Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/Jj-_xqiCKHtXyoyO7HWT99GVZmc.roa
File:                     Jj-_xqiCKHtXyoyO7HWT99GVZmc.roa (raw, json)
Hash identifier:          bVATiGFbfpsovuXFkgad1nJlcXwGk8iyLAIRnraTJUo=
Subject key identifier:   26:3F:BF:C6:A8:82:28:7B:57:CA:8C:8E:EC:75:93:F7:D1:95:66:67
Certificate issuer:       /CN=54ce2445a2e8874318bf249b73a654c990919ee0
Certificate serial:       018CC493493993E5E58DEA1941D1C16AA46B
Authority key identifier: 54:CE:24:45:A2:E8:87:43:18:BF:24:9B:73:A6:54:C9:90:91:9E:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VM4kRaLoh0MYvySbc6ZUyZCRnuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/Jj-_xqiCKHtXyoyO7HWT99GVZmc.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48154
IP address blocks:        94.125.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/VM4kRaLoh0MYvySbc6ZUyZCRnuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/VM4kRaLoh0MYvySbc6ZUyZCRnuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VM4kRaLoh0MYvySbc6ZUyZCRnuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:49:39:93:e5:e5:8d:ea:19:41:d1:c1:6a:a4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54ce2445a2e8874318bf249b73a654c990919ee0
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=263fbfc6a882287b57ca8c8eec7593f7d1956667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e2:bc:20:be:0d:3d:60:f5:8f:ff:2d:7f:80:
                    40:2e:39:71:e0:0e:5d:ff:2c:3e:79:78:60:ec:e6:
                    da:8d:86:3e:7c:00:d2:b1:fa:06:73:69:6f:32:a2:
                    67:7f:02:3b:a5:cc:ce:5d:3d:60:e3:e8:4c:ef:7e:
                    fc:36:b2:a8:5d:09:d8:51:03:8b:03:45:2a:af:19:
                    f7:33:5b:6a:a8:81:f8:8f:f5:4f:8b:46:a2:cf:b1:
                    c1:fb:f7:76:23:51:d2:22:6e:a8:f8:32:9e:e5:1a:
                    85:57:73:cf:30:30:60:4a:5b:d9:aa:b2:8f:74:4d:
                    8f:5b:74:f6:51:44:93:fb:f6:8b:81:b5:b1:04:5b:
                    48:a9:29:1f:3e:d3:86:14:1c:07:00:b7:eb:8d:6c:
                    85:ba:52:50:aa:72:21:fd:47:b1:3b:5e:a9:6e:a2:
                    f5:6d:e5:b8:19:9b:6a:3c:c9:76:1d:22:76:ac:40:
                    be:90:92:5b:39:a3:86:07:df:a8:2e:bd:9c:e7:9e:
                    d8:93:2b:23:03:50:6a:0b:fb:06:50:9c:67:78:36:
                    d4:d6:66:49:48:6c:d2:d8:08:06:50:e8:ba:95:49:
                    41:97:b2:2a:98:d8:be:8f:89:8c:57:ef:3a:09:a2:
                    2c:03:84:ad:6b:f2:57:dd:5d:1f:60:09:0c:3c:54:
                    51:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:3F:BF:C6:A8:82:28:7B:57:CA:8C:8E:EC:75:93:F7:D1:95:66:67
            X509v3 Authority Key Identifier:
                keyid:54:CE:24:45:A2:E8:87:43:18:BF:24:9B:73:A6:54:C9:90:91:9E:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VM4kRaLoh0MYvySbc6ZUyZCRnuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/Jj-_xqiCKHtXyoyO7HWT99GVZmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/VM4kRaLoh0MYvySbc6ZUyZCRnuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         92:79:6c:38:25:bc:32:9b:06:be:bb:95:2e:2f:2a:8e:96:84:
         5e:d3:82:2e:db:21:6b:79:f3:70:db:fc:37:b0:4d:22:5d:60:
         49:af:28:c7:b7:d2:69:e1:4b:34:28:e5:4e:e5:db:75:f0:1e:
         b8:97:12:01:e2:ab:db:6d:e2:9b:d7:da:f8:52:e1:83:e0:c9:
         6e:46:45:00:41:6d:8f:06:a6:c2:2b:16:c3:59:7a:aa:ed:57:
         f5:18:0c:60:bf:52:33:45:d1:08:a8:ee:ac:41:c8:77:b0:50:
         ec:6e:33:23:c8:07:6b:c3:f7:c6:83:b8:18:cd:f1:f1:72:14:
         67:62:92:38:86:9a:4c:1c:fb:aa:81:7c:1b:67:18:9c:8e:43:
         a8:ed:66:04:8c:c6:32:83:e1:8a:43:ea:71:b0:e3:d9:b1:39:
         b5:bc:b4:1e:01:6f:f0:27:ea:21:94:83:f4:50:fe:52:6d:ce:
         18:e5:5d:23:9f:4c:b6:9b:ec:56:79:e0:de:ef:ce:d3:d8:44:
         d9:df:7e:7e:07:49:f5:5b:d3:a6:db:cf:19:94:1d:d7:a2:29:
         fb:f5:cf:46:96:09:74:75:5a:a4:7c:5f:98:c2:82:61:a1:97:
         a2:1c:21:65:dd:22:5a:a3:e7:5a:f2:f8:79:5a:f5:a6:45:b5:
         65:e8:fb:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0k5k+XljeoZQdHBaqRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2UyNDQ1YTJlODg3NDMxOGJmMjQ5YjczYTY1NGM5OTA5
MTllZTAwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjNmYmZjNmE4ODIyODdiNTdjYThjOGVlYzc1OTNmN2QxOTU2NjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOK8IL4NPWD1j/8tf4BALjlx4A5d
/yw+eXhg7ObajYY+fADSsfoGc2lvMqJnfwI7pczOXT1g4+hM7378NrKoXQnYUQOL
A0Uqrxn3M1tqqIH4j/VPi0aiz7HB+/d2I1HSIm6o+DKe5RqFV3PPMDBgSlvZqrKP
dE2PW3T2UUST+/aLgbWxBFtIqSkfPtOGFBwHALfrjWyFulJQqnIh/UexO16pbqL1
beW4GZtqPMl2HSJ2rEC+kJJbOaOGB9+oLr2c557YkysjA1BqC/sGUJxneDbU1mZJ
SGzS2AgGUOi6lUlBl7IqmNi+j4mMV+86CaIsA4Sta/JX3V0fYAkMPFRRhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCY/v8aogih7V8qMjux1k/fRlWZnMB8GA1UdIwQY
MBaAFFTOJEWi6IdDGL8km3OmVMmQkZ7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk00a1JhTG9oME1ZdnlTYmM2WlV5WkNSbnVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iZDc3ODAtZWI1My00YzFkLWFjY2Ut
Y2ZlN2UzZjlmOTJkLzEvSmotX3hxaUNLSHRYeW95TzdIV1Q5OUdWWm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iZDc3ODAtZWI1My00YzFkLWFjY2UtY2ZlN2UzZjlmOTJk
LzEvVk00a1JhTG9oME1ZdnlTYmM2WlV5WkNSbnVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXn2YMA0G
CSqGSIb3DQEBCwUAA4IBAQCSeWw4Jbwymwa+u5UuLyqOloRe04Iu2yFrefNw2/w3
sE0iXWBJryjHt9Jp4Us0KOVO5dt18B64lxIB4qvbbeKb19r4UuGD4MluRkUAQW2P
BqbCKxbDWXqq7Vf1GAxgv1IzRdEIqO6sQch3sFDsbjMjyAdrw/fGg7gYzfHxchRn
YpI4hppMHPuqgXwbZxicjkOo7WYEjMYyg+GKQ+pxsOPZsTm1vLQeAW/wJ+ohlIP0
UP5Sbc4Y5V0jn0y2m+xWeeDe787T2ETZ335+B0n1W9Om288ZlB3Xoin79c9Glgl0
dVqkfF+YwoJhoZeiHCFl3SJao+da8vh5WvWmRbVl6PtD
-----END CERTIFICATE-----