Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/jz_G-SDUB3fUsGSxejB8oG3IHsA.roa
File:                     jz_G-SDUB3fUsGSxejB8oG3IHsA.roa (raw, json)
Hash identifier:          /yvnPrWZ/xUFCipmEIjdNkjb3BB6SImpGVawDqYXO6M=
Subject key identifier:   8F:3F:C6:F9:20:D4:07:77:D4:B0:64:B1:7A:30:7C:A0:6D:C8:1E:C0
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       018CC801693D53BC2CC2F5321D6C3A7E57BB
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/jz_G-SDUB3fUsGSxejB8oG3IHsA.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        194.151.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:69:3d:53:bc:2c:c2:f5:32:1d:6c:3a:7e:57:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f3fc6f920d40777d4b064b17a307ca06dc81ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ae:33:0d:99:d2:75:f6:c4:26:a7:3b:8f:d7:
                    9b:c3:6b:4c:6d:47:61:d1:41:7f:0f:5f:c9:ac:ec:
                    8d:d2:ac:31:c9:64:e2:2c:06:16:60:7f:a7:b6:d8:
                    77:c5:0d:40:69:49:cf:25:49:fa:a7:28:36:93:cb:
                    3d:c1:dc:df:cb:ad:2b:01:1e:cc:ec:81:53:36:71:
                    45:a4:ac:6b:28:b5:ad:3f:8f:e8:d5:62:ea:9d:3c:
                    bc:8d:3f:a6:4a:9a:05:17:3b:63:40:e4:5b:3c:c9:
                    23:fa:0e:45:b8:0e:9e:3a:a4:8d:27:4f:97:8f:f6:
                    93:ed:7d:e2:d1:75:0d:8b:8d:be:2d:7d:ac:50:5b:
                    ea:cd:25:b8:fe:7f:7c:57:c5:4c:de:39:00:ee:93:
                    73:bb:51:4f:11:6b:3d:50:7d:2c:30:91:a4:66:0e:
                    66:70:75:30:bd:a7:8b:20:1d:d5:44:ed:f9:52:78:
                    a9:6c:d7:82:b9:26:c5:ac:ee:ae:b9:8c:dc:ea:9e:
                    22:1a:1a:7f:bd:84:76:4a:79:7f:0b:a7:04:e8:13:
                    bf:8b:63:fa:09:a9:3a:65:ab:3b:9f:87:2a:7a:fd:
                    91:43:30:2a:40:9e:5e:41:e3:fc:a8:cb:35:70:3a:
                    2d:98:13:e1:a3:7d:e8:5f:98:6a:86:ac:c4:18:47:
                    d5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:3F:C6:F9:20:D4:07:77:D4:B0:64:B1:7A:30:7C:A0:6D:C8:1E:C0
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/jz_G-SDUB3fUsGSxejB8oG3IHsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.151.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:f1:55:23:07:bf:2c:88:89:40:23:d7:f8:28:5c:78:30:8b:
         d7:27:63:fb:de:80:53:f9:c0:90:d9:f7:6d:68:19:fd:97:af:
         4c:4a:76:fa:0d:6b:51:90:2e:ec:83:37:83:11:00:88:cd:51:
         32:fd:5b:17:ae:c6:92:62:bf:12:02:98:dd:81:dd:53:d3:d7:
         25:35:db:6f:c8:b6:84:76:e2:58:9d:72:7c:c5:20:1a:58:2d:
         18:ee:40:99:8d:e3:06:6b:bc:14:3e:f3:bd:f0:0e:7c:16:1f:
         33:da:a7:cd:27:4e:4b:48:7f:18:52:d2:80:6c:2d:f5:ef:9a:
         22:ed:ed:e8:2b:a8:e2:96:94:ed:45:bf:6d:5f:9d:03:d3:09:
         59:14:bc:d2:47:d5:5f:18:88:46:7a:18:6d:07:f2:93:92:2c:
         9d:ca:90:9f:6a:c4:57:90:fe:2a:4d:7a:84:ea:c9:0f:cf:41:
         1d:6a:5e:16:0b:5b:ca:61:d0:54:1b:27:4c:e4:64:e6:26:ce:
         de:fe:46:30:25:68:44:73:71:03:64:28:10:dd:ac:a9:ad:e9:
         82:87:ba:64:01:a2:51:cd:eb:3d:66:3a:90:0d:29:0e:a2:d8:
         96:e1:f3:90:56:1b:79:78:62:58:7f:85:3a:93:e4:97:e1:81:
         e6:03:d4:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWk9U7wswvUyHWw6fle7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjNmYzZmOTIwZDQwNzc3ZDRiMDY0YjE3YTMwN2NhMDZkYzgxZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq4zDZnSdfbEJqc7j9ebw2tMbUdh
0UF/D1/JrOyN0qwxyWTiLAYWYH+ntth3xQ1AaUnPJUn6pyg2k8s9wdzfy60rAR7M
7IFTNnFFpKxrKLWtP4/o1WLqnTy8jT+mSpoFFztjQORbPMkj+g5FuA6eOqSNJ0+X
j/aT7X3i0XUNi42+LX2sUFvqzSW4/n98V8VM3jkA7pNzu1FPEWs9UH0sMJGkZg5m
cHUwvaeLIB3VRO35UnipbNeCuSbFrO6uuYzc6p4iGhp/vYR2Snl/C6cE6BO/i2P6
Cak6Zas7n4cqev2RQzAqQJ5eQeP8qMs1cDotmBPho33oX5hqhqzEGEfVLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8/xvkg1Ad31LBksXowfKBtyB7AMB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEvanpfRy1TRFVCM2ZVc0dTeGVqQjhvRzNJSHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpfLMA0G
CSqGSIb3DQEBCwUAA4IBAQCI8VUjB78siIlAI9f4KFx4MIvXJ2P73oBT+cCQ2fdt
aBn9l69MSnb6DWtRkC7sgzeDEQCIzVEy/VsXrsaSYr8SApjdgd1T09clNdtvyLaE
duJYnXJ8xSAaWC0Y7kCZjeMGa7wUPvO98A58Fh8z2qfNJ05LSH8YUtKAbC3175oi
7e3oK6jilpTtRb9tX50D0wlZFLzSR9VfGIhGehhtB/KTkiydypCfasRXkP4qTXqE
6skPz0Edal4WC1vKYdBUGydM5GTmJs7e/kYwJWhEc3EDZCgQ3aypremCh7pkAaJR
zes9ZjqQDSkOotiW4fOQVht5eGJYf4U6k+SX4YHmA9Tm
-----END CERTIFICATE-----