Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/c5cbb4-bd8b-4885-8466-8745de2f4321/1/JgDA_-wMT0XWswStzQaZ-kuv5IY.roa
File:                     JgDA_-wMT0XWswStzQaZ-kuv5IY.roa (raw, json)
Hash identifier:          y3kH13ebW7/B7E6qS8fOnDKlcPguZbJu9tQBuNBGOFY=
Subject key identifier:   26:00:C0:FF:EC:0C:4F:45:D6:B3:04:AD:CD:06:99:FA:4B:AF:E4:86
Certificate issuer:       /CN=cde1cfecc92b104fcfa9efec6a58f0c197901652
Certificate serial:       018D589AD9A91DC652AE893E6BB9D0802F3D
Authority key identifier: CD:E1:CF:EC:C9:2B:10:4F:CF:A9:EF:EC:6A:58:F0:C1:97:90:16:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zeHP7MkrEE_Pqe_saljwwZeQFlI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/c5cbb4-bd8b-4885-8466-8745de2f4321/1/JgDA_-wMT0XWswStzQaZ-kuv5IY.roa
Signing time:             Tue 30 Jan 2024 04:22:39 +0000
ROA not before:           Tue 30 Jan 2024 04:22:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197258
IP address blocks:        91.217.102.0/23 maxlen: 23
                          91.217.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/c5cbb4-bd8b-4885-8466-8745de2f4321/1/zeHP7MkrEE_Pqe_saljwwZeQFlI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/c5cbb4-bd8b-4885-8466-8745de2f4321/1/zeHP7MkrEE_Pqe_saljwwZeQFlI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zeHP7MkrEE_Pqe_saljwwZeQFlI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:58:9a:d9:a9:1d:c6:52:ae:89:3e:6b:b9:d0:80:2f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cde1cfecc92b104fcfa9efec6a58f0c197901652
        Validity
            Not Before: Jan 30 04:22:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2600c0ffec0c4f45d6b304adcd0699fa4bafe486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:38:0f:e2:12:f8:54:26:7e:43:2e:25:be:ec:
                    1f:63:89:b6:5b:c6:1d:ac:f9:78:78:c5:df:c1:11:
                    a2:ef:94:c5:61:bc:47:5b:dd:bb:f1:97:7c:c5:03:
                    91:f6:94:b0:3d:e2:a8:ad:88:ee:e8:0a:9f:c8:ca:
                    cd:78:30:ee:51:ac:75:4e:ea:40:3a:a4:4f:be:3c:
                    12:9c:40:90:4f:71:01:30:bc:d3:db:8b:8f:b7:60:
                    8a:97:15:9c:a0:2d:dd:07:79:35:e3:13:58:33:be:
                    60:e2:7a:05:39:66:9c:bb:24:bd:92:d7:06:b2:aa:
                    ae:1c:c4:62:9a:af:fc:5a:22:f5:51:bc:6a:c7:3d:
                    a4:c7:53:72:97:8f:cb:dd:ef:96:aa:78:2f:d2:3c:
                    2e:ae:5f:81:7b:f0:48:5e:1e:a1:93:57:06:52:fa:
                    bb:1b:9a:95:87:84:fa:50:b8:51:5c:24:e2:e9:c4:
                    bb:36:37:5d:b2:7f:75:db:45:df:bc:22:74:63:86:
                    0b:5d:2d:23:4b:fc:e7:16:66:c4:11:45:d4:0e:e3:
                    bf:4f:45:a7:cf:b7:ec:57:a6:6d:c2:ee:50:37:6d:
                    21:ea:b8:9f:f9:5e:e6:e0:fe:83:29:ae:23:b8:5e:
                    19:67:f3:47:c6:b3:ce:c7:8a:d1:6b:da:06:d7:bf:
                    43:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:00:C0:FF:EC:0C:4F:45:D6:B3:04:AD:CD:06:99:FA:4B:AF:E4:86
            X509v3 Authority Key Identifier:
                keyid:CD:E1:CF:EC:C9:2B:10:4F:CF:A9:EF:EC:6A:58:F0:C1:97:90:16:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zeHP7MkrEE_Pqe_saljwwZeQFlI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/c5cbb4-bd8b-4885-8466-8745de2f4321/1/JgDA_-wMT0XWswStzQaZ-kuv5IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/c5cbb4-bd8b-4885-8466-8745de2f4321/1/zeHP7MkrEE_Pqe_saljwwZeQFlI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.102.0/23
                  91.217.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:81:d5:7a:1c:a8:78:74:ad:e7:e8:da:46:7d:99:de:e2:95:
         3b:2c:61:30:43:da:a8:82:d9:64:63:b9:3a:02:05:91:d9:08:
         78:71:08:df:f9:ba:34:0e:03:e5:d6:e1:d9:6d:96:f6:65:2a:
         d3:05:dd:13:c8:b5:31:55:fc:59:a0:cf:44:79:4b:b3:90:f5:
         12:c9:49:07:bb:69:fc:6c:80:68:a0:f6:47:5b:4e:42:5a:ec:
         6e:fc:08:cf:b4:1c:ce:9a:61:fb:52:6b:ae:88:54:b7:cd:33:
         8c:78:0b:ab:47:f9:2a:d4:29:61:f8:69:0a:3f:10:90:c4:7b:
         03:92:a6:28:f0:87:65:21:b4:56:b9:85:ee:e9:47:f5:b7:88:
         43:5a:8b:26:39:02:ba:d5:e0:df:7a:cc:eb:a3:cb:2c:36:18:
         34:a3:3e:b5:51:f1:f5:19:c0:84:be:ee:ce:1a:8a:a5:35:ae:
         77:c4:7d:c5:bd:01:db:22:63:d3:42:5f:a4:e0:1b:be:15:38:
         21:a5:2f:e6:ef:22:51:20:85:f5:c6:9d:b6:16:49:ba:c0:f6:
         c0:c5:ae:39:4f:be:48:dd:04:e8:b1:a1:67:53:24:7f:00:84:
         4b:94:76:56:a8:cd:f8:75:fb:37:8e:91:4b:f5:ff:ae:96:88:
         de:86:7e:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1YmtmpHcZSrok+a7nQgC89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZTFjZmVjYzkyYjEwNGZjZmE5ZWZlYzZhNThmMGMxOTc5
MDE2NTIwHhcNMjQwMTMwMDQyMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjAwYzBmZmVjMGM0ZjQ1ZDZiMzA0YWRjZDA2OTlmYTRiYWZlNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jgP4hL4VCZ+Qy4lvuwfY4m2W8Yd
rPl4eMXfwRGi75TFYbxHW9278Zd8xQOR9pSwPeKorYju6AqfyMrNeDDuUax1TupA
OqRPvjwSnECQT3EBMLzT24uPt2CKlxWcoC3dB3k14xNYM75g4noFOWacuyS9ktcG
sqquHMRimq/8WiL1Ubxqxz2kx1Nyl4/L3e+Wqngv0jwurl+Be/BIXh6hk1cGUvq7
G5qVh4T6ULhRXCTi6cS7Njddsn9120XfvCJ0Y4YLXS0jS/znFmbEEUXUDuO/T0Wn
z7fsV6Ztwu5QN20h6rif+V7m4P6DKa4juF4ZZ/NHxrPOx4rRa9oG179DeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCYAwP/sDE9F1rMErc0GmfpLr+SGMB8GA1UdIwQY
MBaAFM3hz+zJKxBPz6nv7GpY8MGXkBZSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemVIUDdNa3JFRV9QcWVfc2Fsand3WmVRRmxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9jNWNiYjQtYmQ4Yi00ODg1LTg0NjYt
ODc0NWRlMmY0MzIxLzEvSmdEQV8td01UMFhXc3dTdHpRYVota3V2NUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9jNWNiYjQtYmQ4Yi00ODg1LTg0NjYtODc0NWRlMmY0MzIx
LzEvemVIUDdNa3JFRV9QcWVfc2Fsand3WmVRRmxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW9lmAwQA
W9m0MA0GCSqGSIb3DQEBCwUAA4IBAQBkgdV6HKh4dK3n6NpGfZne4pU7LGEwQ9qo
gtlkY7k6AgWR2Qh4cQjf+bo0DgPl1uHZbZb2ZSrTBd0TyLUxVfxZoM9EeUuzkPUS
yUkHu2n8bIBooPZHW05CWuxu/AjPtBzOmmH7UmuuiFS3zTOMeAurR/kq1Clh+GkK
PxCQxHsDkqYo8IdlIbRWuYXu6Uf1t4hDWosmOQK61eDfeszro8ssNhg0oz61UfH1
GcCEvu7OGoqlNa53xH3FvQHbImPTQl+k4Bu+FTghpS/m7yJRIIX1xp22Fkm6wPbA
xa45T75I3QTosaFnUyR/AIRLlHZWqM34dfs3jpFL9f+ulojehn5r
-----END CERTIFICATE-----