Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/jml-I2K61BTAdNBiKV2UEirjgmk.roa
File:                     jml-I2K61BTAdNBiKV2UEirjgmk.roa (raw, json)
Hash identifier:          C8G/CF6bKvK7bamIrbxc4T8rrkwj+xuA2PX6HVDAaog=
Subject key identifier:   8E:69:7E:23:62:BA:D4:14:C0:74:D0:62:29:5D:94:12:2A:E3:82:69
Certificate issuer:       /CN=ab9aab13427ad8c0072ae08d9bb80abc19d3f984
Certificate serial:       0190B6C703A42BD5E23D4D9AB5A14FC443BF
Authority key identifier: AB:9A:AB:13:42:7A:D8:C0:07:2A:E0:8D:9B:B8:0A:BC:19:D3:F9:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q5qrE0J62MAHKuCNm7gKvBnT-YQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/jml-I2K61BTAdNBiKV2UEirjgmk.roa
Signing time:             Mon 15 Jul 2024 14:23:34 +0000
ROA not before:           Mon 15 Jul 2024 14:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42695
IP address blocks:        185.141.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/q5qrE0J62MAHKuCNm7gKvBnT-YQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/q5qrE0J62MAHKuCNm7gKvBnT-YQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q5qrE0J62MAHKuCNm7gKvBnT-YQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b6:c7:03:a4:2b:d5:e2:3d:4d:9a:b5:a1:4f:c4:43:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab9aab13427ad8c0072ae08d9bb80abc19d3f984
        Validity
            Not Before: Jul 15 14:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e697e2362bad414c074d062295d94122ae38269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9c:71:d9:81:54:71:de:0c:00:cf:f5:08:93:
                    3a:bc:04:84:f9:b3:df:28:db:32:a7:40:68:19:59:
                    f3:0a:f7:bf:14:d1:fe:de:b5:bf:57:b2:eb:f6:9d:
                    a1:c4:c5:12:06:b1:72:0f:7f:14:fb:df:47:62:85:
                    da:5d:b7:98:85:6e:da:19:18:f2:b7:b8:47:c4:e6:
                    61:24:fd:41:77:6c:14:1e:9e:1b:2e:bd:82:87:88:
                    22:8d:e7:05:9d:f2:dc:58:b0:13:eb:ac:81:14:50:
                    63:02:a1:f5:d6:bc:bf:f1:88:60:d9:bd:2c:3a:70:
                    90:27:74:e4:25:75:27:8e:6b:30:bb:08:7c:43:46:
                    67:2e:fe:5f:e8:a7:7a:10:55:2c:c7:45:84:9b:79:
                    3e:9d:43:b4:2d:26:d9:dd:79:18:84:63:44:e5:75:
                    fc:b3:c8:09:ca:6c:12:a7:53:5c:8c:ae:37:9b:f8:
                    be:ad:09:c2:b3:12:ac:af:29:8a:1d:08:e1:ec:9e:
                    a0:ba:df:db:63:30:36:0e:e6:b0:f1:01:0f:f3:42:
                    07:98:b2:aa:9f:0a:52:1c:8a:cc:49:55:90:af:80:
                    5a:aa:0e:f1:58:ed:52:06:c8:74:80:5e:32:2d:bf:
                    c9:58:dd:ce:7f:64:cc:e9:4e:17:59:06:37:09:b0:
                    ee:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:69:7E:23:62:BA:D4:14:C0:74:D0:62:29:5D:94:12:2A:E3:82:69
            X509v3 Authority Key Identifier:
