Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/JjXf-5KtW7by5IR3EL2k62x77vI.roa
File:                     JjXf-5KtW7by5IR3EL2k62x77vI.roa (raw, json)
Hash identifier:          H91zW69bCmFl2EVi8MPcopjPKV2CFAjrVW7uCxbF5UE=
Subject key identifier:   26:35:DF:FB:92:AD:5B:B6:F2:E4:84:77:10:BD:A4:EB:6C:7B:EE:F2
Certificate issuer:       /CN=e6f1dedaf4dbda60da990d685650e68c888c6100
Certificate serial:       018CCA2A51B3A3A6E6787637E07C6D2AE12C
Authority key identifier: E6:F1:DE:DA:F4:DB:DA:60:DA:99:0D:68:56:50:E6:8C:88:8C:61:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5vHe2vTb2mDamQ1oVlDmjIiMYQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/JjXf-5KtW7by5IR3EL2k62x77vI.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199967
IP address blocks:        185.230.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/5vHe2vTb2mDamQ1oVlDmjIiMYQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/5vHe2vTb2mDamQ1oVlDmjIiMYQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5vHe2vTb2mDamQ1oVlDmjIiMYQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:51:b3:a3:a6:e6:78:76:37:e0:7c:6d:2a:e1:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6f1dedaf4dbda60da990d685650e68c888c6100
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2635dffb92ad5bb6f2e4847710bda4eb6c7beef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:77:e2:20:35:2e:7d:8b:a0:8f:18:62:1f:a0:
                    04:c3:68:ac:3c:5b:84:67:80:99:ef:ea:67:4c:81:
                    41:ca:f7:dd:30:df:3c:1e:b9:2b:89:df:90:bc:27:
                    61:23:cb:62:1c:66:29:26:6f:95:56:76:14:d5:91:
                    31:4d:58:2c:cd:a2:0a:32:8a:58:43:5f:81:4b:00:
                    dc:fd:03:eb:37:06:71:51:e4:ca:35:eb:b4:34:64:
                    5a:76:27:7c:62:a9:00:0e:dc:b5:fb:ad:89:f5:61:
                    b5:aa:5b:ed:46:34:33:92:45:94:68:1a:64:3b:2e:
                    20:42:eb:e0:bc:87:5b:d4:1d:c9:6e:a3:6c:0f:75:
                    1e:a8:a4:a4:2c:5c:00:0d:8c:a1:73:b9:5e:83:9b:
                    fd:99:30:83:35:46:2c:51:86:1f:8c:7a:49:b6:47:
                    c4:6e:13:c1:a3:94:6e:6b:01:e4:26:dd:78:af:a2:
                    82:b7:3a:f1:c8:5d:14:dc:53:dc:31:f0:15:82:89:
                    7e:e6:da:60:b4:37:ce:e3:f2:b0:6b:a8:8d:f0:4b:
                    1a:61:61:80:79:22:53:c2:7d:59:80:48:26:3f:fb:
                    24:ba:7e:85:71:c0:02:b1:e3:64:c3:61:78:69:18:
                    d7:2a:23:55:4d:5b:4c:f8:2b:7a:4f:34:e3:ef:2d:
                    80:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:35:DF:FB:92:AD:5B:B6:F2:E4:84:77:10:BD:A4:EB:6C:7B:EE:F2
            X509v3 Authority Key Identifier:
