Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/JTeBdfhvNNWyvYw_lgBQCNmyoDY.roa
File:                     JTeBdfhvNNWyvYw_lgBQCNmyoDY.roa (raw, json)
Hash identifier:          zNrLy5uajH39Ak68nFy4JN2TAmMGhlJcWGKCJGG88r4=
Subject key identifier:   25:37:81:75:F8:6F:34:D5:B2:BD:8C:3F:96:00:50:08:D9:B2:A0:36
Certificate issuer:       /CN=798e0da4f91007b224768acb4d131f12517d2b7a
Certificate serial:       018CC3B722A8EA6F3E306E74AB9F382F9683
Authority key identifier: 79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/JTeBdfhvNNWyvYw_lgBQCNmyoDY.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        91.202.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:22:a8:ea:6f:3e:30:6e:74:ab:9f:38:2f:96:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798e0da4f91007b224768acb4d131f12517d2b7a
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25378175f86f34d5b2bd8c3f96005008d9b2a036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:84:31:6e:aa:6c:85:00:e2:d0:2f:b9:56:9e:
                    b5:3f:b9:6e:06:c1:3e:be:8a:52:0c:46:f2:5c:11:
                    fa:d6:8b:d5:f3:be:a5:ba:3d:8e:ff:81:33:f4:77:
                    38:c0:4a:78:a0:76:37:39:9c:91:0c:d8:81:f9:b6:
                    03:c8:84:fe:c6:47:ee:fa:40:09:0f:f6:fb:6e:7d:
                    2a:89:55:37:97:1c:02:cc:ec:27:49:ec:ec:c5:76:
                    5c:ee:2a:99:55:04:05:cb:6c:14:c3:1a:95:86:21:
                    10:82:87:c1:4a:da:b5:f5:24:34:e8:cf:08:94:85:
                    c4:72:14:07:3d:a3:97:fe:e5:9e:7e:b3:1a:af:f8:
                    62:87:f7:63:77:66:18:bc:a9:1a:e0:85:c9:48:f2:
                    ad:e7:e9:7f:f1:94:dc:c6:b7:ac:e1:e2:16:07:fa:
                    56:fe:f5:04:a1:98:ee:49:59:05:48:b2:a7:88:be:
                    66:d7:f3:6f:1f:69:14:f6:d8:81:c1:94:e4:84:20:
                    a0:ee:fb:77:12:38:5a:5b:4b:2e:93:a8:10:59:ce:
                    a2:29:cf:e8:11:80:3e:67:61:fc:f6:54:06:24:bf:
                    48:7a:28:a7:81:bc:ce:1c:47:8b:a6:a3:fe:38:8a:
                    7d:51:d1:59:46:fe:fd:f7:d8:60:a7:ff:ff:66:c3:
                    26:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:37:81:75:F8:6F:34:D5:B2:BD:8C:3F:96:00:50:08:D9:B2:A0:36
            X509v3 Authority Key Identifier:
                keyid:79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/JTeBdfhvNNWyvYw_lgBQCNmyoDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:26:07:0d:9c:37:33:14:e8:d9:d2:aa:60:e7:6e:ee:81:15:
         bb:9f:70:c4:23:a4:31:e5:ee:52:2b:69:ce:fe:00:49:3f:88:
         70:35:51:1d:18:c4:9b:4c:35:6d:fc:50:6b:ad:9f:31:d8:96:
         33:3c:c7:4c:19:08:f5:f3:30:31:60:35:00:12:87:44:39:e7:
         04:98:33:84:ee:d8:30:f6:84:42:84:8e:14:34:95:5a:f8:f1:
         57:d8:dc:b0:08:a3:0a:c7:bd:15:76:19:f4:55:2a:02:92:ff:
         66:a5:c8:b4:98:6c:b6:e1:6e:82:8e:63:93:ac:29:d2:93:19:
         a9:ec:5d:31:21:4b:81:09:83:df:11:1e:ac:e3:bb:cf:81:29:
         bf:fc:05:91:7c:e1:2a:61:25:45:09:15:9e:65:96:83:91:fd:
         ed:26:0e:13:1b:c4:43:84:84:03:75:e9:9a:20:2d:8d:87:bf:
         6d:98:46:2f:56:77:c3:b0:0a:4a:72:91:84:ed:19:b5:59:c3:
         4e:ea:31:87:46:65:36:99:c4:20:cd:63:c5:1f:28:a8:63:00:
         89:80:d8:b9:6f:e2:70:10:e6:9a:92:a8:25:00:cc:07:9e:77:
         72:e8:b9:6b:e7:e8:d8:e6:42:ea:7a:49:0d:49:25:e2:e3:3d:
         a1:0b:1d:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyKo6m8+MG50q584L5aDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGUwZGE0ZjkxMDA3YjIyNDc2OGFjYjRkMTMxZjEyNTE3
ZDJiN2EwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTM3ODE3NWY4NmYzNGQ1YjJiZDhjM2Y5NjAwNTAwOGQ5YjJhMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloQxbqpshQDi0C+5Vp61P7luBsE+
vopSDEbyXBH61ovV876luj2O/4Ez9Hc4wEp4oHY3OZyRDNiB+bYDyIT+xkfu+kAJ
D/b7bn0qiVU3lxwCzOwnSezsxXZc7iqZVQQFy2wUwxqVhiEQgofBStq19SQ06M8I
lIXEchQHPaOX/uWefrMar/hih/djd2YYvKka4IXJSPKt5+l/8ZTcxres4eIWB/pW
/vUEoZjuSVkFSLKniL5m1/NvH2kU9tiBwZTkhCCg7vt3EjhaW0suk6gQWc6iKc/o
EYA+Z2H89lQGJL9IeiingbzOHEeLpqP+OIp9UdFZRv7999hgp///ZsMmWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCU3gXX4bzTVsr2MP5YAUAjZsqA2MB8GA1UdIwQY
MBaAFHmODaT5EAeyJHaKy00THxJRfSt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUt
NGZiNGVmOTFhODJmLzEvSlRlQmRmaHZOTld5dll3X2xnQlFDTm15b0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUtNGZiNGVmOTFhODJm
LzEvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8pnMA0G
CSqGSIb3DQEBCwUAA4IBAQAtJgcNnDczFOjZ0qpg527ugRW7n3DEI6Qx5e5SK2nO
/gBJP4hwNVEdGMSbTDVt/FBrrZ8x2JYzPMdMGQj18zAxYDUAEodEOecEmDOE7tgw
9oRChI4UNJVa+PFX2NywCKMKx70Vdhn0VSoCkv9mpci0mGy24W6CjmOTrCnSkxmp
7F0xIUuBCYPfER6s47vPgSm//AWRfOEqYSVFCRWeZZaDkf3tJg4TG8RDhIQDdema
IC2Nh79tmEYvVnfDsApKcpGE7Rm1WcNO6jGHRmU2mcQgzWPFHyioYwCJgNi5b+Jw
EOaakqglAMwHnndy6Llr5+jY5kLqekkNSSXi4z2hCx1T
-----END CERTIFICATE-----