                keyid:AB:9A:AB:13:42:7A:D8:C0:07:2A:E0:8D:9B:B8:0A:BC:19:D3:F9:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q5qrE0J62MAHKuCNm7gKvBnT-YQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/jml-I2K61BTAdNBiKV2UEirjgmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/q5qrE0J62MAHKuCNm7gKvBnT-YQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:8f:95:4c:59:3b:ff:10:ff:d2:50:90:09:bd:46:0b:25:e5:
         f6:11:b1:d7:3c:db:e2:e6:87:42:1b:db:9d:59:34:39:e2:0c:
         c4:7c:f3:37:b0:15:06:00:41:fa:bd:5a:fd:c3:ae:ee:1d:66:
         ed:24:44:a8:9a:e0:a3:9a:e3:f9:42:09:a9:dd:3c:b9:6d:1a:
         1f:61:30:4e:5a:2a:8b:dc:b0:f2:20:6c:90:a0:79:4a:56:84:
         30:71:98:c1:18:e8:57:ca:47:7a:8d:61:26:42:ec:b5:6a:a5:
         9a:02:99:60:5d:38:04:21:f7:7b:a5:3f:26:ae:ed:fd:5e:59:
         31:d8:c1:27:35:63:32:7c:4e:e8:ec:da:75:fc:f5:ff:d1:c9:
         bc:76:53:33:99:d8:e0:71:0b:d8:a6:a6:33:04:54:f9:6e:56:
         bf:fa:65:57:42:c9:6e:a5:6b:af:24:75:27:01:9c:35:27:1a:
         8c:32:28:fb:b4:d5:88:30:42:a5:23:21:43:f7:f9:fd:5e:93:
         74:9c:91:de:6e:bf:c9:81:51:70:e6:0c:2d:ec:b8:07:8c:c3:
         dd:af:80:81:8f:6e:2b:6a:2c:c7:6f:9e:56:42:22:de:24:75:
         8e:42:1b:50:23:2a:68:7a:29:ef:71:8d:7b:b6:fb:41:dc:35:
         f1:17:87:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC2xwOkK9XiPU2ataFPxEO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOWFhYjEzNDI3YWQ4YzAwNzJhZTA4ZDliYjgwYWJjMTlk
M2Y5ODQwHhcNMjQwNzE1MTQyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTY5N2UyMzYyYmFkNDE0YzA3NGQwNjIyOTVkOTQxMjJhZTM4MjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJxx2YFUcd4MAM/1CJM6vASE+bPf
KNsyp0BoGVnzCve/FNH+3rW/V7Lr9p2hxMUSBrFyD38U+99HYoXaXbeYhW7aGRjy
t7hHxOZhJP1Bd2wUHp4bLr2Ch4gijecFnfLcWLAT66yBFFBjAqH11ry/8Yhg2b0s
OnCQJ3TkJXUnjmswuwh8Q0ZnLv5f6Kd6EFUsx0WEm3k+nUO0LSbZ3XkYhGNE5XX8
s8gJymwSp1NcjK43m/i+rQnCsxKsrymKHQjh7J6gut/bYzA2Duaw8QEP80IHmLKq
nwpSHIrMSVWQr4Baqg7xWO1SBsh0gF4yLb/JWN3Of2TM6U4XWQY3CbDuZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5pfiNiutQUwHTQYildlBIq44JpMB8GA1UdIwQY
MBaAFKuaqxNCetjAByrgjZu4CrwZ0/mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTVxckUwSjYyTUFIS3VDTm03Z0t2Qm5ULVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lYjk1ODItZDI3NS00OTdhLWI2MmIt
MzkyNjAzMTljN2JkLzEvam1sLUkySzYxQlRBZE5CaUtWMlVFaXJqZ21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lYjk1ODItZDI3NS00OTdhLWI2MmItMzkyNjAzMTljN2Jk
LzEvcTVxckUwSjYyTUFIS3VDTm03Z0t2Qm5ULVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY2YMA0G
CSqGSIb3DQEBCwUAA4IBAQBSj5VMWTv/EP/SUJAJvUYLJeX2EbHXPNvi5odCG9ud
WTQ54gzEfPM3sBUGAEH6vVr9w67uHWbtJESomuCjmuP5Qgmp3Ty5bRofYTBOWiqL
3LDyIGyQoHlKVoQwcZjBGOhXykd6jWEmQuy1aqWaAplgXTgEIfd7pT8mru39Xlkx
2MEnNWMyfE7o7Np1/PX/0cm8dlMzmdjgcQvYpqYzBFT5bla/+mVXQslupWuvJHUn
AZw1JxqMMij7tNWIMEKlIyFD9/n9XpN0nJHebr/JgVFw5gwt7LgHjMPdr4CBj24r
aizHb55WQiLeJHWOQhtQIypoeinvcY17tvtB3DXxF4cY
-----END CERTIFICATE-----