Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/JIL4U1hNTco4LyrbmMjou258S4w.roa
File:                     JIL4U1hNTco4LyrbmMjou258S4w.roa (raw, json)
Hash identifier:          hBAWf4b/41QQHw96ZzGcX3cUQnaHLTkq2I5YwvAzz78=
Subject key identifier:   24:82:F8:53:58:4D:4D:CA:38:2F:2A:DB:98:C8:E8:BB:6E:7C:4B:8C
Certificate issuer:       /CN=39eea846551c6e419b947e0da107eecb0070419a
Certificate serial:       018CC5DC0645C73DBF4FBC7AFFE08A98A550
Authority key identifier: 39:EE:A8:46:55:1C:6E:41:9B:94:7E:0D:A1:07:EE:CB:00:70:41:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oe6oRlUcbkGblH4NoQfuywBwQZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/JIL4U1hNTco4LyrbmMjou258S4w.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21232
IP address blocks:        91.229.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/Oe6oRlUcbkGblH4NoQfuywBwQZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/Oe6oRlUcbkGblH4NoQfuywBwQZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oe6oRlUcbkGblH4NoQfuywBwQZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:06:45:c7:3d:bf:4f:bc:7a:ff:e0:8a:98:a5:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39eea846551c6e419b947e0da107eecb0070419a
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2482f853584d4dca382f2adb98c8e8bb6e7c4b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ca:81:e4:85:4e:c2:a8:86:5b:76:85:d9:c9:
                    25:2a:ab:9e:c0:bb:00:77:af:f3:66:94:34:75:85:
                    fa:f9:3b:35:aa:f1:6a:48:8c:3c:52:f1:3e:f2:c3:
                    46:a9:44:6c:08:56:05:ba:a6:13:62:96:0a:4f:6f:
                    e4:f4:ee:a3:f3:99:89:1d:84:e0:3e:ef:c9:ea:33:
                    d9:5e:f8:29:e5:44:3a:e6:02:97:8b:a4:7b:b0:47:
                    e8:34:cc:e5:d6:60:7a:d6:a2:24:02:31:5f:e3:b3:
                    8a:54:62:a9:7d:22:54:7b:a3:df:b5:e6:20:da:5a:
                    fe:92:2e:09:31:0b:9b:b6:b5:65:e2:18:4d:90:6a:
                    95:6b:c0:2c:41:97:1e:cf:18:ea:5b:a2:1f:c8:19:
                    2e:24:15:4c:44:7d:40:93:40:6d:f1:97:b2:8f:fe:
                    ff:0d:f6:cb:4c:49:eb:20:a5:50:e2:d0:66:3c:93:
                    bd:50:76:b4:0f:4b:cb:1e:c3:18:05:e9:bf:76:bc:
                    7c:7a:d3:52:c6:58:ac:b6:96:aa:ea:12:eb:31:ff:
                    d7:9b:1a:f0:69:ac:65:e2:b3:94:f1:56:ba:d8:06:
                    ba:9d:49:08:b5:fd:e2:09:58:b9:af:04:1d:12:43:
                    8f:7a:32:0f:33:c2:ec:0b:20:61:5e:60:54:f2:2c:
                    33:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:82:F8:53:58:4D:4D:CA:38:2F:2A:DB:98:C8:E8:BB:6E:7C:4B:8C
            X509v3 Authority Key Identifier:
