Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/Jgit3A7SCMMiwnnvSO3-FOzd-wY.roa
File:                     Jgit3A7SCMMiwnnvSO3-FOzd-wY.roa (raw, json)
Hash identifier:          EGA32rmJlNnbYGy1LjQ2AFnD7xcienX2VpiWWE/NYkk=
Subject key identifier:   26:08:AD:DC:0E:D2:08:C3:22:C2:79:EF:48:ED:FE:14:EC:DD:FB:06
Certificate issuer:       /CN=eab476f677cd0c3298d2811e60f48e1b29b3afef
Certificate serial:       018E8571D9C5F4BE0CB5775B2DE6E33DC820
Authority key identifier: EA:B4:76:F6:77:CD:0C:32:98:D2:81:1E:60:F4:8E:1B:29:B3:AF:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/Jgit3A7SCMMiwnnvSO3-FOzd-wY.roa
Signing time:             Thu 28 Mar 2024 14:23:34 +0000
ROA not before:           Thu 28 Mar 2024 14:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        93.190.72.0/21 maxlen: 24
                          185.70.48.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:71:d9:c5:f4:be:0c:b5:77:5b:2d:e6:e3:3d:c8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eab476f677cd0c3298d2811e60f48e1b29b3afef
        Validity
            Not Before: Mar 28 14:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2608addc0ed208c322c279ef48edfe14ecddfb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:79:38:2e:2a:3c:a8:4c:10:bd:8f:5e:cb:52:
                    12:0a:2f:b0:16:dd:50:b0:f1:48:13:4a:22:78:d2:
                    3a:70:66:b0:55:f8:e7:3c:44:06:0a:46:7d:c7:42:
                    ba:0f:76:e6:bc:e2:5f:b3:14:4a:b5:71:cc:13:90:
                    87:c0:37:14:49:3b:28:63:20:12:59:ee:2d:f7:4e:
                    4a:c8:95:1b:4c:74:7c:25:04:d4:df:45:bf:bc:8a:
                    35:40:e2:b7:7b:a3:0b:09:83:54:65:08:c6:93:8d:
                    e3:f9:4e:1e:ac:1e:ee:93:5e:f7:c5:3b:6c:a1:d0:
                    e3:09:06:56:70:78:59:eb:15:32:4c:5f:75:95:d0:
                    9f:88:70:00:b1:5e:84:6b:45:8b:26:f8:cd:06:2e:
                    cb:e6:16:eb:ea:bc:e1:34:43:bc:30:9a:7e:77:26:
                    e1:78:39:2a:02:27:06:aa:ff:5f:ba:10:07:ff:f4:
                    ab:91:50:a6:e7:33:d9:a7:a7:7b:36:0b:ef:40:2a:
                    dd:67:33:3d:4a:54:11:8c:40:f1:3c:da:25:61:72:
                    c9:4c:20:c7:d8:96:19:b9:74:30:73:a2:de:fa:14:
                    54:fa:00:11:bc:c0:00:1f:19:3e:5b:2a:a4:85:8d:
                    c0:c4:2d:30:2b:91:ca:10:50:f2:b2:0b:5f:25:f9:
                    e6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:08:AD:DC:0E:D2:08:C3:22:C2:79:EF:48:ED:FE:14:EC:DD:FB:06
            X509v3 Authority Key Identifier:
                keyid:EA:B4:76:F6:77:CD:0C:32:98:D2:81:1E:60:F4:8E:1B:29:B3:AF:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/Jgit3A7SCMMiwnnvSO3-FOzd-wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.72.0/21
