Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/JjqpQJRFdkC_qlkAgzLA33O3L2c.roa
File:                     JjqpQJRFdkC_qlkAgzLA33O3L2c.roa (raw, json)
Hash identifier:          213QdHO6OUOCu8dIB0MSX/yiLpko8ULOLCb4e7G0hYg=
Subject key identifier:   26:3A:A9:40:94:45:76:40:BF:AA:59:00:83:32:C0:DF:73:B7:2F:67
Certificate issuer:       /CN=50980fb6ade858f2652e736993126c85759f06d9
Certificate serial:       018CC72727AC4725AB0F3DA60CD5A2BC6668
Authority key identifier: 50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/JjqpQJRFdkC_qlkAgzLA33O3L2c.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204957
IP address blocks:        91.204.183.0/24 maxlen: 24
                          91.204.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:27:ac:47:25:ab:0f:3d:a6:0c:d5:a2:bc:66:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50980fb6ade858f2652e736993126c85759f06d9
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=263aa94094457640bfaa59008332c0df73b72f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9e:88:49:43:9c:3e:e8:42:18:a0:36:c7:6e:
                    77:02:06:02:9f:c5:67:f8:e7:6c:7e:56:d0:05:fd:
                    03:70:97:2c:0f:45:56:51:a4:1c:4b:c8:9f:49:e5:
                    49:b0:6b:da:25:e3:26:a0:39:62:44:fe:b6:ef:27:
                    db:78:ca:ec:08:89:cc:8e:2e:f1:8c:44:cc:1c:28:
                    c9:fe:6d:65:25:75:92:db:0d:30:09:71:41:84:3b:
                    fa:34:d1:49:b8:a2:2f:11:9c:43:ce:61:28:93:c2:
                    1b:46:ec:18:d6:5a:13:a3:9e:2e:a4:f2:3b:65:9b:
                    ce:0a:14:76:79:ee:b6:b2:04:6a:e6:19:fd:12:26:
                    03:11:1a:2b:d4:18:9d:f5:76:b1:8a:c3:3e:90:b4:
                    29:9e:ea:7d:05:9a:61:01:d7:c5:50:b1:70:31:20:
                    99:05:f3:fd:9d:17:3b:37:5b:cb:61:48:07:ce:27:
                    17:5d:83:b3:c6:6a:37:1d:6c:e0:5a:c3:cc:92:32:
                    a9:7d:eb:a9:d5:96:6a:33:b5:0b:a4:7d:4c:67:b2:
                    7c:12:21:09:99:1a:77:41:c9:f7:c2:4b:22:0d:68:
                    db:16:53:52:3a:7b:ea:94:2e:35:8d:39:1e:36:82:
                    8a:28:8b:35:db:f5:dd:bd:2b:8f:ab:01:87:e2:de:
                    48:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:3A:A9:40:94:45:76:40:BF:AA:59:00:83:32:C0:DF:73:B7:2F:67
            X509v3 Authority Key Identifier:
                keyid:50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/JjqpQJRFdkC_qlkAgzLA33O3L2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:f8:e6:f2:0c:fd:ed:60:12:7a:66:f9:45:cf:1f:1e:d6:c4:
         a9:75:44:72:dd:6a:e1:bd:e0:a6:a2:16:c5:2c:0f:57:a2:67:
         eb:3f:46:89:a1:ca:fe:e8:0d:e3:b2:97:ce:d4:9f:78:36:1e:
         78:fd:e7:72:e5:c6:f7:48:c1:e4:6c:60:28:55:67:3b:22:7b:
         96:3f:b0:ce:80:6b:c7:84:8b:55:e4:d0:71:69:f7:f1:08:03:
         d1:49:df:61:14:e0:be:c2:a3:4a:5b:22:00:d5:51:65:fc:ff:
         aa:ff:bf:ff:dc:03:89:ab:1e:b8:c6:21:49:9a:00:72:ac:84:
         0d:55:78:86:0a:47:27:67:8c:72:76:b4:47:cb:07:75:4b:56:
         11:bd:e3:ab:d0:ac:74:b2:55:0b:2d:ec:6a:38:a5:07:8a:65:
         ba:5d:96:91:d4:ac:9d:92:9d:54:41:1f:9b:cc:2f:ca:7a:b7:
         f8:e0:19:12:b8:8e:83:e2:d4:33:c7:d8:12:d5:d9:24:5a:ca:
         4c:3d:d5:58:eb:30:fe:72:32:04:4a:76:8c:bf:68:79:ac:f3:
         3e:75:20:70:16:96:e8:b8:52:24:23:cf:94:a1:ab:b3:25:05:
         16:3e:7c:86:e9:57:d4:5d:03:2e:4d:98:bb:49:9b:2a:f0:93:
         fb:2c:d0:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyesRyWrDz2mDNWivGZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTgwZmI2YWRlODU4ZjI2NTJlNzM2OTkzMTI2Yzg1NzU5
ZjA2ZDkwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjNhYTk0MDk0NDU3NjQwYmZhYTU5MDA4MzMyYzBkZjczYjcyZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp6ISUOcPuhCGKA2x253AgYCn8Vn
+OdsflbQBf0DcJcsD0VWUaQcS8ifSeVJsGvaJeMmoDliRP627yfbeMrsCInMji7x
jETMHCjJ/m1lJXWS2w0wCXFBhDv6NNFJuKIvEZxDzmEok8IbRuwY1loTo54upPI7
ZZvOChR2ee62sgRq5hn9EiYDERor1Bid9XaxisM+kLQpnup9BZphAdfFULFwMSCZ
BfP9nRc7N1vLYUgHzicXXYOzxmo3HWzgWsPMkjKpfeup1ZZqM7ULpH1MZ7J8EiEJ
mRp3Qcn3wksiDWjbFlNSOnvqlC41jTkeNoKKKIs12/XdvSuPqwGH4t5IwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCY6qUCURXZAv6pZAIMywN9zty9nMB8GA1UdIwQY
MBaAFFCYD7at6FjyZS5zaZMSbIV1nwbZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEt
Y2NhNzlhNjk4MjBhLzEvSmpxcFFKUkZka0NfcWxrQWd6TEEzM08zTDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEtY2NhNzlhNjk4MjBh
LzEvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8y2MA0G
CSqGSIb3DQEBCwUAA4IBAQBw+ObyDP3tYBJ6ZvlFzx8e1sSpdURy3WrhveCmohbF
LA9XomfrP0aJocr+6A3jspfO1J94Nh54/edy5cb3SMHkbGAoVWc7InuWP7DOgGvH
hItV5NBxaffxCAPRSd9hFOC+wqNKWyIA1VFl/P+q/7//3AOJqx64xiFJmgByrIQN
VXiGCkcnZ4xydrRHywd1S1YRveOr0Kx0slULLexqOKUHimW6XZaR1Kydkp1UQR+b
zC/Kerf44BkSuI6D4tQzx9gS1dkkWspMPdVY6zD+cjIESnaMv2h5rPM+dSBwFpbo
uFIkI8+UoauzJQUWPnyG6VfUXQMuTZi7SZsq8JP7LNAD
-----END CERTIFICATE-----