                keyid:39:EE:A8:46:55:1C:6E:41:9B:94:7E:0D:A1:07:EE:CB:00:70:41:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oe6oRlUcbkGblH4NoQfuywBwQZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/JIL4U1hNTco4LyrbmMjou258S4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/09d329-7ffe-451b-bc82-2831a4850645/1/Oe6oRlUcbkGblH4NoQfuywBwQZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:e7:9c:92:07:db:61:21:12:75:85:60:d7:9b:dc:f7:18:2d:
         01:83:fd:e8:63:52:ef:1f:c1:8c:2b:51:ae:5f:f1:bc:fc:e2:
         2a:12:23:08:90:7e:fc:1a:0a:ed:d2:23:ea:02:54:4a:00:e1:
         7f:c5:77:be:69:73:74:38:42:ce:b3:98:ad:51:71:fd:a6:0d:
         1f:a1:78:18:df:00:94:5c:c3:df:47:d3:1b:9a:40:ec:e8:2f:
         06:1b:85:96:01:dd:ed:ea:71:2c:0c:af:3c:a0:43:1d:bd:1c:
         80:b0:61:40:2a:b7:b5:b3:25:d8:58:b4:58:63:9c:ca:c4:7c:
         0c:fa:d6:da:15:a6:8b:2d:29:2a:96:06:d2:fa:16:fe:77:69:
         49:27:6d:fc:16:21:9c:a0:7e:84:ea:c0:63:61:29:75:a4:90:
         c9:4e:40:2a:20:b5:32:ad:a0:b4:c3:7a:9b:b0:9a:1d:09:68:
         43:b1:6e:77:95:a4:a4:a3:ea:44:12:fa:81:d9:e5:e2:d6:24:
         40:b5:18:e6:ac:e8:53:10:26:25:78:b1:5b:0b:ba:55:3b:e0:
         49:a2:be:eb:69:97:74:c9:09:32:7f:32:fd:87:b2:1a:83:04:
         94:f3:d4:f0:0b:9c:57:f5:72:c8:d4:15:bd:5d:d4:69:a7:93:
         e5:98:5b:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AZFxz2/T7x6/+CKmKVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZWVhODQ2NTUxYzZlNDE5Yjk0N2UwZGExMDdlZWNiMDA3
MDQxOWEwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDgyZjg1MzU4NGQ0ZGNhMzgyZjJhZGI5OGM4ZThiYjZlN2M0YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8qB5IVOwqiGW3aF2cklKquewLsA
d6/zZpQ0dYX6+Ts1qvFqSIw8UvE+8sNGqURsCFYFuqYTYpYKT2/k9O6j85mJHYTg
Pu/J6jPZXvgp5UQ65gKXi6R7sEfoNMzl1mB61qIkAjFf47OKVGKpfSJUe6PfteYg
2lr+ki4JMQubtrVl4hhNkGqVa8AsQZcezxjqW6IfyBkuJBVMRH1Ak0Bt8Zeyj/7/
DfbLTEnrIKVQ4tBmPJO9UHa0D0vLHsMYBem/drx8etNSxlistpaq6hLrMf/Xmxrw
aaxl4rOU8Va62Aa6nUkItf3iCVi5rwQdEkOPejIPM8LsCyBhXmBU8iwzTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSC+FNYTU3KOC8q25jI6LtufEuMMB8GA1UdIwQY
MBaAFDnuqEZVHG5Bm5R+DaEH7ssAcEGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2U2b1JsVWNia0dibEg0Tm9RZnV5d0J3UVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wOWQzMjktN2ZmZS00NTFiLWJjODIt
MjgzMWE0ODUwNjQ1LzEvSklMNFUxaE5UY280THlyYm1Nam91MjU4UzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wOWQzMjktN2ZmZS00NTFiLWJjODItMjgzMWE0ODUwNjQ1
LzEvT2U2b1JsVWNia0dibEg0Tm9RZnV5d0J3UVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+VQMA0G
CSqGSIb3DQEBCwUAA4IBAQCW55ySB9thIRJ1hWDXm9z3GC0Bg/3oY1LvH8GMK1Gu
X/G8/OIqEiMIkH78Ggrt0iPqAlRKAOF/xXe+aXN0OELOs5itUXH9pg0foXgY3wCU
XMPfR9MbmkDs6C8GG4WWAd3t6nEsDK88oEMdvRyAsGFAKre1syXYWLRYY5zKxHwM
+tbaFaaLLSkqlgbS+hb+d2lJJ238FiGcoH6E6sBjYSl1pJDJTkAqILUyraC0w3qb
sJodCWhDsW53laSko+pEEvqB2eXi1iRAtRjmrOhTECYleLFbC7pVO+BJor7raZd0
yQkyfzL9h7IagwSU89TwC5xX9XLI1BW9XdRpp5PlmFs/
-----END CERTIFICATE-----