Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/jjhjUDTOjqJ29QXaj_RIibB9zCM.roa
File:                     jjhjUDTOjqJ29QXaj_RIibB9zCM.roa (raw, json)
Hash identifier:          xadVelQD7a6YtxLkLO0Ak5TyfVXFyLbZU4BNCai6WI8=
Subject key identifier:   8E:38:63:50:34:CE:8E:A2:76:F5:05:DA:8F:F4:48:89:B0:7D:CC:23
Certificate issuer:       /CN=e0691dbafa3a8de070b07022de9adf74341fb4f2
Certificate serial:       018CC6B7F73E328A70132071C8E0CB5249EE
Authority key identifier: E0:69:1D:BA:FA:3A:8D:E0:70:B0:70:22:DE:9A:DF:74:34:1F:B4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/jjhjUDTOjqJ29QXaj_RIibB9zCM.roa
Signing time:             Mon 01 Jan 2024 20:29:54 +0000
ROA not before:           Mon 01 Jan 2024 20:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210474
IP address blocks:        212.23.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:f7:3e:32:8a:70:13:20:71:c8:e0:cb:52:49:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0691dbafa3a8de070b07022de9adf74341fb4f2
        Validity
            Not Before: Jan  1 20:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e38635034ce8ea276f505da8ff44889b07dcc23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6b:6c:45:d3:a3:c5:87:8a:33:d7:de:ee:0b:
                    3d:87:85:a1:0c:23:dc:13:e7:86:b1:d0:d6:b5:2b:
                    0f:f5:67:db:2f:0e:4d:c2:de:38:7f:ef:d2:0d:30:
                    18:16:2a:ba:f4:e8:78:49:a6:b1:26:e1:92:72:c3:
                    b4:97:d7:90:cf:df:1f:4f:3c:cc:53:9e:aa:c2:ba:
                    79:a2:80:fe:c7:cc:24:63:4f:8a:ec:0d:57:e7:75:
                    6f:36:52:25:a3:d3:58:80:48:18:ef:6a:d1:a8:84:
                    ab:e6:8d:66:3a:ec:0f:1a:cb:b6:b8:97:a3:d7:e8:
                    dd:b4:c5:50:98:90:08:e6:b9:8a:ff:bf:be:d9:e3:
                    ea:6c:27:67:2b:b3:b5:a2:91:29:52:88:0f:bb:09:
                    f5:95:82:34:9e:50:f2:9c:55:de:03:41:a3:19:84:
                    09:9d:70:70:73:58:70:05:e0:af:34:b4:01:3c:6c:
                    30:1c:33:d3:b5:00:cf:5c:e3:71:91:b6:b3:9c:8f:
                    69:51:ff:aa:63:86:fc:d5:58:68:4b:8f:c1:ba:f6:
                    a2:4f:3f:b9:9a:27:4e:9f:47:ab:42:d2:7d:e3:ec:
                    bf:31:a2:fa:85:5e:df:3b:a3:1f:e2:2d:63:1f:ba:
                    82:3b:7a:c3:e9:b0:15:7c:f7:c5:46:e1:1a:f3:17:
                    4b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:38:63:50:34:CE:8E:A2:76:F5:05:DA:8F:F4:48:89:B0:7D:CC:23
            X509v3 Authority Key Identifier:
                keyid:E0:69:1D:BA:FA:3A:8D:E0:70:B0:70:22:DE:9A:DF:74:34:1F:B4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/jjhjUDTOjqJ29QXaj_RIibB9zCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:8a:4b:d1:10:5a:a5:25:41:0e:2d:29:54:9e:1e:28:a4:3b:
         52:03:3d:7f:a3:ac:9f:6c:c9:5b:10:ec:a3:e9:92:7b:9d:b9:
         59:65:0f:38:05:d1:b7:51:07:38:09:ad:f5:0e:44:5e:2e:50:
         1d:96:63:a1:84:6c:2a:19:00:89:02:0b:e7:d6:78:cb:e3:83:
         84:72:7a:9e:15:c6:5f:8c:e2:f2:06:d6:0a:da:7f:92:b3:5d:
         23:87:6b:7c:b6:66:c2:99:a2:bd:52:66:fe:4f:40:88:77:1c:
         e3:7c:b7:4e:e8:8c:02:26:ab:db:91:82:4a:84:af:d4:ff:01:
         18:e6:2e:90:c8:98:24:1c:e4:84:78:36:8a:56:1a:5a:bc:38:
         74:96:82:52:c7:e1:fd:c7:93:d8:4d:77:dc:29:97:4a:8c:cc:
         cf:2f:a5:b6:4b:86:38:93:0b:6b:f6:03:1a:2a:75:92:ef:dd:
         64:1b:ce:6d:d4:07:5c:cd:a2:d8:88:76:43:ee:1d:40:e7:41:
         9b:6e:e8:e9:c5:51:b8:ae:b3:e1:10:44:81:dd:cc:ff:fc:1e:
         0b:d5:69:b0:3d:f8:dc:fd:c6:e5:91:00:0e:03:0b:4c:3a:bf:
         83:d5:d9:cc:1f:60:df:26:d0:91:2b:0d:09:df:57:51:46:3e:
         a6:20:46:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/c+MopwEyBxyODLUknuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjkxZGJhZmEzYThkZTA3MGIwNzAyMmRlOWFkZjc0MzQx
ZmI0ZjIwHhcNMjQwMTAxMjAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTM4NjM1MDM0Y2U4ZWEyNzZmNTA1ZGE4ZmY0NDg4OWIwN2RjYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimtsRdOjxYeKM9fe7gs9h4WhDCPc
E+eGsdDWtSsP9WfbLw5Nwt44f+/SDTAYFiq69Oh4SaaxJuGScsO0l9eQz98fTzzM
U56qwrp5ooD+x8wkY0+K7A1X53VvNlIlo9NYgEgY72rRqISr5o1mOuwPGsu2uJej
1+jdtMVQmJAI5rmK/7++2ePqbCdnK7O1opEpUogPuwn1lYI0nlDynFXeA0GjGYQJ
nXBwc1hwBeCvNLQBPGwwHDPTtQDPXONxkbaznI9pUf+qY4b81VhoS4/BuvaiTz+5
midOn0erQtJ94+y/MaL6hV7fO6Mf4i1jH7qCO3rD6bAVfPfFRuEa8xdLEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI44Y1A0zo6idvUF2o/0SImwfcwjMB8GA1UdIwQY
MBaAFOBpHbr6Oo3gcLBwIt6a33Q0H7TyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdrZHV2bzZqZUJ3c0hBaTNwcmZkRFFmdFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9mNzVjN2QtZTViMy00NDJmLWEwODQt
ZmQ0OWViM2YxOWIxLzEvampoalVEVE9qcUoyOVFYYWpfUklpYkI5ekNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9mNzVjN2QtZTViMy00NDJmLWEwODQtZmQ0OWViM2YxOWIx
LzEvNEdrZHV2bzZqZUJ3c0hBaTNwcmZkRFFmdFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfYMA0G
CSqGSIb3DQEBCwUAA4IBAQB2ikvREFqlJUEOLSlUnh4opDtSAz1/o6yfbMlbEOyj
6ZJ7nblZZQ84BdG3UQc4Ca31DkReLlAdlmOhhGwqGQCJAgvn1njL44OEcnqeFcZf
jOLyBtYK2n+Ss10jh2t8tmbCmaK9Umb+T0CIdxzjfLdO6IwCJqvbkYJKhK/U/wEY
5i6QyJgkHOSEeDaKVhpavDh0loJSx+H9x5PYTXfcKZdKjMzPL6W2S4Y4kwtr9gMa
KnWS791kG85t1AdczaLYiHZD7h1A50GbbujpxVG4rrPhEESB3cz//B4L1WmwPfjc
/cblkQAOAwtMOr+D1dnMH2DfJtCRKw0J31dRRj6mIEZh
-----END CERTIFICATE-----