                  185.70.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:a5:61:39:61:c6:aa:34:a5:11:d4:09:b8:aa:5a:ef:5e:83:
         d3:d5:e3:e6:0c:60:22:6b:24:35:95:c4:92:0e:1f:8b:2b:9a:
         c4:e2:6c:9b:cb:44:a7:ec:20:0e:bf:c3:57:cf:3e:c1:90:c3:
         e0:89:42:34:04:93:18:38:b7:b9:98:71:dc:6b:8f:cb:f9:f2:
         43:3c:09:07:2b:7b:fb:cb:7f:b9:6b:2f:01:67:5d:08:a2:f1:
         29:a8:fa:00:0c:45:7b:cf:56:00:ce:86:4a:77:4a:7b:c5:23:
         d9:7e:0c:ba:ae:d6:ea:92:1b:1b:f0:64:99:39:11:f3:8e:6a:
         89:57:95:1d:d5:35:b6:ac:d5:22:b3:bd:9d:9e:d7:92:93:98:
         46:0f:73:1f:26:25:00:6a:f2:a2:d3:72:3f:bc:8e:49:14:f1:
         bb:82:f8:98:d5:98:89:ae:35:27:49:5d:3b:d8:e1:49:c1:e0:
         2d:d7:2c:0a:60:8e:44:8d:d1:8a:fc:23:b9:ff:47:37:6e:4a:
         3a:a1:0b:ad:22:8d:8d:be:69:f8:e6:00:ea:8a:6d:0c:18:67:
         9f:a0:1e:2d:d4:35:4b:cc:fe:b2:ed:f3:7b:08:43:1c:4e:46:
         08:d5:58:88:ea:62:44:a5:94:dd:12:8c:0a:6d:15:eb:46:72:
         71:3c:3f:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6FcdnF9L4MtXdbLebjPcggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYjQ3NmY2NzdjZDBjMzI5OGQyODExZTYwZjQ4ZTFiMjli
M2FmZWYwHhcNMjQwMzI4MTQyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjA4YWRkYzBlZDIwOGMzMjJjMjc5ZWY0OGVkZmUxNGVjZGRmYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHk4Lio8qEwQvY9ey1ISCi+wFt1Q
sPFIE0oieNI6cGawVfjnPEQGCkZ9x0K6D3bmvOJfsxRKtXHME5CHwDcUSTsoYyAS
We4t905KyJUbTHR8JQTU30W/vIo1QOK3e6MLCYNUZQjGk43j+U4erB7uk173xTts
odDjCQZWcHhZ6xUyTF91ldCfiHAAsV6Ea0WLJvjNBi7L5hbr6rzhNEO8MJp+dybh
eDkqAicGqv9fuhAH//SrkVCm5zPZp6d7NgvvQCrdZzM9SlQRjEDxPNolYXLJTCDH
2JYZuXQwc6Le+hRU+gARvMAAHxk+WyqkhY3AxC0wK5HKEFDysgtfJfnmUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCYIrdwO0gjDIsJ570jt/hTs3fsGMB8GA1UdIwQY
MBaAFOq0dvZ3zQwymNKBHmD0jhsps6/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnJSMjluZk5EREtZMG9FZVlQU09HeW16ci04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82NTdhOTItNjIyMC00NDI1LTg4OTkt
MDdmMTk1MGQ4ODk0LzEvSmdpdDNBN1NDTU1pd25udlNPMy1GT3pkLXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82NTdhOTItNjIyMC00NDI1LTg4OTktMDdmMTk1MGQ4ODk0
LzEvNnJSMjluZk5EREtZMG9FZVlQU09HeW16ci04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXb5IAwQC
uUYwMA0GCSqGSIb3DQEBCwUAA4IBAQC2pWE5YcaqNKUR1Am4qlrvXoPT1ePmDGAi
ayQ1lcSSDh+LK5rE4myby0Sn7CAOv8NXzz7BkMPgiUI0BJMYOLe5mHHca4/L+fJD
PAkHK3v7y3+5ay8BZ10IovEpqPoADEV7z1YAzoZKd0p7xSPZfgy6rtbqkhsb8GSZ
ORHzjmqJV5Ud1TW2rNUis72dnteSk5hGD3MfJiUAavKi03I/vI5JFPG7gviY1ZiJ
rjUnSV072OFJweAt1ywKYI5EjdGK/CO5/0c3bko6oQutIo2Nvmn45gDqim0MGGef
oB4t1DVLzP6y7fN7CEMcTkYI1ViI6mJEpZTdEowKbRXrRnJxPD/V
-----END CERTIFICATE-----