Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/jiTHIyiu9MA2YaunJKeuETOatlo.roa
File:                     jiTHIyiu9MA2YaunJKeuETOatlo.roa (raw, json)
Hash identifier:          hX4Rkg0k3A/QVDpSWvKv4RbN8A9JhGiryUqyO57S13A=
Subject key identifier:   8E:24:C7:23:28:AE:F4:C0:36:61:AB:A7:24:A7:AE:11:33:9A:B6:5A
Certificate issuer:       /CN=780f86d044a4a2a233319418aa8da9ad837c76ea
Certificate serial:       018F634DD92CDDFA63466EDBF8369C42CF83
Authority key identifier: 78:0F:86:D0:44:A4:A2:A2:33:31:94:18:AA:8D:A9:AD:83:7C:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eA-G0ESkoqIzMZQYqo2prYN8duo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/jiTHIyiu9MA2YaunJKeuETOatlo.roa
Signing time:             Fri 10 May 2024 16:19:57 +0000
ROA not before:           Fri 10 May 2024 16:19:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209591
IP address blocks:        141.98.124.0/22 maxlen: 24
                          2a10:2980::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/eA-G0ESkoqIzMZQYqo2prYN8duo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/eA-G0ESkoqIzMZQYqo2prYN8duo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eA-G0ESkoqIzMZQYqo2prYN8duo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:63:4d:d9:2c:dd:fa:63:46:6e:db:f8:36:9c:42:cf:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=780f86d044a4a2a233319418aa8da9ad837c76ea
        Validity
            Not Before: May 10 16:19:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e24c72328aef4c03661aba724a7ae11339ab65a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a4:0a:66:cf:08:42:1e:b4:ad:d5:39:b8:d2:
                    90:f8:d1:ff:9e:6d:a9:39:1f:cf:90:e2:3a:0f:92:
                    07:60:29:69:e7:c4:c2:e4:39:b7:09:b2:87:56:f0:
                    9e:5b:71:97:97:3e:f5:09:d7:66:f1:60:4c:68:f7:
                    f3:f0:39:eb:83:fd:1c:94:78:24:75:a5:9e:37:ea:
                    3a:32:36:87:b9:1e:eb:85:3e:12:dc:48:0d:1f:73:
                    6d:2a:74:0a:30:39:9f:72:cf:7c:64:cf:70:09:e7:
                    e4:d1:fb:6c:5c:87:1d:5d:3f:4d:a3:ae:e9:b7:67:
                    c0:73:27:85:af:81:b7:e5:43:13:e1:19:e0:18:2e:
                    57:a6:53:f4:cb:5a:8b:c0:4c:83:91:2d:17:36:54:
                    b4:7e:30:d9:49:8f:d9:9d:86:f4:31:65:1d:f2:f1:
                    10:83:64:b2:65:1f:a7:ba:a4:69:2f:45:40:3e:ae:
                    ae:ef:53:d5:f1:1d:3f:00:e5:01:40:b8:e7:a5:be:
                    c6:15:e6:41:a7:6f:64:8f:9d:42:0b:b2:75:3e:89:
                    7c:93:ad:21:d1:ca:fe:f4:59:08:33:63:d6:6c:b8:
                    94:e8:ce:7b:09:a5:cf:6d:15:69:cf:f2:6d:91:ac:
                    b7:41:a1:38:4c:09:86:2e:08:29:74:ca:c0:db:51:
                    57:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:24:C7:23:28:AE:F4:C0:36:61:AB:A7:24:A7:AE:11:33:9A:B6:5A
            X509v3 Authority Key Identifier:
