Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/jUtKE4FK6pP66kkBOjDDaGzwqCI.roa
File:                     jUtKE4FK6pP66kkBOjDDaGzwqCI.roa (raw, json)
Hash identifier:          3Zgj37u8D3PSrFTShPjOGOp6oxpXATBj2ullep6jG0A=
Subject key identifier:   8D:4B:4A:13:81:4A:EA:93:FA:EA:49:01:3A:30:C3:68:6C:F0:A8:22
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBCE92FA638CA3A56EBCC4A572DB95
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/jUtKE4FK6pP66kkBOjDDaGzwqCI.roa
Signing time:             Tue 02 Jan 2024 10:32:57 +0000
ROA not before:           Tue 02 Jan 2024 10:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41694
IP address blocks:        195.56.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ce:92:fa:63:8c:a3:a5:6e:bc:c4:a5:72:db:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d4b4a13814aea93faea49013a30c3686cf0a822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:cc:c7:71:9d:80:cb:c5:32:84:d7:67:a7:47:
                    bb:10:c4:98:b0:50:2c:da:5c:bf:fe:89:4a:88:4b:
                    97:90:06:f1:50:f4:06:12:32:80:8b:a1:0e:ae:50:
                    f5:09:e9:20:7c:0f:cd:91:58:05:ac:74:b6:88:41:
                    b1:55:8a:9f:0f:ad:5d:61:a0:42:92:36:06:11:19:
                    36:66:74:73:50:ac:47:5a:5f:96:60:ab:5d:32:4a:
                    78:64:4f:1f:6d:19:ce:f1:7b:83:89:45:20:9c:e5:
                    16:48:5b:33:a2:e6:92:18:53:52:a3:ae:96:f6:89:
                    cd:45:72:e8:e9:5e:0e:51:d0:27:b1:78:e2:da:09:
                    ac:e7:72:40:49:01:85:1d:36:b0:85:a2:17:59:7a:
                    48:03:7f:a9:49:15:25:3f:0c:97:9d:6d:e4:a0:5d:
                    1e:3a:81:15:19:59:1a:aa:3f:41:60:b2:de:39:6d:
                    ae:bf:2a:92:4b:09:d1:75:f3:96:5d:29:ae:50:ee:
                    c4:fb:9a:8d:b4:4f:b3:5b:eb:d0:86:5c:55:4c:73:
                    10:9d:ce:cf:3c:25:aa:09:52:7e:92:d6:0d:78:09:
                    74:8b:b6:89:56:5b:9b:00:7e:c8:62:e6:b9:f9:ec:
                    87:0b:35:09:b2:81:ba:d1:50:21:3b:c9:2c:0a:90:
                    d7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:4B:4A:13:81:4A:EA:93:FA:EA:49:01:3A:30:C3:68:6C:F0:A8:22
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/jUtKE4FK6pP66kkBOjDDaGzwqCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.56.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7e:61:7f:62:a6:57:fe:28:7b:7f:61:d4:bf:c9:7a:43:1c:
         d5:d1:b0:4c:f8:80:77:d4:ff:c1:0e:44:fd:88:5f:1f:1f:ce:
         bc:e8:31:0f:e4:16:8b:28:e4:60:8c:19:d3:12:a3:21:23:de:
         82:29:e1:b4:8c:cc:52:0c:aa:5c:e7:c3:dc:8e:ee:f6:e6:84:
         51:d7:32:a3:2f:0e:71:cc:2e:98:6a:79:be:46:71:7c:09:31:
         05:f9:49:0a:fd:62:39:89:2b:a1:6d:43:cd:60:8a:c0:9a:1f:
         bb:92:83:0f:d9:c2:92:34:88:be:39:54:b0:69:d2:49:24:d3:
         cd:01:c6:0a:5c:2b:20:84:fe:65:cc:01:1e:98:b2:5c:d3:38:
         a6:60:27:ad:07:16:60:29:ec:20:f3:ed:f2:dd:6f:d6:c8:4b:
         11:ba:23:8f:f6:3c:22:f4:d7:78:64:79:c1:0f:0e:a8:a2:ba:
         71:b7:98:09:08:b7:84:ab:f5:e9:ce:b2:2a:3c:8c:b7:b7:d5:
         70:f4:ef:59:b1:07:7f:46:fd:39:c4:39:0b:5a:c0:7a:1f:ae:
         22:76:44:56:d4:a2:88:f1:cf:4d:87:f6:7c:c4:37:8f:d7:c2:
         fd:03:4b:5e:a9:b3:04:99:45:f3:d9:e8:e0:82:f8:f1:f7:cd:
         b1:cf:09:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu86S+mOMo6VuvMSlctuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDRiNGExMzgxNGFlYTkzZmFlYTQ5MDEzYTMwYzM2ODZjZjBhODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8zHcZ2Ay8UyhNdnp0e7EMSYsFAs
2ly//olKiEuXkAbxUPQGEjKAi6EOrlD1CekgfA/NkVgFrHS2iEGxVYqfD61dYaBC
kjYGERk2ZnRzUKxHWl+WYKtdMkp4ZE8fbRnO8XuDiUUgnOUWSFszouaSGFNSo66W
9onNRXLo6V4OUdAnsXji2gms53JASQGFHTawhaIXWXpIA3+pSRUlPwyXnW3koF0e
OoEVGVkaqj9BYLLeOW2uvyqSSwnRdfOWXSmuUO7E+5qNtE+zW+vQhlxVTHMQnc7P
PCWqCVJ+ktYNeAl0i7aJVlubAH7IYua5+eyHCzUJsoG60VAhO8ksCpDXRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1LShOBSuqT+upJAToww2hs8KgiMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvalV0S0U0Rks2cFA2NmtrQk9qRERhR3p3cUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzjHMA0G
CSqGSIb3DQEBCwUAA4IBAQB5fmF/YqZX/ih7f2HUv8l6QxzV0bBM+IB31P/BDkT9
iF8fH8686DEP5BaLKORgjBnTEqMhI96CKeG0jMxSDKpc58Pcju725oRR1zKjLw5x
zC6Yanm+RnF8CTEF+UkK/WI5iSuhbUPNYIrAmh+7koMP2cKSNIi+OVSwadJJJNPN
AcYKXCsghP5lzAEemLJc0zimYCetBxZgKewg8+3y3W/WyEsRuiOP9jwi9Nd4ZHnB
Dw6oorpxt5gJCLeEq/XpzrIqPIy3t9Vw9O9ZsQd/Rv05xDkLWsB6H64idkRW1KKI
8c9Nh/Z8xDeP18L9A0teqbMEmUXz2ejggvjx982xzwnb
-----END CERTIFICATE-----