQzSDdjZ0k4VktlY0NtRnhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NGI3YmEtZDEyZS00ZDkyLThmMzEt
N2FlOTNmZDJhZDA0LzEvSmFiQnRUNFktM1NOYzg4MUx0QmR0WGxrcERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NGI3YmEtZDEyZS00ZDkyLThmMzEtN2FlOTNmZDJhZDA0
LzEvbG40UDV6N3VkWnQzSDdjZ0k4VktlY0NtRnhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9bcMA0G
CSqGSIb3DQEBCwUAA4IBAQCePz/Eq60kzb+SVlupSb1OGIawiAXyL8JEtCxxjiLv
genKO4fkYu63I4LuNG33ZI2r0UKAEZ7KwG6IWKg0Bvt9Lp+2xlDaL3W1N6wJX6aH
zW4TmgkB4ZnXFhYV5IyXB9GquUZKeshXwYm+Rz45J9es094EaRf2tKj//DZUUnX1
p86UzawhEkheVUHLlQhnEWPUStKh66OcM2DcTLANMXONPVqQJZ/bqO0z5y4zFwVh
zzVbjj6AnByJMz58zt5zb7LeaQ9MfyoRLpAvpVuM3Onz0mhZ67M4Ce+60JdEewZs
8/Tt4XOYRhjUkOeZoa99jDLCq1+Lc8XxS/0rsh0eG9dr
-----END CERTIFICATE-----