Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/JPT0IliCUzMXphM0NVGfT_WvNYI.roa
File:                     JPT0IliCUzMXphM0NVGfT_WvNYI.roa (raw, json)
Hash identifier:          LY2opO6HdvHrbJtYPsL11chstZUDX1Jxhcqp1Z0bZ0U=
Subject key identifier:   24:F4:F4:22:58:82:53:33:17:A6:13:34:35:51:9F:4F:F5:AF:35:82
Certificate issuer:       /CN=d7367fc24d004f71dd2aef03f9cb4f2e3f9086aa
Certificate serial:       018CC9BCCF0D440B2A9575A5180CC4C430D0
Authority key identifier: D7:36:7F:C2:4D:00:4F:71:DD:2A:EF:03:F9:CB:4F:2E:3F:90:86:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/JPT0IliCUzMXphM0NVGfT_WvNYI.roa
Signing time:             Tue 02 Jan 2024 10:34:03 +0000
ROA not before:           Tue 02 Jan 2024 10:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25070
IP address blocks:        91.236.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:cf:0d:44:0b:2a:95:75:a5:18:0c:c4:c4:30:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7367fc24d004f71dd2aef03f9cb4f2e3f9086aa
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24f4f4225882533317a6133435519f4ff5af3582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a6:3a:51:58:ac:1e:fd:bd:fb:02:22:a7:52:
                    75:30:fc:51:04:e6:b6:ed:8e:21:ea:76:d6:1a:77:
                    8d:03:10:ee:ee:6a:31:9f:ec:69:9a:8b:5d:74:06:
                    70:3d:5d:2e:22:ba:d0:d7:0c:5f:b0:b7:69:1c:5a:
                    2f:e8:b3:1f:dc:5f:07:2c:8a:6a:d8:66:11:d1:db:
                    35:a4:4f:e5:33:90:d2:3b:62:81:92:87:5b:89:89:
                    66:0e:5e:59:c0:69:01:82:ac:83:c6:e1:b1:14:a7:
                    44:8a:c8:1c:cc:d9:9b:c7:e6:66:0d:f1:8c:90:20:
                    12:00:6f:24:72:5c:f0:27:e3:b6:19:61:6c:a2:1c:
                    c0:f2:cb:ce:e4:f0:f2:0d:81:fd:87:83:23:78:e7:
                    5b:b9:ba:b7:5a:a6:78:29:4b:00:fb:d1:68:08:b1:
                    50:97:51:8f:fd:66:4f:39:df:4b:10:f6:d6:f2:4f:
                    42:82:3a:cd:0b:cd:f4:19:f0:e7:d6:01:d9:7c:c8:
                    dd:19:9f:b4:7c:0a:14:09:28:30:aa:15:66:e3:83:
                    1c:32:a3:ce:60:1e:f8:08:81:ac:1e:26:24:2b:e0:
                    f6:d0:c2:44:e2:17:32:3c:7c:d6:54:6f:75:5f:de:
                    a2:37:7b:cf:ae:71:f0:c5:5e:e5:55:96:3f:0c:a8:
                    01:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F4:F4:22:58:82:53:33:17:A6:13:34:35:51:9F:4F:F5:AF:35:82
            X509v3 Authority Key Identifier:
                keyid:D7:36:7F:C2:4D:00:4F:71:DD:2A:EF:03:F9:CB:4F:2E:3F:90:86:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/JPT0IliCUzMXphM0NVGfT_WvNYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2d:30:05:13:7e:d6:8f:e1:be:f2:e3:5a:2a:43:00:54:43:
         0a:cd:cc:80:61:cb:e9:23:75:83:69:9c:ba:ef:90:87:84:1c:
         4d:91:13:b7:5c:45:9f:c3:fb:f6:c8:ad:7c:b4:7f:ef:8e:10:
         6b:c6:91:8f:82:c0:87:a2:45:9b:42:8d:83:08:3f:f3:c3:b6:
         9d:75:52:16:ce:e7:10:1c:d8:62:3a:d1:df:7b:76:85:87:0c:
         d5:b2:95:e8:f2:89:d7:04:ae:bf:a5:42:1e:5e:ac:6f:b1:d2:
         bf:8f:e0:1e:6f:25:74:79:30:66:23:bc:90:c7:cd:77:07:cf:
         60:61:06:d0:66:4a:00:6f:cb:c4:8c:50:40:dc:9b:f4:9d:53:
         d3:44:d9:6d:ea:06:f8:74:a4:94:c0:e3:88:d4:90:56:5f:82:
         f1:e6:1d:ee:f5:81:d9:f3:16:f8:dd:7f:ea:ab:7a:22:9a:54:
         85:f5:43:bc:58:c3:ce:2a:0f:2d:60:e9:79:1a:e8:f3:fb:9f:
         ee:e4:cf:e0:98:5b:8f:24:ca:5f:76:c7:35:df:8b:90:d8:70:
         84:62:26:0c:4b:09:8d:a2:60:8e:38:e6:0c:16:57:54:16:69:
         e2:1b:29:ba:54:c0:86:86:0a:36:0a:ce:52:08:9f:30:14:ed:
         ab:41:b1:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvM8NRAsqlXWlGAzExDDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MzY3ZmMyNGQwMDRmNzFkZDJhZWYwM2Y5Y2I0ZjJlM2Y5
MDg2YWEwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGY0ZjQyMjU4ODI1MzMzMTdhNjEzMzQzNTUxOWY0ZmY1YWYzNTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKY6UVisHv29+wIip1J1MPxRBOa2
7Y4h6nbWGneNAxDu7moxn+xpmotddAZwPV0uIrrQ1wxfsLdpHFov6LMf3F8HLIpq
2GYR0ds1pE/lM5DSO2KBkodbiYlmDl5ZwGkBgqyDxuGxFKdEisgczNmbx+ZmDfGM
kCASAG8kclzwJ+O2GWFsohzA8svO5PDyDYH9h4MjeOdbubq3WqZ4KUsA+9FoCLFQ
l1GP/WZPOd9LEPbW8k9CgjrNC830GfDn1gHZfMjdGZ+0fAoUCSgwqhVm44McMqPO
YB74CIGsHiYkK+D20MJE4hcyPHzWVG91X96iN3vPrnHwxV7lVZY/DKgB1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCT09CJYglMzF6YTNDVRn0/1rzWCMB8GA1UdIwQY
MBaAFNc2f8JNAE9x3SrvA/nLTy4/kIaqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXpaX3drMEFUM0hkS3U4RC1jdFBMai1RaHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kOGM2YjgtZDE0YS00N2Q5LWEwNTQt
YjljNzk0ZTAzY2JhLzEvSlBUMElsaUNVek1YcGhNME5WR2ZUX1d2TllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kOGM2YjgtZDE0YS00N2Q5LWEwNTQtYjljNzk0ZTAzY2Jh
LzEvMXpaX3drMEFUM0hkS3U4RC1jdFBMai1RaHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zBMA0G
CSqGSIb3DQEBCwUAA4IBAQA6LTAFE37Wj+G+8uNaKkMAVEMKzcyAYcvpI3WDaZy6
75CHhBxNkRO3XEWfw/v2yK18tH/vjhBrxpGPgsCHokWbQo2DCD/zw7addVIWzucQ
HNhiOtHfe3aFhwzVspXo8onXBK6/pUIeXqxvsdK/j+AebyV0eTBmI7yQx813B89g
YQbQZkoAb8vEjFBA3Jv0nVPTRNlt6gb4dKSUwOOI1JBWX4Lx5h3u9YHZ8xb43X/q
q3oimlSF9UO8WMPOKg8tYOl5Gujz+5/u5M/gmFuPJMpfdsc134uQ2HCEYiYMSwmN
omCOOOYMFldUFmniGym6VMCGhgo2Cs5SCJ8wFO2rQbET
-----END CERTIFICATE-----