                keyid:E6:F1:DE:DA:F4:DB:DA:60:DA:99:0D:68:56:50:E6:8C:88:8C:61:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5vHe2vTb2mDamQ1oVlDmjIiMYQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/JjXf-5KtW7by5IR3EL2k62x77vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/5vHe2vTb2mDamQ1oVlDmjIiMYQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b8:a2:f8:fe:1c:c8:47:7d:16:01:f2:f6:d6:57:5d:53:b4:
         3a:2c:1e:2f:69:4b:ee:0c:79:d0:bc:45:40:f8:e1:bc:a0:37:
         4d:0d:94:56:b5:1a:fa:1b:b3:b9:3b:fa:40:92:8d:07:b6:5d:
         ae:f0:d0:ec:ab:50:a3:93:27:4e:d0:a1:54:fa:3c:19:fc:f0:
         96:53:f0:dc:9a:c0:8d:c9:00:d9:6f:5f:fe:34:80:03:87:b9:
         c3:94:e9:a1:76:5b:8e:7a:58:db:05:9f:e5:50:c0:ac:56:3e:
         74:64:a6:04:d0:10:93:89:6b:fd:4c:23:80:44:f5:95:46:70:
         f7:13:a9:1a:f9:f1:ae:8a:ae:6a:81:1d:01:20:f1:d7:a6:e4:
         f1:4c:77:02:30:a2:c6:bd:63:c9:cd:f5:9e:38:48:01:90:b0:
         af:86:a4:12:66:49:8d:85:41:7e:49:5d:e0:1d:2c:ae:80:1c:
         52:ab:de:80:0b:d4:ff:c3:44:ce:c3:12:94:4b:57:4e:64:8c:
         b3:93:36:f5:ec:ce:85:28:01:e3:e2:92:07:93:b0:61:f0:10:
         da:25:20:50:52:59:7c:68:24:7a:75:16:63:2a:af:1b:4e:f5:
         3c:50:14:b8:b3:66:39:66:25:93:d5:ac:70:01:dd:7e:2d:8a:
         61:5d:eb:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlGzo6bmeHY34HxtKuEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZjFkZWRhZjRkYmRhNjBkYTk5MGQ2ODU2NTBlNjhjODg4
YzYxMDAwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjM1ZGZmYjkyYWQ1YmI2ZjJlNDg0NzcxMGJkYTRlYjZjN2JlZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnfiIDUufYugjxhiH6AEw2isPFuE
Z4CZ7+pnTIFByvfdMN88Hrkrid+QvCdhI8tiHGYpJm+VVnYU1ZExTVgszaIKMopY
Q1+BSwDc/QPrNwZxUeTKNeu0NGRadid8YqkADty1+62J9WG1qlvtRjQzkkWUaBpk
Oy4gQuvgvIdb1B3JbqNsD3UeqKSkLFwADYyhc7leg5v9mTCDNUYsUYYfjHpJtkfE
bhPBo5RuawHkJt14r6KCtzrxyF0U3FPcMfAVgol+5tpgtDfO4/Kwa6iN8EsaYWGA
eSJTwn1ZgEgmP/skun6FccACseNkw2F4aRjXKiNVTVtM+Ct6TzTj7y2ALQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCY13/uSrVu28uSEdxC9pOtse+7yMB8GA1UdIwQY
MBaAFObx3tr029pg2pkNaFZQ5oyIjGEAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXZIZTJ2VGIybURhbVExb1ZsRG1qSWlNWVFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8yM2JhNDYtZmM3YS00Yjk3LThiNGYt
MjMxNjU3ODI5ZWY1LzEvSmpYZi01S3RXN2J5NUlSM0VMMms2Mng3N3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8yM2JhNDYtZmM3YS00Yjk3LThiNGYtMjMxNjU3ODI5ZWY1
LzEvNXZIZTJ2VGIybURhbVExb1ZsRG1qSWlNWVFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueblMA0G
CSqGSIb3DQEBCwUAA4IBAQA+uKL4/hzIR30WAfL21lddU7Q6LB4vaUvuDHnQvEVA
+OG8oDdNDZRWtRr6G7O5O/pAko0Htl2u8NDsq1CjkydO0KFU+jwZ/PCWU/DcmsCN
yQDZb1/+NIADh7nDlOmhdluOeljbBZ/lUMCsVj50ZKYE0BCTiWv9TCOARPWVRnD3
E6ka+fGuiq5qgR0BIPHXpuTxTHcCMKLGvWPJzfWeOEgBkLCvhqQSZkmNhUF+SV3g
HSyugBxSq96AC9T/w0TOwxKUS1dOZIyzkzb17M6FKAHj4pIHk7Bh8BDaJSBQUll8
aCR6dRZjKq8bTvU8UBS4s2Y5ZiWT1axwAd1+LYphXetz
-----END CERTIFICATE-----