Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Jc5SjZP7cu2cc7BmByNIp3FZ_gM.roa
File:                     Jc5SjZP7cu2cc7BmByNIp3FZ_gM.roa (raw, json)
Hash identifier:          YM2tKCt3GUobR7Ptlb2hZrJx9DTpunUempEuXFCSCTI=
Subject key identifier:   25:CE:52:8D:93:FB:72:ED:9C:73:B0:66:07:23:48:A7:71:59:FE:03
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01914CEEBB041A1088ED98FCECDFE775A328
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Jc5SjZP7cu2cc7BmByNIp3FZ_gM.roa
Signing time:             Tue 13 Aug 2024 18:09:59 +0000
ROA not before:           Tue 13 Aug 2024 18:09:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26383
IP address blocks:        213.182.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4c:ee:bb:04:1a:10:88:ed:98:fc:ec:df:e7:75:a3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Aug 13 18:09:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25ce528d93fb72ed9c73b066072348a77159fe03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7a:7b:81:26:75:f1:47:1f:3e:e2:1e:2e:0c:
                    e4:71:8a:4b:33:6d:25:b9:da:42:0e:79:e2:56:98:
                    f5:9a:9c:1f:09:ae:a2:41:bd:0b:7e:6e:03:db:73:
                    68:29:51:0d:34:94:4f:4d:75:ee:c5:ae:42:21:33:
                    e4:c5:14:6b:bb:6a:dc:4a:56:28:c2:b4:57:69:c4:
                    e2:2a:1c:8e:4e:4b:ce:3c:f5:a6:7c:25:26:ce:d1:
                    9d:58:9b:59:f6:f3:b0:be:d4:f4:c0:5b:78:01:f7:
                    26:4a:84:12:83:44:96:05:31:eb:65:4d:a8:a1:f0:
                    86:37:b2:de:b7:e7:e2:45:bf:ee:df:a0:7b:58:0c:
                    50:9f:d9:d8:5c:d1:5f:c4:de:ed:54:c0:66:7c:e6:
                    c9:3c:26:b9:ef:5f:a2:95:51:24:ce:74:fe:fa:9e:
                    9d:39:6c:c9:ae:87:8a:11:d9:90:df:47:f4:ff:64:
                    43:18:9f:d3:04:3e:6b:e6:82:12:c0:c3:c7:35:0d:
                    6c:d0:8d:1f:b8:2c:0e:99:1f:ed:80:29:3b:7e:17:
                    83:e8:48:04:f1:d0:6a:aa:d8:23:4d:9e:0e:05:5f:
                    7a:91:b6:3a:40:ba:00:03:10:9b:11:aa:6c:65:a0:
                    ad:85:4e:13:4a:5e:59:f3:a1:e5:56:67:c4:d4:fe:
                    08:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:CE:52:8D:93:FB:72:ED:9C:73:B0:66:07:23:48:A7:71:59:FE:03
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Jc5SjZP7cu2cc7BmByNIp3FZ_gM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:1b:3e:e9:18:2d:0d:74:2f:9a:c4:ee:0b:cf:65:e0:bb:23:
         e5:62:65:fe:99:95:ca:a7:08:3c:a2:27:7e:46:38:c4:f7:d9:
         9a:59:ed:d1:ea:96:1f:e7:bf:8d:47:cf:84:d6:f0:b6:de:38:
         97:93:a0:e9:45:3e:d0:96:02:73:5b:be:78:de:4b:a8:fe:f3:
         9b:eb:83:47:ea:6c:8c:50:35:dc:c3:82:5f:b4:6c:bd:dd:8c:
         1e:54:88:70:78:4d:c6:3b:17:f0:ad:08:38:b4:2b:68:11:7c:
         73:ec:ff:e9:4b:f8:88:11:91:ea:6c:3e:6b:5b:ac:60:e9:a9:
         14:3e:9e:17:da:e2:ad:12:0f:ff:95:b8:6f:fc:14:4c:ab:a8:
         67:b2:4c:4b:cf:8b:8c:b0:b5:59:e4:2b:d7:e1:a1:1f:e8:ce:
         6a:ff:e2:9c:04:0d:60:fc:54:c3:fa:00:0a:4a:57:d1:8a:7a:
         68:c0:b2:f3:64:13:5b:b0:d2:a1:b9:86:d8:96:66:b8:e6:c7:
         ed:ce:d2:f8:5f:72:68:2b:e2:c7:d1:64:48:1d:07:93:e6:31:
         68:bf:99:8b:b5:e9:91:45:75:0c:a9:9f:c1:c3:3d:5f:ed:5d:
         9e:30:39:fc:34:f7:12:72:e8:55:96:6c:20:8f:b5:22:cb:1b:
         c6:df:b1:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFM7rsEGhCI7Zj87N/ndaMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwODEzMTgwOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWNlNTI4ZDkzZmI3MmVkOWM3M2IwNjYwNzIzNDhhNzcxNTlmZTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnp7gSZ18UcfPuIeLgzkcYpLM20l
udpCDnniVpj1mpwfCa6iQb0Lfm4D23NoKVENNJRPTXXuxa5CITPkxRRru2rcSlYo
wrRXacTiKhyOTkvOPPWmfCUmztGdWJtZ9vOwvtT0wFt4AfcmSoQSg0SWBTHrZU2o
ofCGN7Let+fiRb/u36B7WAxQn9nYXNFfxN7tVMBmfObJPCa571+ilVEkznT++p6d
OWzJroeKEdmQ30f0/2RDGJ/TBD5r5oISwMPHNQ1s0I0fuCwOmR/tgCk7fheD6EgE
8dBqqtgjTZ4OBV96kbY6QLoAAxCbEapsZaCthU4TSl5Z86HlVmfE1P4INwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXOUo2T+3LtnHOwZgcjSKdxWf4DMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvSmM1U2paUDdjdTJjYzdCbUJ5TklwM0ZaX2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbMMA0G
CSqGSIb3DQEBCwUAA4IBAQAaGz7pGC0NdC+axO4Lz2XguyPlYmX+mZXKpwg8oid+
RjjE99maWe3R6pYf57+NR8+E1vC23jiXk6DpRT7QlgJzW7543kuo/vOb64NH6myM
UDXcw4JftGy93YweVIhweE3GOxfwrQg4tCtoEXxz7P/pS/iIEZHqbD5rW6xg6akU
Pp4X2uKtEg//lbhv/BRMq6hnskxLz4uMsLVZ5CvX4aEf6M5q/+KcBA1g/FTD+gAK
SlfRinpowLLzZBNbsNKhuYbYlma45sftztL4X3JoK+LH0WRIHQeT5jFov5mLtemR
RXUMqZ/Bwz1f7V2eMDn8NPcScuhVlmwgj7UiyxvG37HD
-----END CERTIFICATE-----