Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/jcFI-ekKZNozOosuJR1xcS_qQvg.roa
File:                     jcFI-ekKZNozOosuJR1xcS_qQvg.roa (raw, json)
Hash identifier:          yPbX1ca3a9UwTSyn4X8m//45U9nOfK/7NbBOJdx65qs=
Subject key identifier:   8D:C1:48:F9:E9:0A:64:DA:33:3A:8B:2E:25:1D:71:71:2F:EA:42:F8
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       019248B5860C6FC1957A836E2F1715AB03AC
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/jcFI-ekKZNozOosuJR1xcS_qQvg.roa
Signing time:             Tue 01 Oct 2024 15:31:48 +0000
ROA not before:           Tue 01 Oct 2024 15:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212982
IP address blocks:        146.19.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:b5:86:0c:6f:c1:95:7a:83:6e:2f:17:15:ab:03:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Oct  1 15:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dc148f9e90a64da333a8b2e251d71712fea42f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:23:2e:5d:f9:61:5c:61:47:70:1d:4f:38:78:
                    60:aa:54:94:07:7a:8c:b4:1c:de:35:4a:dd:30:cb:
                    de:9d:a1:1c:4d:dd:66:b3:e8:34:81:e0:15:97:55:
                    b9:1a:9b:a4:47:f6:64:e1:48:b8:ab:f3:03:38:58:
                    2d:fd:97:31:7e:0f:05:a3:1d:55:c6:22:8d:ac:27:
                    80:0e:64:ec:c4:e4:c6:26:4d:b0:1f:38:84:34:3f:
                    fe:32:f5:55:96:0f:9b:60:bd:db:90:92:f7:9a:a1:
                    9f:b1:8c:c0:cd:df:0a:0a:e7:f8:55:cb:f6:f0:d8:
                    77:71:e5:70:5d:46:62:ba:17:d3:91:f4:80:10:9c:
                    01:97:18:7e:ea:5c:ed:de:10:9d:6b:85:5f:5f:bd:
                    7c:a2:1c:3b:24:dd:43:44:28:90:ea:48:66:97:6c:
                    89:27:79:08:32:dc:12:04:9b:48:39:30:da:11:cc:
                    75:cd:4d:32:9e:72:b4:a3:d2:cf:ea:8d:6f:27:a8:
                    d3:95:22:b9:39:08:0b:62:34:47:7c:05:0f:7e:af:
                    dc:6a:94:bd:15:73:75:21:6d:ed:a6:00:de:05:90:
                    5d:29:04:39:19:2c:af:4b:1f:20:4d:fc:2f:52:6d:
                    5b:c8:91:99:c3:95:d4:94:a9:c9:ad:23:db:7d:81:
                    e9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:C1:48:F9:E9:0A:64:DA:33:3A:8B:2E:25:1D:71:71:2F:EA:42:F8
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/jcFI-ekKZNozOosuJR1xcS_qQvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:df:71:9a:d5:45:f8:fa:32:0e:8e:14:93:72:62:ea:4a:37:
         0a:a6:1a:ae:d0:ca:d3:43:c0:2f:41:b8:cc:a4:d3:e6:2a:ae:
         d6:6e:98:62:a9:3a:83:36:1c:99:b4:12:de:2a:8f:23:c4:08:
         63:a8:75:58:e6:22:eb:71:10:33:98:b7:4e:01:d4:e5:47:4a:
         2d:e9:f8:8c:35:30:c9:10:cf:04:57:96:d3:e7:03:9e:9e:9e:
         89:f1:2a:3d:0d:80:e2:5b:74:d7:1f:fa:7f:f3:b8:c3:43:36:
         33:1e:da:b6:97:c0:cf:dc:de:de:36:b6:9d:58:19:ca:af:be:
         ca:c4:51:91:d2:27:ad:7d:06:cf:9a:c6:76:5d:2f:af:a7:05:
         c3:d3:e9:89:50:b2:13:bc:2d:d6:ac:f9:21:cd:ea:66:bb:96:
         56:04:16:38:69:25:6a:22:ad:a0:fe:5b:e6:fc:6b:5e:3c:0e:
         8c:4c:ad:3e:07:20:13:43:54:bf:57:48:43:98:c6:d3:e0:27:
         4c:0f:a8:2d:79:7a:96:c8:88:08:48:d6:41:e0:b0:db:c4:e8:
         a5:29:64:23:d5:cb:1f:8a:e6:92:35:4f:13:b4:20:d8:ae:72:
         e0:64:52:63:71:3a:1d:a2:58:62:e9:9b:37:fa:06:7c:65:6c:
         52:29:58:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJItYYMb8GVeoNuLxcVqwOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjQxMDAxMTUzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGMxNDhmOWU5MGE2NGRhMzMzYThiMmUyNTFkNzE3MTJmZWE0MmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yMuXflhXGFHcB1POHhgqlSUB3qM
tBzeNUrdMMvenaEcTd1ms+g0geAVl1W5GpukR/Zk4Ui4q/MDOFgt/Zcxfg8Fox1V
xiKNrCeADmTsxOTGJk2wHziEND/+MvVVlg+bYL3bkJL3mqGfsYzAzd8KCuf4Vcv2
8Nh3ceVwXUZiuhfTkfSAEJwBlxh+6lzt3hCda4VfX718ohw7JN1DRCiQ6khml2yJ
J3kIMtwSBJtIOTDaEcx1zU0ynnK0o9LP6o1vJ6jTlSK5OQgLYjRHfAUPfq/capS9
FXN1IW3tpgDeBZBdKQQ5GSyvSx8gTfwvUm1byJGZw5XUlKnJrSPbfYHpKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3BSPnpCmTaMzqLLiUdcXEv6kL4MB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvamNGSS1la0taTm96T29zdUpSMXhjU19xUXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM7MA0G
CSqGSIb3DQEBCwUAA4IBAQB833Ga1UX4+jIOjhSTcmLqSjcKphqu0MrTQ8AvQbjM
pNPmKq7WbphiqTqDNhyZtBLeKo8jxAhjqHVY5iLrcRAzmLdOAdTlR0ot6fiMNTDJ
EM8EV5bT5wOenp6J8So9DYDiW3TXH/p/87jDQzYzHtq2l8DP3N7eNradWBnKr77K
xFGR0ietfQbPmsZ2XS+vpwXD0+mJULITvC3WrPkhzepmu5ZWBBY4aSVqIq2g/lvm
/GtePA6MTK0+ByATQ1S/V0hDmMbT4CdMD6gteXqWyIgISNZB4LDbxOilKWQj1csf
iuaSNU8TtCDYrnLgZFJjcTodolhi6Zs3+gZ8ZWxSKVjH
-----END CERTIFICATE-----