Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8ec60b-9cc1-4e5e-9f2e-ae05ae1291f2/1/jF9QP8dapmk-x1lMxEKy9EqnwRg.roa
File:                     jF9QP8dapmk-x1lMxEKy9EqnwRg.roa (raw, json)
Hash identifier:          PPKwGmgmuVhxNou5iBo14mbx2YG6Eduu+5Q+M3+GLCE=
Subject key identifier:   8C:5F:50:3F:C7:5A:A6:69:3E:C7:59:4C:C4:42:B2:F4:4A:A7:C1:18
Certificate issuer:       /CN=607d7b0e5fe6d69b4d797dec3d112c47b8a19224
Certificate serial:       018CC72767E1E9F770576B0A785A22972AAF
Authority key identifier: 60:7D:7B:0E:5F:E6:D6:9B:4D:79:7D:EC:3D:11:2C:47:B8:A1:92:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YH17Dl_m1ptNeX3sPREsR7ihkiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8ec60b-9cc1-4e5e-9f2e-ae05ae1291f2/1/jF9QP8dapmk-x1lMxEKy9EqnwRg.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51903
IP address blocks:        194.106.218.0/23 maxlen: 23
                          91.221.124.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8ec60b-9cc1-4e5e-9f2e-ae05ae1291f2/1/YH17Dl_m1ptNeX3sPREsR7ihkiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8ec60b-9cc1-4e5e-9f2e-ae05ae1291f2/1/YH17Dl_m1ptNeX3sPREsR7ihkiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YH17Dl_m1ptNeX3sPREsR7ihkiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:67:e1:e9:f7:70:57:6b:0a:78:5a:22:97:2a:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607d7b0e5fe6d69b4d797dec3d112c47b8a19224
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c5f503fc75aa6693ec7594cc442b2f44aa7c118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:94:10:27:56:d1:5b:0c:c0:28:f6:2e:1e:ac:
                    5a:46:81:c0:c4:a6:9d:d4:e1:fd:1d:0c:1c:ff:21:
                    81:a2:ca:2a:c4:79:ac:3f:7c:63:52:75:71:0c:8c:
                    06:fb:42:76:3d:65:21:f4:27:74:c4:88:c9:af:49:
                    11:eb:01:bd:4e:bb:25:35:59:75:0c:64:cf:cc:4b:
                    85:16:44:9f:ff:0c:40:58:e5:96:e0:60:c9:44:54:
                    c4:27:b4:28:e7:ea:2e:be:93:3c:f8:4f:cc:8e:f7:
                    8c:29:57:40:b1:5e:07:e0:6e:5c:c5:8c:ae:44:1f:
                    2b:17:eb:08:4c:7a:51:ab:17:01:bc:77:d6:1b:38:
                    60:6a:8b:fd:c2:82:74:b0:0f:ad:b2:9f:08:8f:cb:
                    e8:1d:1f:d8:c7:82:b4:c9:9c:bd:e3:cc:c2:2c:73:
                    c0:ce:0a:29:0c:c8:e4:56:07:a3:bb:54:e6:3c:fb:
                    a5:03:91:1e:c9:dc:3a:d8:6a:aa:36:5c:93:ad:4f:
                    4f:39:64:7c:a3:f7:21:7e:76:e4:d3:68:85:61:20:
                    25:da:38:4c:51:ec:65:54:6d:1f:17:4e:3c:b7:4d:
                    f3:ba:b6:0e:c0:b7:88:7b:57:33:c9:83:20:6d:18:
                    c2:31:57:b1:e7:69:5a:1c:17:a0:22:85:10:57:cc:
                    e8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:5F:50:3F:C7:5A:A6:69:3E:C7:59:4C:C4:42:B2:F4:4A:A7:C1:18
            X509v3 Authority Key Identifier:
                keyid:60:7D:7B:0E:5F:E6:D6:9B:4D:79:7D:EC:3D:11:2C:47:B8:A1:92:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YH17Dl_m1ptNeX3sPREsR7ihkiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8ec60b-9cc1-4e5e-9f2e-ae05ae1291f2/1/jF9QP8dapmk-x1lMxEKy9EqnwRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8ec60b-9cc1-4e5e-9f2e-ae05ae1291f2/1/YH17Dl_m1ptNeX3sPREsR7ihkiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.124.0/23
                  194.106.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:fc:bf:5f:52:df:18:df:60:78:fc:fc:92:0d:b7:df:b4:3a:
         0e:6b:5f:f7:87:6d:ef:20:32:79:1d:6c:a2:19:2a:a7:cf:55:
         56:f4:1a:c8:3b:73:d0:ea:2e:ef:75:3c:91:2e:c7:4e:31:20:
         6a:70:97:49:9e:ca:d0:e5:d4:bf:67:b5:2f:dc:00:08:47:3a:
         cc:72:5a:8d:4f:07:b8:92:85:c1:75:ac:a7:c4:41:91:39:2c:
         df:8f:99:30:69:37:61:18:f2:9d:bd:ea:ba:ad:0b:7f:80:a6:
         6f:0d:ba:6f:08:41:14:df:49:04:95:d9:c7:18:23:35:95:5d:
         26:72:69:16:a5:43:30:06:68:79:cf:e8:0b:a4:db:fc:74:b0:
         0c:9d:d3:8d:f1:c5:75:c3:ff:f7:61:da:72:3e:6d:19:df:ba:
         63:51:f0:0e:41:25:7c:19:95:c3:18:13:b7:7b:6e:4e:64:96:
         3f:ae:cc:2c:cb:d0:af:25:6e:3e:d5:d5:e9:c1:85:e8:75:fe:
         45:8d:56:e2:5e:7a:fc:53:f0:a0:1d:a2:e9:0c:52:1e:56:49:
         dd:91:2d:76:55:cb:87:08:ea:ce:dd:50:65:8a:ae:b2:73:67:
         cd:e5:0b:7e:29:5f:e9:4f:99:c2:da:3e:f2:97:dd:0e:84:34:
         07:7e:f0:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ2fh6fdwV2sKeFoilyqvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2Q3YjBlNWZlNmQ2OWI0ZDc5N2RlYzNkMTEyYzQ3Yjhh
MTkyMjQwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzVmNTAzZmM3NWFhNjY5M2VjNzU5NGNjNDQyYjJmNDRhYTdjMTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJQQJ1bRWwzAKPYuHqxaRoHAxKad
1OH9HQwc/yGBosoqxHmsP3xjUnVxDIwG+0J2PWUh9Cd0xIjJr0kR6wG9TrslNVl1
DGTPzEuFFkSf/wxAWOWW4GDJRFTEJ7Qo5+ouvpM8+E/MjveMKVdAsV4H4G5cxYyu
RB8rF+sITHpRqxcBvHfWGzhgaov9woJ0sA+tsp8Ij8voHR/Yx4K0yZy948zCLHPA
zgopDMjkVgeju1TmPPulA5Eeydw62GqqNlyTrU9POWR8o/chfnbk02iFYSAl2jhM
UexlVG0fF048t03zurYOwLeIe1czyYMgbRjCMVex52laHBegIoUQV8zoYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIxfUD/HWqZpPsdZTMRCsvRKp8EYMB8GA1UdIwQY
MBaAFGB9ew5f5tabTXl97D0RLEe4oZIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUgxN0RsX20xcHROZVgzc1BSRXNSN2loa2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZWM2MGItOWNjMS00ZTVlLTlmMmUt
YWUwNWFlMTI5MWYyLzEvakY5UVA4ZGFwbWsteDFsTXhFS3k5RXFud1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZWM2MGItOWNjMS00ZTVlLTlmMmUtYWUwNWFlMTI5MWYy
LzEvWUgxN0RsX20xcHROZVgzc1BSRXNSN2loa2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW918AwQB
wmraMA0GCSqGSIb3DQEBCwUAA4IBAQBr/L9fUt8Y32B4/PySDbfftDoOa1/3h23v
IDJ5HWyiGSqnz1VW9BrIO3PQ6i7vdTyRLsdOMSBqcJdJnsrQ5dS/Z7Uv3AAIRzrM
clqNTwe4koXBdaynxEGROSzfj5kwaTdhGPKdveq6rQt/gKZvDbpvCEEU30kEldnH
GCM1lV0mcmkWpUMwBmh5z+gLpNv8dLAMndON8cV1w//3YdpyPm0Z37pjUfAOQSV8
GZXDGBO3e25OZJY/rswsy9CvJW4+1dXpwYXodf5FjVbiXnr8U/CgHaLpDFIeVknd
kS12VcuHCOrO3VBliq6yc2fN5Qt+KV/pT5nC2j7yl90OhDQHfvCK
-----END CERTIFICATE-----