Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/ju985g_jIMqt1doMGJ2Ar9Z0M8Y.roa
File:                     ju985g_jIMqt1doMGJ2Ar9Z0M8Y.roa (raw, json)
Hash identifier:          gnXDckIQsBWJd8xh8LNUW7NHZxcjqV1h72lNdUJI9Cc=
Subject key identifier:   8E:EF:7C:E6:0F:E3:20:CA:AD:D5:DA:0C:18:9D:80:AF:D6:74:33:C6
Certificate issuer:       /CN=e1b509672b9d998b4649cc376a829879e6feaca7
Certificate serial:       018EAB64CF3881B21D3899E0A52B9696BB91
Authority key identifier: E1:B5:09:67:2B:9D:99:8B:46:49:CC:37:6A:82:98:79:E6:FE:AC:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4bUJZyudmYtGScw3aoKYeeb-rKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/ju985g_jIMqt1doMGJ2Ar9Z0M8Y.roa
Signing time:             Thu 04 Apr 2024 23:14:54 +0000
ROA not before:           Thu 04 Apr 2024 23:14:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210748
IP address blocks:        193.163.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/4bUJZyudmYtGScw3aoKYeeb-rKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/4bUJZyudmYtGScw3aoKYeeb-rKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4bUJZyudmYtGScw3aoKYeeb-rKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ab:64:cf:38:81:b2:1d:38:99:e0:a5:2b:96:96:bb:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1b509672b9d998b4649cc376a829879e6feaca7
        Validity
            Not Before: Apr  4 23:14:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eef7ce60fe320caadd5da0c189d80afd67433c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b4:9d:7f:f1:14:36:69:6c:2e:4b:43:d9:d6:
                    cb:77:05:f4:2a:cf:54:ca:5b:1a:0e:9a:81:d1:a4:
                    0e:77:d7:1f:82:48:ae:96:c7:6e:09:d4:40:a4:bb:
                    a6:35:10:16:61:c1:32:09:a6:59:e3:f4:73:c9:55:
                    69:5d:01:b4:71:d3:50:38:dc:68:4d:18:d9:3b:06:
                    d5:86:ad:ae:ea:ff:49:9c:51:93:9f:d4:e1:c1:b7:
                    72:d1:75:fb:4d:29:24:ad:cd:cf:f6:60:cd:a3:1a:
                    b7:c4:3b:30:49:fa:3e:53:df:4c:53:ec:01:5f:8a:
                    2f:c9:fb:66:b6:e3:ca:2d:d2:37:da:89:f6:f9:77:
                    84:ee:23:32:df:ae:72:ce:53:51:ea:52:8c:5e:3d:
                    fb:f4:cc:2c:d0:42:42:44:84:67:49:f2:e1:6f:22:
                    b7:62:f5:20:9b:ba:53:0e:b8:08:59:e0:a2:c9:9b:
                    58:f3:e0:79:97:17:18:b7:e6:ec:9f:e2:dd:10:52:
                    ed:47:13:90:49:77:fe:01:bf:42:8b:08:14:f1:45:
                    0a:2b:1e:6b:b6:1a:f9:42:a6:4a:ae:d9:51:76:d4:
                    b9:e1:93:03:6b:19:4c:d3:48:84:e3:e8:d7:f4:99:
                    9f:60:c8:cc:62:07:d5:7f:fc:f6:6f:13:b4:36:7d:
                    71:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:EF:7C:E6:0F:E3:20:CA:AD:D5:DA:0C:18:9D:80:AF:D6:74:33:C6
            X509v3 Authority Key Identifier:
                keyid:E1:B5:09:67:2B:9D:99:8B:46:49:CC:37:6A:82:98:79:E6:FE:AC:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4bUJZyudmYtGScw3aoKYeeb-rKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/ju985g_jIMqt1doMGJ2Ar9Z0M8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/4bUJZyudmYtGScw3aoKYeeb-rKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:a9:80:10:55:dd:59:81:1b:75:c5:c7:5e:c9:8a:c1:c6:fa:
         da:7a:78:93:45:f0:9f:24:f5:32:aa:d4:cf:59:21:53:3f:22:
         92:61:78:f9:e7:85:8d:14:cb:3e:27:e7:c6:ac:14:dc:02:69:
         16:d2:aa:24:9e:6d:e8:ff:66:b8:27:38:a6:c4:4d:04:ac:a0:
         bd:d3:97:ab:e9:5c:61:6a:57:6a:68:f5:2e:2d:15:51:da:03:
         c8:a2:db:2c:80:c1:8a:89:61:1b:5e:62:99:c8:f8:15:a0:62:
         4b:fe:bf:4e:35:0e:fb:62:0b:6e:3e:de:27:dc:9e:2c:9d:9f:
         f4:f7:d8:ff:ea:c3:1c:3c:55:86:eb:95:97:43:56:23:37:81:
         92:10:c7:2c:ed:48:2d:de:b6:1c:8e:18:3a:2f:61:0f:7c:00:
         59:0d:a8:82:e5:42:95:ab:ee:fa:16:7e:de:eb:6d:2e:d7:c0:
         68:f2:a6:fb:27:62:a9:51:d2:25:50:60:e6:65:81:c0:f2:19:
         b0:1d:77:18:a9:96:1e:2f:dd:b3:3a:98:33:15:a0:8f:bd:fe:
         97:c7:ce:dd:0f:d6:b2:5e:c8:a2:39:81:63:d9:81:d7:25:b4:
         f4:bf:9f:f9:e9:30:1c:9c:69:d4:96:95:b3:50:0b:4c:56:e9:
         a6:f1:e8:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6rZM84gbIdOJngpSuWlruRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYjUwOTY3MmI5ZDk5OGI0NjQ5Y2MzNzZhODI5ODc5ZTZm
ZWFjYTcwHhcNMjQwNDA0MjMxNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWVmN2NlNjBmZTMyMGNhYWRkNWRhMGMxODlkODBhZmQ2NzQzM2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrSdf/EUNmlsLktD2dbLdwX0Ks9U
ylsaDpqB0aQOd9cfgkiulsduCdRApLumNRAWYcEyCaZZ4/RzyVVpXQG0cdNQONxo
TRjZOwbVhq2u6v9JnFGTn9Thwbdy0XX7TSkkrc3P9mDNoxq3xDswSfo+U99MU+wB
X4ovyftmtuPKLdI32on2+XeE7iMy365yzlNR6lKMXj379Mws0EJCRIRnSfLhbyK3
YvUgm7pTDrgIWeCiyZtY8+B5lxcYt+bsn+LdEFLtRxOQSXf+Ab9CiwgU8UUKKx5r
thr5QqZKrtlRdtS54ZMDaxlM00iE4+jX9JmfYMjMYgfVf/z2bxO0Nn1xbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7vfOYP4yDKrdXaDBidgK/WdDPGMB8GA1UdIwQY
MBaAFOG1CWcrnZmLRknMN2qCmHnm/qynMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGJVSlp5dWRtWXRHU2N3M2FvS1llZWItcktjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81NDZhNTUtZGRhYS00MzQxLWI4Zjkt
M2VjNTIyNzcxZjQwLzEvanU5ODVnX2pJTXF0MWRvTUdKMkFyOVowTThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81NDZhNTUtZGRhYS00MzQxLWI4ZjktM2VjNTIyNzcxZjQw
LzEvNGJVSlp5dWRtWXRHU2N3M2FvS1llZWItcktjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaNbMA0G
CSqGSIb3DQEBCwUAA4IBAQCQqYAQVd1ZgRt1xcdeyYrBxvraeniTRfCfJPUyqtTP
WSFTPyKSYXj554WNFMs+J+fGrBTcAmkW0qoknm3o/2a4JzimxE0ErKC905er6Vxh
aldqaPUuLRVR2gPIotssgMGKiWEbXmKZyPgVoGJL/r9ONQ77YgtuPt4n3J4snZ/0
99j/6sMcPFWG65WXQ1YjN4GSEMcs7Ugt3rYcjhg6L2EPfABZDaiC5UKVq+76Fn7e
620u18Bo8qb7J2KpUdIlUGDmZYHA8hmwHXcYqZYeL92zOpgzFaCPvf6Xx87dD9ay
XsiiOYFj2YHXJbT0v5/56TAcnGnUlpWzUAtMVumm8ejj
-----END CERTIFICATE-----