Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/jpILug7ZtBwjRJREW-YPaIWszfw.roa
File:                     jpILug7ZtBwjRJREW-YPaIWszfw.roa (raw, json)
Hash identifier:          aehlEYly/QKDDzoal5yzNFQGpQXG4szvuNerrodQf6Y=
Subject key identifier:   8E:92:0B:BA:0E:D9:B4:1C:23:44:94:44:5B:E6:0F:68:85:AC:CD:FC
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01909B821ECDB45A704E0E83B09E5C666EAC
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/jpILug7ZtBwjRJREW-YPaIWszfw.roa
Signing time:             Wed 10 Jul 2024 07:18:34 +0000
ROA not before:           Wed 10 Jul 2024 07:18:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        178.239.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:82:1e:cd:b4:5a:70:4e:0e:83:b0:9e:5c:66:6e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jul 10 07:18:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e920bba0ed9b41c234494445be60f6885accdfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1a:9c:2d:69:95:5d:c5:3c:db:e0:c1:e7:17:
                    19:1f:40:20:3b:09:bf:54:08:8b:d4:08:f5:d1:1b:
                    04:46:17:54:e4:e0:c4:33:14:5d:ae:ae:ea:4a:76:
                    36:a8:5b:21:e1:95:c9:e0:70:a6:39:2d:e9:05:cb:
                    00:45:47:a9:f8:e4:53:b5:a8:67:4d:d1:9f:1e:5b:
                    73:a7:55:59:00:7c:ca:7e:9b:4e:cd:d2:09:c7:1f:
                    c2:15:db:52:97:49:c7:48:11:51:ba:6a:86:73:f9:
                    41:e3:3d:2b:16:cb:22:e2:ca:1f:d9:6e:43:e1:62:
                    97:bc:0b:b0:88:46:56:20:3c:f5:e3:30:e7:79:d7:
                    73:04:9e:81:37:11:d1:68:5f:39:e5:6a:91:eb:d7:
                    6c:eb:9a:07:cf:95:42:0c:2b:f5:6f:a9:76:b5:33:
                    01:b6:52:92:a8:3a:04:7b:d1:77:cb:be:00:d5:39:
                    bb:69:5c:db:2b:77:fb:31:c8:f2:d9:90:4a:b2:61:
                    98:47:f7:6b:2d:b9:b8:2c:de:a7:09:a3:c1:80:82:
                    c5:3a:00:f8:a7:35:8d:96:88:06:47:7c:01:7e:85:
                    b3:55:05:7a:69:d2:f9:f2:3f:b8:04:bb:44:a5:59:
                    de:20:cd:1e:b6:e6:9f:bb:eb:85:70:2d:09:98:95:
                    c8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:92:0B:BA:0E:D9:B4:1C:23:44:94:44:5B:E6:0F:68:85:AC:CD:FC
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/jpILug7ZtBwjRJREW-YPaIWszfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:07:f8:5e:64:f5:4a:36:37:ed:fd:8e:c1:82:11:ef:3b:90:
         be:d9:69:a7:de:50:0d:08:05:f8:9c:1e:aa:f5:61:ad:e5:4d:
         52:8f:7e:77:69:dc:80:ff:8e:72:3b:78:82:e2:31:fe:67:41:
         80:eb:2c:e8:9e:6e:50:9b:83:eb:c8:3d:02:30:da:3b:f3:a9:
         5a:bf:0f:21:39:0c:bd:be:d4:39:c4:bf:cb:15:10:93:5a:80:
         60:60:f2:30:4a:9f:b6:c0:13:7c:b2:44:f1:41:69:c2:a7:7a:
         55:07:ce:c7:16:27:26:88:c4:56:99:f1:a7:2f:2d:c0:a6:ad:
         52:a9:84:c2:06:2d:26:dd:d6:45:ba:c5:16:59:6d:2f:9a:61:
         c5:dd:b8:7b:c4:35:ee:b5:81:5a:8f:fa:af:c7:c6:82:57:e4:
         30:e1:8d:8e:49:4f:50:6a:76:bc:12:2f:f1:d9:a4:26:f0:5b:
         4e:46:a8:f6:be:4f:fd:00:5e:58:f0:69:eb:34:b6:0c:c1:7a:
         24:a4:de:b5:0b:23:d8:93:37:35:4d:36:5f:7f:ca:70:5e:8f:
         95:9c:9e:a6:be:1d:90:e2:89:72:de:20:52:11:b6:8c:3e:58:
         b2:cf:c9:e1:c8:49:64:c3:83:10:a4:e8:ed:81:ec:18:c9:3c:
         97:0f:80:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCbgh7NtFpwTg6DsJ5cZm6sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwNzEwMDcxODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTkyMGJiYTBlZDliNDFjMjM0NDk0NDQ1YmU2MGY2ODg1YWNjZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxqcLWmVXcU82+DB5xcZH0AgOwm/
VAiL1Aj10RsERhdU5ODEMxRdrq7qSnY2qFsh4ZXJ4HCmOS3pBcsARUep+ORTtahn
TdGfHltzp1VZAHzKfptOzdIJxx/CFdtSl0nHSBFRumqGc/lB4z0rFssi4sof2W5D
4WKXvAuwiEZWIDz14zDneddzBJ6BNxHRaF855WqR69ds65oHz5VCDCv1b6l2tTMB
tlKSqDoEe9F3y74A1Tm7aVzbK3f7Mcjy2ZBKsmGYR/drLbm4LN6nCaPBgILFOgD4
pzWNlogGR3wBfoWzVQV6adL58j+4BLtEpVneIM0etuafu+uFcC0JmJXI0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6SC7oO2bQcI0SURFvmD2iFrM38MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvanBJTHVnN1p0QndqUkpSRVctWVBhSVdzemZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsu8eMA0G
CSqGSIb3DQEBCwUAA4IBAQBMB/heZPVKNjft/Y7BghHvO5C+2Wmn3lANCAX4nB6q
9WGt5U1Sj353adyA/45yO3iC4jH+Z0GA6yzonm5Qm4PryD0CMNo786lavw8hOQy9
vtQ5xL/LFRCTWoBgYPIwSp+2wBN8skTxQWnCp3pVB87HFicmiMRWmfGnLy3Apq1S
qYTCBi0m3dZFusUWWW0vmmHF3bh7xDXutYFaj/qvx8aCV+Qw4Y2OSU9Qana8Ei/x
2aQm8FtORqj2vk/9AF5Y8GnrNLYMwXokpN61CyPYkzc1TTZff8pwXo+VnJ6mvh2Q
4oly3iBSEbaMPliyz8nhyElkw4MQpOjtgewYyTyXD4Aj
-----END CERTIFICATE-----