Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/44038b-8031-44e0-91c4-cc5676c7de9f/1/JTOErqc3fUB5OoxkfsYpcI_jGZ0.roa
File:                     JTOErqc3fUB5OoxkfsYpcI_jGZ0.roa (raw, json)
Hash identifier:          jeT7LGgXzyGbphB6nfdbVXHEhH9ITN4qwasKUpYntKQ=
Subject key identifier:   25:33:84:AE:A7:37:7D:40:79:3A:8C:64:7E:C6:29:70:8F:E3:19:9D
Certificate issuer:       /CN=d268d9a2a645d7cc2fd253b3670408055e56fff9
Certificate serial:       018CC64B162BB1BDB88C1C7837D6B919A308
Authority key identifier: D2:68:D9:A2:A6:45:D7:CC:2F:D2:53:B3:67:04:08:05:5E:56:FF:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mjZoqZF18wv0lOzZwQIBV5W__k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/44038b-8031-44e0-91c4-cc5676c7de9f/1/JTOErqc3fUB5OoxkfsYpcI_jGZ0.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35480
IP address blocks:        193.192.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/44038b-8031-44e0-91c4-cc5676c7de9f/1/0mjZoqZF18wv0lOzZwQIBV5W__k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/44038b-8031-44e0-91c4-cc5676c7de9f/1/0mjZoqZF18wv0lOzZwQIBV5W__k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mjZoqZF18wv0lOzZwQIBV5W__k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 10:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:16:2b:b1:bd:b8:8c:1c:78:37:d6:b9:19:a3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d268d9a2a645d7cc2fd253b3670408055e56fff9
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=253384aea7377d40793a8c647ec629708fe3199d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:9a:38:f4:ff:ca:b8:82:c3:10:21:0a:dc:ac:
                    72:cb:4b:fc:8e:96:9d:5c:63:87:9a:5a:c3:d9:a3:
                    39:af:cf:18:ee:a6:c3:1f:06:64:8c:76:83:e3:3e:
                    89:fb:07:f7:e7:c4:a4:15:34:59:9f:c6:03:e5:29:
                    5e:70:76:e1:07:5c:46:9e:31:e5:b6:4d:1e:f3:fa:
                    ce:4a:a5:43:98:46:6f:26:7e:2f:89:d2:75:fe:37:
                    7a:dd:f3:6b:3c:33:59:e3:00:67:dc:e7:30:e2:9e:
                    90:ca:bd:33:f1:62:11:13:71:78:a4:de:35:66:4c:
                    2d:78:c6:db:6a:30:89:00:02:75:00:b6:3c:f5:f8:
                    d2:e4:12:be:9e:09:b9:89:b4:58:20:be:f9:a5:58:
                    2f:dd:a6:66:7e:bc:d5:1c:a8:b8:7f:5d:dd:dd:cc:
                    4a:92:e1:7f:8d:c1:ce:5f:ac:16:c6:a8:75:39:8a:
                    cc:bc:67:ea:37:45:5c:4a:0e:80:e4:d1:50:79:0a:
                    3f:df:85:07:56:05:34:c6:09:85:7d:5c:08:e0:c3:
                    22:fd:07:84:0c:f8:e7:3d:d4:53:85:35:e4:d9:2c:
                    fe:55:13:6e:81:f3:4b:52:7d:f1:91:62:7a:4e:a7:
                    fc:58:54:63:c8:8a:c6:99:aa:18:3f:99:2f:cb:69:
