Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/JcbaDNKk7OpkpiTSgJjReuTBxWg.roa
File:                     JcbaDNKk7OpkpiTSgJjReuTBxWg.roa (raw, json)
Hash identifier:          l4noWVcfQGZVW/9T+x3Ye3u8kFJNrrLHf8y5QiFA5w8=
Subject key identifier:   25:C6:DA:0C:D2:A4:EC:EA:64:A6:24:D2:80:98:D1:7A:E4:C1:C5:68
Certificate issuer:       /CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
Certificate serial:       018DB0BCD59630555238C77B57AE8EF6AFF5
Authority key identifier: 55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/JcbaDNKk7OpkpiTSgJjReuTBxWg.roa
Signing time:             Fri 16 Feb 2024 07:06:21 +0000
ROA not before:           Fri 16 Feb 2024 07:06:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60246
IP address blocks:        151.0.48.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b0:bc:d5:96:30:55:52:38:c7:7b:57:ae:8e:f6:af:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
        Validity
            Not Before: Feb 16 07:06:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25c6da0cd2a4ecea64a624d28098d17ae4c1c568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b0:b9:97:d2:a5:c1:cf:14:6a:ac:83:9a:01:
                    54:b8:55:78:82:e2:ff:86:f3:25:ec:b5:e9:4a:45:
                    ce:bd:44:ca:0a:51:a8:a7:9d:cb:2b:4c:7a:62:60:
                    e4:7d:6f:7d:d9:1c:3d:61:08:57:b2:e1:8c:83:0c:
                    92:04:62:ad:72:3d:c7:b0:b4:42:4c:8d:44:f0:7f:
                    3d:8c:be:11:2f:54:1c:49:2b:f9:7d:76:97:2b:7c:
                    99:d6:b6:d3:8d:99:88:c3:9a:39:31:58:fd:88:bd:
                    e5:ce:8b:ba:c9:3b:29:9d:06:38:af:d8:3c:5d:24:
                    f7:85:c0:b9:10:4f:32:cf:0e:ed:50:d9:bb:e9:a0:
                    1c:1b:25:e2:81:b8:eb:e9:ac:8f:54:24:1c:9c:42:
                    2c:68:9f:52:c2:05:67:4d:a2:e5:e0:df:df:b2:7c:
                    ee:f9:2d:90:31:13:0a:87:6a:9a:f0:f0:36:c7:7a:
                    f6:1d:57:d9:c3:31:7a:ce:84:cd:ed:4b:09:d8:47:
                    c1:e2:85:4c:73:0c:e1:40:63:e5:e3:63:59:17:d7:
                    de:77:94:59:5e:49:d2:d5:47:09:be:2b:53:8f:b6:
                    3f:0c:0a:67:23:91:fa:21:87:d0:05:97:9d:39:9c:
                    8f:de:9b:e1:c5:99:fc:24:05:bd:39:dc:4c:8b:d3:
                    cf:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:C6:DA:0C:D2:A4:EC:EA:64:A6:24:D2:80:98:D1:7A:E4:C1:C5:68
            X509v3 Authority Key Identifier:
                keyid:55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/JcbaDNKk7OpkpiTSgJjReuTBxWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.0.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:fc:8d:1d:c3:be:3d:70:fd:55:e5:46:83:58:6f:31:12:fc:
         6a:bf:a5:2a:2b:ad:63:9e:70:37:85:a4:cc:86:21:cc:0d:35:
         49:ad:ef:97:56:da:d2:2f:ca:cd:47:a9:7e:db:71:6c:ce:f6:
         32:70:f4:e3:35:34:a1:a4:79:cc:36:35:3f:58:83:18:f7:e6:
         a7:78:23:32:da:9c:7e:b6:a9:b9:1d:0e:9d:92:1d:92:03:d4:
         3e:9d:b0:bd:07:21:91:45:42:49:0c:b6:92:76:4c:41:24:07:
         25:0b:bf:65:c7:e8:e3:29:5a:4e:78:e4:c1:c7:ca:d2:41:37:
         46:77:a2:8e:ba:c0:66:0e:0a:7b:f5:29:c4:ea:bf:a0:92:92:
         67:85:23:c5:65:40:a7:59:f2:ba:f6:cc:c9:c8:48:1a:63:eb:
         e5:c3:c0:ab:60:04:34:78:0b:c3:ee:9d:eb:81:e9:90:d7:5b:
         f5:ea:94:78:0f:fb:aa:2d:74:ea:09:13:f4:d4:90:82:04:4a:
         0a:5f:07:48:c6:83:87:c3:5c:6d:d4:bd:21:53:13:1b:73:05:
         26:cc:08:f0:45:9c:a3:46:44:07:d2:cc:cb:ae:17:b0:d9:55:
         db:97:0a:6e:21:b3:58:e8:bb:0b:c5:4a:84:54:81:04:ac:39:
         3a:c2:7c:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2wvNWWMFVSOMd7V66O9q/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NmE1ZmEwZGNmYjM0NDMzZjliODYwZDk1ZTJjNDQyNTQ3
YzVmOWMwHhcNMjQwMjE2MDcwNjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWM2ZGEwY2QyYTRlY2VhNjRhNjI0ZDI4MDk4ZDE3YWU0YzFjNTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7C5l9Klwc8UaqyDmgFUuFV4guL/
hvMl7LXpSkXOvUTKClGop53LK0x6YmDkfW992Rw9YQhXsuGMgwySBGKtcj3HsLRC
TI1E8H89jL4RL1QcSSv5fXaXK3yZ1rbTjZmIw5o5MVj9iL3lzou6yTspnQY4r9g8
XST3hcC5EE8yzw7tUNm76aAcGyXigbjr6ayPVCQcnEIsaJ9SwgVnTaLl4N/fsnzu
+S2QMRMKh2qa8PA2x3r2HVfZwzF6zoTN7UsJ2EfB4oVMcwzhQGPl42NZF9fed5RZ
XknS1UcJvitTj7Y/DApnI5H6IYfQBZedOZyP3pvhxZn8JAW9OdxMi9PP7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXG2gzSpOzqZKYk0oCY0XrkwcVoMB8GA1UdIwQY
MBaAFFVqX6Dc+zRDP5uGDZXixEJUfF+cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUt
MmZkYTRjMjczYTQ4LzEvSmNiYUROS2s3T3BrcGlUU2dKalJldVRCeFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUtMmZkYTRjMjczYTQ4
LzEvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClwAwMA0G
CSqGSIb3DQEBCwUAA4IBAQC9/I0dw749cP1V5UaDWG8xEvxqv6UqK61jnnA3haTM
hiHMDTVJre+XVtrSL8rNR6l+23FszvYycPTjNTShpHnMNjU/WIMY9+aneCMy2px+
tqm5HQ6dkh2SA9Q+nbC9ByGRRUJJDLaSdkxBJAclC79lx+jjKVpOeOTBx8rSQTdG
d6KOusBmDgp79SnE6r+gkpJnhSPFZUCnWfK69szJyEgaY+vlw8CrYAQ0eAvD7p3r
gemQ11v16pR4D/uqLXTqCRP01JCCBEoKXwdIxoOHw1xt1L0hUxMbcwUmzAjwRZyj
RkQH0szLrhew2VXblwpuIbNY6LsLxUqEVIEErDk6wnxU
-----END CERTIFICATE-----