                keyid:78:0F:86:D0:44:A4:A2:A2:33:31:94:18:AA:8D:A9:AD:83:7C:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eA-G0ESkoqIzMZQYqo2prYN8duo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/jiTHIyiu9MA2YaunJKeuETOatlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/eA-G0ESkoqIzMZQYqo2prYN8duo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.124.0/22
                IPv6:
                  2a10:2980::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:ad:2d:76:3b:02:78:f8:78:ce:bb:bd:42:e8:30:1c:98:dd:
         c5:fa:5e:1f:2a:c9:74:1e:06:c5:7f:c8:77:8e:b3:42:ab:02:
         e2:75:a1:52:ed:a0:25:3f:da:3f:20:2c:18:3e:a4:c0:f9:6b:
         00:60:79:40:4a:06:5a:0a:66:68:1d:43:98:f6:3d:ee:a1:2f:
         1a:23:d5:80:a7:ff:5c:9b:1b:18:06:ce:8e:63:de:ac:62:fa:
         81:ea:5a:5d:36:38:74:23:8b:d6:ea:ba:36:7b:66:0e:80:ba:
         f9:4c:e4:7f:e5:f8:08:f1:e1:2b:02:84:67:03:94:f4:bd:e3:
         53:92:3c:3a:0c:6a:da:95:e1:42:ce:e1:e9:55:21:5e:b9:67:
         57:37:85:85:c6:5b:68:3c:b4:22:ed:bb:9f:f7:b2:85:fe:dc:
         a7:a6:be:88:4a:73:36:e8:88:70:0e:db:47:5d:72:57:8c:be:
         5a:04:eb:5e:c5:bc:8e:ef:86:4c:d1:d8:0f:04:32:5b:3b:6d:
         ff:79:76:77:94:bc:44:fb:b2:6d:c6:7a:ef:d8:0c:36:c8:1c:
         7a:66:cf:dc:63:90:7d:bb:ed:c1:ad:1c:7a:e1:d6:87:6d:29:
         68:e4:3a:47:fa:d8:6f:df:53:f1:96:73:1f:05:a8:a3:9a:13:
         ed:8e:c1:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY9jTdks3fpjRm7b+DacQs+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MGY4NmQwNDRhNGEyYTIzMzMxOTQxOGFhOGRhOWFkODM3
Yzc2ZWEwHhcNMjQwNTEwMTYxOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTI0YzcyMzI4YWVmNGMwMzY2MWFiYTcyNGE3YWUxMTMzOWFiNjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6QKZs8IQh60rdU5uNKQ+NH/nm2p
OR/PkOI6D5IHYClp58TC5Dm3CbKHVvCeW3GXlz71Cddm8WBMaPfz8Dnrg/0clHgk
daWeN+o6MjaHuR7rhT4S3EgNH3NtKnQKMDmfcs98ZM9wCefk0ftsXIcdXT9No67p
t2fAcyeFr4G35UMT4RngGC5XplP0y1qLwEyDkS0XNlS0fjDZSY/ZnYb0MWUd8vEQ
g2SyZR+nuqRpL0VAPq6u71PV8R0/AOUBQLjnpb7GFeZBp29kj51CC7J1Pol8k60h
0cr+9FkIM2PWbLiU6M57CaXPbRVpz/Jtkay3QaE4TAmGLggpdMrA21FXlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI4kxyMorvTANmGrpySnrhEzmrZaMB8GA1UdIwQY
MBaAFHgPhtBEpKKiMzGUGKqNqa2DfHbqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUEtRzBFU2tvcUl6TVpRWXFvMnByWU44ZHVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wM2NjNGYtNjBjMi00NzVlLTllMDkt
NTI0ODAzZWUyOTQ5LzEvamlUSEl5aXU5TUEyWWF1bkpLZXVFVE9hdGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wM2NjNGYtNjBjMi00NzVlLTllMDktNTI0ODAzZWUyOTQ5
LzEvZUEtRzBFU2tvcUl6TVpRWXFvMnByWU44ZHVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCjWJ8MA0E
AgACMAcDBQMqECmAMA0GCSqGSIb3DQEBCwUAA4IBAQB0rS12OwJ4+HjOu71C6DAc
mN3F+l4fKsl0HgbFf8h3jrNCqwLidaFS7aAlP9o/ICwYPqTA+WsAYHlASgZaCmZo
HUOY9j3uoS8aI9WAp/9cmxsYBs6OY96sYvqB6lpdNjh0I4vW6ro2e2YOgLr5TOR/
5fgI8eErAoRnA5T0veNTkjw6DGraleFCzuHpVSFeuWdXN4WFxltoPLQi7buf97KF
/tynpr6ISnM26IhwDttHXXJXjL5aBOtexbyO74ZM0dgPBDJbO23/eXZ3lLxE+7Jt
xnrv2Aw2yBx6Zs/cY5B9u+3BrRx64daHbSlo5DpH+thv31PxlnMfBaijmhPtjsH9
-----END CERTIFICATE-----