Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/JPbYpVVvt6_OnKY20cBbuqGBbps.roa
File:                     JPbYpVVvt6_OnKY20cBbuqGBbps.roa (raw, json)
Hash identifier:          3w/GP5WBeX3WZHDJf98lrfnncx6C7+FNfPwTfQ1yMZE=
Subject key identifier:   24:F6:D8:A5:55:6F:B7:AF:CE:9C:A6:36:D1:C0:5B:BA:A1:81:6E:9B
Certificate issuer:       /CN=62efff88bf665ec86a9e356b79d06ba5940c383c
Certificate serial:       0190B875512882C309537D3F70A17801CBFF
Authority key identifier: 62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/JPbYpVVvt6_OnKY20cBbuqGBbps.roa
Signing time:             Mon 15 Jul 2024 22:13:34 +0000
ROA not before:           Mon 15 Jul 2024 22:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        141.193.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b8:75:51:28:82:c3:09:53:7d:3f:70:a1:78:01:cb:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62efff88bf665ec86a9e356b79d06ba5940c383c
        Validity
            Not Before: Jul 15 22:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24f6d8a5556fb7afce9ca636d1c05bbaa1816e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0e:b0:f7:e3:54:82:ee:2f:d5:f0:a1:55:f8:
                    b6:0a:c9:8b:af:0a:e8:3a:11:33:3f:f0:2b:d4:cf:
                    98:5c:df:e8:fd:21:fa:50:fc:8e:ee:e8:a4:f7:61:
                    a5:8b:1f:3b:c7:db:0e:b4:76:b3:70:9a:e5:eb:e4:
                    17:92:78:c0:ac:98:27:7c:e3:89:36:ca:bf:54:57:
                    93:bf:c8:f7:88:38:47:18:3d:95:43:a4:7f:b8:a9:
                    3f:f8:d3:74:a0:37:93:6c:48:68:11:cf:b9:2c:0c:
                    57:d1:ba:77:94:98:bc:c7:93:0a:06:aa:c0:65:0d:
                    6f:58:5a:b5:18:1f:a9:9c:29:54:dd:f7:65:b2:3c:
                    f3:fd:a9:ba:39:73:5b:67:84:60:5e:a5:77:b5:18:
                    fa:57:72:57:b1:5f:d9:64:c8:88:19:23:74:d3:a2:
                    9e:f0:fb:10:51:1e:38:8c:34:74:3b:df:06:a9:d0:
                    48:72:f4:2b:ec:be:5c:9e:7f:f8:aa:f9:5f:17:07:
                    50:df:ad:a9:6d:3f:6a:08:0b:45:92:48:31:78:7d:
                    88:41:f2:ad:1d:ee:b1:fc:3e:4c:59:85:78:f0:44:
                    4a:89:bf:b5:07:af:84:05:a9:66:91:c2:41:1d:63:
                    33:78:7f:96:dd:45:86:6f:80:9c:2e:aa:4f:90:f3:
                    4d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F6:D8:A5:55:6F:B7:AF:CE:9C:A6:36:D1:C0:5B:BA:A1:81:6E:9B
            X509v3 Authority Key Identifier:
                keyid:62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/JPbYpVVvt6_OnKY20cBbuqGBbps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.193.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:37:f8:b2:fa:4b:41:12:13:cf:d3:7d:a3:1a:37:ab:56:87:
         4a:da:86:f5:85:dd:27:93:91:93:8c:5f:ff:a2:ae:d8:e8:79:
         20:fe:75:85:50:4f:f6:02:70:ca:f2:72:7a:9e:11:9b:22:29:
         d5:1e:9b:0f:11:fc:9d:6c:1b:94:ca:bc:12:ff:ee:e1:72:a3:
         1c:95:be:3c:73:96:c7:f9:07:86:7e:d2:ef:4f:a0:86:c3:15:
         c9:84:03:f5:53:34:eb:e9:88:3d:c3:21:0d:59:9c:25:f5:b1:
         16:2d:4c:e9:ae:e4:bb:3e:fc:2a:0e:2c:3b:c6:01:16:0d:7b:
         f4:5b:4b:a1:3c:7f:30:ac:42:4a:85:11:e6:7b:a8:ad:b1:f8:
         a1:3a:af:11:94:1d:86:9c:3a:0a:0a:d2:d6:e6:65:ce:68:d9:
         79:3b:91:d3:48:14:27:70:7b:17:c5:09:c2:48:3f:75:fd:fb:
         3a:15:d6:96:76:10:c4:d0:31:8e:cb:a5:a7:10:4b:59:36:66:
         77:1e:ba:b9:c7:13:da:19:d7:91:32:60:4d:fa:bd:5e:b2:e6:
         dd:2e:fd:21:8c:cb:01:4d:d4:a9:a8:49:f7:d1:cb:6e:d1:b7:
         b8:87:b1:a3:18:29:fd:89:01:03:b5:c5:ee:d8:36:d1:b4:c0:
         4b:76:7b:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC4dVEogsMJU30/cKF4Acv/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZWZmZjg4YmY2NjVlYzg2YTllMzU2Yjc5ZDA2YmE1OTQw
YzM4M2MwHhcNMjQwNzE1MjIxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGY2ZDhhNTU1NmZiN2FmY2U5Y2E2MzZkMWMwNWJiYWExODE2ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAng6w9+NUgu4v1fChVfi2CsmLrwro
OhEzP/Ar1M+YXN/o/SH6UPyO7uik92Glix87x9sOtHazcJrl6+QXknjArJgnfOOJ
Nsq/VFeTv8j3iDhHGD2VQ6R/uKk/+NN0oDeTbEhoEc+5LAxX0bp3lJi8x5MKBqrA
ZQ1vWFq1GB+pnClU3fdlsjzz/am6OXNbZ4RgXqV3tRj6V3JXsV/ZZMiIGSN006Ke
8PsQUR44jDR0O98GqdBIcvQr7L5cnn/4qvlfFwdQ362pbT9qCAtFkkgxeH2IQfKt
He6x/D5MWYV48ERKib+1B6+EBalmkcJBHWMzeH+W3UWGb4CcLqpPkPNNwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCT22KVVb7evzpymNtHAW7qhgW6bMB8GA1UdIwQY
MBaAFGLv/4i/Zl7Iap41a3nQa6WUDDg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQt
MDQwNDA3YTI5MGQ5LzEvSlBiWXBWVnZ0Nl9PbktZMjBjQmJ1cUdCYnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQtMDQwNDA3YTI5MGQ5
LzEvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjcHkMA0G
CSqGSIb3DQEBCwUAA4IBAQA2N/iy+ktBEhPP032jGjerVodK2ob1hd0nk5GTjF//
oq7Y6Hkg/nWFUE/2AnDK8nJ6nhGbIinVHpsPEfydbBuUyrwS/+7hcqMclb48c5bH
+QeGftLvT6CGwxXJhAP1UzTr6Yg9wyENWZwl9bEWLUzpruS7PvwqDiw7xgEWDXv0
W0uhPH8wrEJKhRHme6itsfihOq8RlB2GnDoKCtLW5mXOaNl5O5HTSBQncHsXxQnC
SD91/fs6FdaWdhDE0DGOy6WnEEtZNmZ3Hrq5xxPaGdeRMmBN+r1esubdLv0hjMsB
TdSpqEn30ctu0be4h7GjGCn9iQEDtcXu2DbRtMBLdnsW
-----END CERTIFICATE-----