Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/CSCJJCXHe9x5vc15JZsa4Mnu8No.roa
File:                     CSCJJCXHe9x5vc15JZsa4Mnu8No.roa (raw, json)
Hash identifier:          Qa/Um9ahxQk5td97ADV0/ELBhfHLlD9tlrbHtVgmzMQ=
Subject key identifier:   09:20:89:24:25:C7:7B:DC:79:BD:CD:79:25:9B:1A:E0:C9:EE:F0:DA
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       018FE2EFA6940E02B6B66F2C497C0685EF19
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/CSCJJCXHe9x5vc15JZsa4Mnu8No.roa
Signing time:             Tue 04 Jun 2024 11:08:27 +0000
ROA not before:           Tue 04 Jun 2024 11:08:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        109.205.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:ef:a6:94:0e:02:b6:b6:6f:2c:49:7c:06:85:ef:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: Jun  4 11:08:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0920892425c77bdc79bdcd79259b1ae0c9eef0da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:23:88:e4:9e:5a:39:5d:60:d3:ab:4a:c6:43:
                    3e:10:7c:d1:d3:0b:59:2a:e5:d3:7f:04:0e:f4:5c:
                    79:da:1b:f6:a9:90:ad:e5:b6:78:0b:e8:e8:9e:f3:
                    6d:53:2d:fa:4a:cf:ef:fd:5e:64:36:72:0a:6c:a7:
                    29:1d:98:bc:86:59:5d:96:9d:06:d0:c3:b6:f3:ac:
                    d7:58:94:9a:d2:e4:a3:5b:4b:f3:66:e3:66:9f:28:
                    3f:09:1c:d1:80:80:67:c8:19:6f:1e:82:da:a0:cd:
                    35:4e:68:00:ca:74:19:51:3a:03:34:d7:31:75:6d:
                    19:cf:ae:f3:d8:ba:da:24:16:f1:be:c0:d3:45:df:
                    a8:51:18:a5:42:41:38:14:d2:97:f3:b2:05:f1:6f:
                    2d:14:b6:7d:36:2a:d6:33:39:b1:ec:00:91:6b:fe:
                    36:d5:a5:eb:3d:af:fc:12:b3:fd:43:d7:1a:64:2a:
                    e6:74:fe:d1:20:f2:96:8f:6a:32:b4:ba:1b:e2:db:
                    7b:ab:a4:81:df:cc:41:84:80:fb:81:79:68:98:ef:
                    dc:90:1c:e2:df:9f:69:fa:3d:13:16:9b:10:6e:6f:
                    1b:61:f9:4e:34:a0:9a:9e:b3:9f:f8:45:d1:b5:fd:
                    35:7c:eb:99:8c:bf:b9:c5:af:cf:75:94:44:a3:95:
                    fe:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:20:89:24:25:C7:7B:DC:79:BD:CD:79:25:9B:1A:E0:C9:EE:F0:DA
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/CSCJJCXHe9x5vc15JZsa4Mnu8No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:d4:c4:20:ac:e0:dd:fb:56:0c:d7:69:68:b1:4d:a4:fc:19:
         ae:dc:d6:11:2a:f2:c9:c8:b3:7f:f4:f9:b1:81:c1:52:c8:39:
         96:6e:84:14:5d:c0:0c:3e:79:39:fe:f4:de:04:27:2f:cb:c4:
         9f:17:5a:3e:91:9a:a7:6a:3c:d4:9e:b0:a1:d8:f8:3f:c3:0b:
         13:8a:8b:4c:97:d3:a1:dd:8b:6f:6a:74:05:ad:69:16:c5:39:
         53:97:46:d1:fb:fb:72:fa:81:ee:25:2d:12:94:05:bd:54:5e:
         86:d5:d6:48:fb:ac:30:e6:58:0f:29:c0:2b:77:7a:91:82:3c:
         44:50:27:fa:c6:bc:72:b7:d3:c0:25:5f:b7:9c:80:d5:fa:eb:
         9e:df:ee:ff:58:aa:15:4d:c1:40:e9:a8:f9:98:70:ca:23:df:
         53:be:f7:e7:ff:16:15:f1:b6:cf:a7:17:10:b3:9f:ce:4e:b1:
         11:41:67:f9:58:df:3f:2e:c0:fd:38:73:86:47:09:92:20:3a:
         66:d8:06:db:19:fa:48:94:d5:b5:f1:96:aa:3d:6e:a6:07:07:
         d3:80:f2:f8:02:bb:83:0e:15:3e:da:03:06:b2:7e:d6:bf:00:
         13:1c:44:82:59:8c:e8:24:c5:53:13:ac:1a:65:01:5a:23:be:
         75:03:40:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/i76aUDgK2tm8sSXwGhe8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjQwNjA0MTEwODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTIwODkyNDI1Yzc3YmRjNzliZGNkNzkyNTliMWFlMGM5ZWVmMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSOI5J5aOV1g06tKxkM+EHzR0wtZ
KuXTfwQO9Fx52hv2qZCt5bZ4C+jonvNtUy36Ss/v/V5kNnIKbKcpHZi8hlldlp0G
0MO286zXWJSa0uSjW0vzZuNmnyg/CRzRgIBnyBlvHoLaoM01TmgAynQZUToDNNcx
dW0Zz67z2LraJBbxvsDTRd+oURilQkE4FNKX87IF8W8tFLZ9NirWMzmx7ACRa/42
1aXrPa/8ErP9Q9caZCrmdP7RIPKWj2oytLob4tt7q6SB38xBhID7gXlomO/ckBzi
359p+j0TFpsQbm8bYflONKCanrOf+EXRtf01fOuZjL+5xa/PdZREo5X+UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkgiSQlx3vceb3NeSWbGuDJ7vDaMB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEvQ1NDSkpDWEhlOXg1dmMxNUpac2E0TW51OE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc2+MA0G
CSqGSIb3DQEBCwUAA4IBAQBE1MQgrODd+1YM12losU2k/Bmu3NYRKvLJyLN/9Pmx
gcFSyDmWboQUXcAMPnk5/vTeBCcvy8SfF1o+kZqnajzUnrCh2Pg/wwsTiotMl9Oh
3YtvanQFrWkWxTlTl0bR+/ty+oHuJS0SlAW9VF6G1dZI+6ww5lgPKcArd3qRgjxE
UCf6xrxyt9PAJV+3nIDV+uue3+7/WKoVTcFA6aj5mHDKI99Tvvfn/xYV8bbPpxcQ
s5/OTrERQWf5WN8/LsD9OHOGRwmSIDpm2AbbGfpIlNW18ZaqPW6mBwfTgPL4AruD
DhU+2gMGsn7WvwATHESCWYzoJMVTE6waZQFaI751A0Ap
-----END CERTIFICATE-----