Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/jb700Gs5b4yEUCTAp9yYumXev0g.roa
File:                     jb700Gs5b4yEUCTAp9yYumXev0g.roa (raw, json)
Hash identifier:          4qvduo6uscNLKZyZ8wzCKzUZ73+k62rHXv4ydbVgmQM=
Subject key identifier:   8D:BE:F4:D0:6B:39:6F:8C:84:50:24:C0:A7:DC:98:BA:65:DE:BF:48
Certificate issuer:       /CN=6df293212d25d4863e386b9c480ddc9be738124f
Certificate serial:       018CC5DC64C840637BA0916265E43042CD55
Authority key identifier: 6D:F2:93:21:2D:25:D4:86:3E:38:6B:9C:48:0D:DC:9B:E7:38:12:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bfKTIS0l1IY-OGucSA3cm-c4Ek8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/jb700Gs5b4yEUCTAp9yYumXev0g.roa
Signing time:             Mon 01 Jan 2024 16:30:04 +0000
ROA not before:           Mon 01 Jan 2024 16:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21263
IP address blocks:        192.81.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/bfKTIS0l1IY-OGucSA3cm-c4Ek8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/bfKTIS0l1IY-OGucSA3cm-c4Ek8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bfKTIS0l1IY-OGucSA3cm-c4Ek8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:64:c8:40:63:7b:a0:91:62:65:e4:30:42:cd:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6df293212d25d4863e386b9c480ddc9be738124f
        Validity
            Not Before: Jan  1 16:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dbef4d06b396f8c845024c0a7dc98ba65debf48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ba:43:0f:cb:06:e9:81:7b:2e:73:3d:29:9e:
                    fe:9b:8f:5d:d8:52:2e:99:d8:d3:b0:9b:6b:5f:26:
                    d4:23:5c:56:c0:81:9a:ed:21:4e:cb:c3:17:1b:36:
                    f6:bf:a5:42:4e:7e:17:9b:8e:35:89:c8:37:a7:eb:
                    73:6f:de:d9:d5:21:ca:46:48:d2:cc:dd:a1:44:c7:
                    6f:27:3d:88:a8:22:ed:0c:d0:00:59:72:9a:97:82:
                    96:36:b6:53:bb:6a:c4:a3:16:ba:68:02:91:6d:29:
                    2f:c4:44:17:2c:27:88:ec:d7:66:aa:18:26:da:99:
                    fb:fa:fd:46:92:57:98:a1:32:7d:60:d8:42:af:90:
                    61:f9:f4:57:a0:d6:f0:0c:43:55:5d:9f:17:dc:9e:
                    58:65:f0:7a:ae:9e:01:0c:0c:5e:08:4b:80:a6:1f:
                    0b:07:f4:1e:54:39:54:30:8a:5d:4e:28:54:04:fa:
                    21:e3:ca:4e:15:6b:05:9f:f0:4c:ec:a5:be:bd:25:
                    aa:49:44:5b:3e:0d:4e:4d:97:f3:1b:21:80:05:cb:
                    03:b0:a0:fc:35:dc:5f:62:af:d4:46:e8:da:1e:d7:
                    73:be:e7:a9:73:e8:10:42:a8:cb:be:95:69:d6:d7:
                    70:98:d2:1f:ea:ba:48:40:bc:74:5c:80:6a:56:fe:
                    0e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BE:F4:D0:6B:39:6F:8C:84:50:24:C0:A7:DC:98:BA:65:DE:BF:48
            X509v3 Authority Key Identifier:
                keyid:6D:F2:93:21:2D:25:D4:86:3E:38:6B:9C:48:0D:DC:9B:E7:38:12:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bfKTIS0l1IY-OGucSA3cm-c4Ek8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/jb700Gs5b4yEUCTAp9yYumXev0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/bfKTIS0l1IY-OGucSA3cm-c4Ek8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.81.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:2d:ba:92:7e:96:b7:c6:8f:47:2b:77:16:40:27:e8:69:a9:
         08:88:c6:fc:ec:56:69:e8:03:f9:f3:78:b5:4a:53:f1:3d:7e:
         c8:26:5c:17:2d:b2:00:55:78:58:9f:4f:27:bb:c3:2d:17:9c:
         a9:8c:96:39:a3:73:e9:d2:39:06:80:f0:15:63:c0:d1:7a:79:
         f3:70:13:65:98:40:1b:67:4c:96:83:1e:80:ce:e9:d3:cf:be:
         5e:69:d9:88:7b:b9:7a:5d:23:2e:d7:41:a1:8a:2f:fa:c5:2c:
         74:db:ae:92:3f:c8:63:af:a3:dd:87:6d:c0:bc:fb:59:39:16:
         4d:08:62:38:fb:42:a3:e7:fd:5c:8b:2c:6b:34:5a:63:fd:55:
         fc:07:6e:ee:fa:16:61:2a:0a:84:44:7d:fc:c5:c6:3f:4e:dd:
         f0:ec:7e:a8:38:7b:22:ba:b5:a3:f7:4d:5c:99:63:f1:e4:05:
         cf:bc:b7:68:45:f2:27:cf:61:1b:97:f0:68:64:9e:54:23:e5:
         17:05:4f:04:dc:4b:dc:e7:97:f6:35:4f:b8:6b:37:33:9a:69:
         64:91:5c:d4:57:7f:a2:0a:05:7b:a5:f8:15:18:78:bf:2d:b6:
         fd:a0:2b:50:09:1b:75:13:9f:52:01:ab:55:e8:9c:ff:52:42:
         03:75:6b:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GTIQGN7oJFiZeQwQs1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZjI5MzIxMmQyNWQ0ODYzZTM4NmI5YzQ4MGRkYzliZTcz
ODEyNGYwHhcNMjQwMTAxMTYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGJlZjRkMDZiMzk2ZjhjODQ1MDI0YzBhN2RjOThiYTY1ZGViZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLpDD8sG6YF7LnM9KZ7+m49d2FIu
mdjTsJtrXybUI1xWwIGa7SFOy8MXGzb2v6VCTn4Xm441icg3p+tzb97Z1SHKRkjS
zN2hRMdvJz2IqCLtDNAAWXKal4KWNrZTu2rEoxa6aAKRbSkvxEQXLCeI7Ndmqhgm
2pn7+v1GkleYoTJ9YNhCr5Bh+fRXoNbwDENVXZ8X3J5YZfB6rp4BDAxeCEuAph8L
B/QeVDlUMIpdTihUBPoh48pOFWsFn/BM7KW+vSWqSURbPg1OTZfzGyGABcsDsKD8
NdxfYq/URujaHtdzvuepc+gQQqjLvpVp1tdwmNIf6rpIQLx0XIBqVv4OYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2+9NBrOW+MhFAkwKfcmLpl3r9IMB8GA1UdIwQY
MBaAFG3ykyEtJdSGPjhrnEgN3JvnOBJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmZLVElTMGwxSVktT0d1Y1NBM2NtLWM0RWs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZWNiOGEtZDc2My00NjQyLTgwMzYt
ZjQwMDQwMmI1MzZjLzEvamI3MDBHczViNHlFVUNUQXA5eVl1bVhldjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZWNiOGEtZDc2My00NjQyLTgwMzYtZjQwMDQwMmI1MzZj
LzEvYmZLVElTMGwxSVktT0d1Y1NBM2NtLWM0RWs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwFF5MA0G
CSqGSIb3DQEBCwUAA4IBAQCELbqSfpa3xo9HK3cWQCfoaakIiMb87FZp6AP583i1
SlPxPX7IJlwXLbIAVXhYn08nu8MtF5ypjJY5o3Pp0jkGgPAVY8DRennzcBNlmEAb
Z0yWgx6AzunTz75eadmIe7l6XSMu10Ghii/6xSx0266SP8hjr6Pdh23AvPtZORZN
CGI4+0Kj5/1ciyxrNFpj/VX8B27u+hZhKgqERH38xcY/Tt3w7H6oOHsiurWj901c
mWPx5AXPvLdoRfInz2Ebl/BoZJ5UI+UXBU8E3Evc55f2NU+4azczmmlkkVzUV3+i
CgV7pfgVGHi/Lbb9oCtQCRt1E59SAatV6Jz/UkIDdWvD
-----END CERTIFICATE-----