                    6d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:33:84:AE:A7:37:7D:40:79:3A:8C:64:7E:C6:29:70:8F:E3:19:9D
            X509v3 Authority Key Identifier:
                keyid:D2:68:D9:A2:A6:45:D7:CC:2F:D2:53:B3:67:04:08:05:5E:56:FF:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mjZoqZF18wv0lOzZwQIBV5W__k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/44038b-8031-44e0-91c4-cc5676c7de9f/1/JTOErqc3fUB5OoxkfsYpcI_jGZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/44038b-8031-44e0-91c4-cc5676c7de9f/1/0mjZoqZF18wv0lOzZwQIBV5W__k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:0c:e3:75:96:ef:37:ff:63:81:b7:12:42:d4:ae:26:b0:95:
         0f:25:3c:ae:f6:c2:cb:cd:fd:46:48:de:7c:dc:f1:3d:5d:ad:
         b5:7a:54:c5:5c:c2:1a:37:c5:ed:63:47:e9:ef:58:96:95:83:
         42:4e:95:77:e5:a7:0b:fa:be:7c:54:aa:58:ea:81:fc:92:ae:
         68:78:34:e6:c4:f8:cc:3a:5f:0d:94:65:56:38:9a:18:d5:41:
         68:12:07:ff:e1:3f:fa:8b:30:fe:7f:36:98:5a:ca:cb:58:58:
         ba:30:c3:0c:b0:53:08:a7:56:c8:d6:d6:33:5e:d5:87:00:a3:
         f5:74:6f:fa:e2:a3:68:ed:c7:ca:db:bd:42:13:3b:96:b2:d0:
         bb:2e:5d:cc:78:6f:61:e6:63:1a:b3:fe:35:da:ef:6c:d5:c9:
         f0:1c:9f:10:e8:c3:d7:2a:0f:dc:dd:98:2a:c6:2c:3a:63:5a:
         c5:99:be:59:1d:23:82:c2:fc:65:b9:a5:d4:9c:8d:10:ea:2c:
         b2:10:a6:12:48:a3:b0:5f:78:07:4b:9a:f9:82:32:17:49:b3:
         f1:15:c1:a8:7a:93:51:a3:14:f3:b3:3d:70:79:16:35:65:dd:
         9c:56:8c:4c:17:5a:33:80:0d:81:58:0c:0f:8f:65:ae:74:38:
         e2:d6:19:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxYrsb24jBx4N9a5GaMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNjhkOWEyYTY0NWQ3Y2MyZmQyNTNiMzY3MDQwODA1NWU1
NmZmZjkwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTMzODRhZWE3Mzc3ZDQwNzkzYThjNjQ3ZWM2Mjk3MDhmZTMxOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5o49P/KuILDECEK3Kxyy0v8jpad
XGOHmlrD2aM5r88Y7qbDHwZkjHaD4z6J+wf358SkFTRZn8YD5SlecHbhB1xGnjHl
tk0e8/rOSqVDmEZvJn4vidJ1/jd63fNrPDNZ4wBn3Ocw4p6Qyr0z8WIRE3F4pN41
ZkwteMbbajCJAAJ1ALY89fjS5BK+ngm5ibRYIL75pVgv3aZmfrzVHKi4f13d3cxK
kuF/jcHOX6wWxqh1OYrMvGfqN0VcSg6A5NFQeQo/34UHVgU0xgmFfVwI4MMi/QeE
DPjnPdRThTXk2Sz+VRNugfNLUn3xkWJ6Tqf8WFRjyIrGmaoYP5kvy2ltRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUzhK6nN31AeTqMZH7GKXCP4xmdMB8GA1UdIwQY
MBaAFNJo2aKmRdfML9JTs2cECAVeVv/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1qWm9xWkYxOHd2MGxPelp3UUlCVjVXX19rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy80NDAzOGItODAzMS00NGUwLTkxYzQt
Y2M1Njc2YzdkZTlmLzEvSlRPRXJxYzNmVUI1T294a2ZzWXBjSV9qR1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy80NDAzOGItODAzMS00NGUwLTkxYzQtY2M1Njc2YzdkZTlm
LzEvMG1qWm9xWkYxOHd2MGxPelp3UUlCVjVXX19rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcAwMA0G
CSqGSIb3DQEBCwUAA4IBAQCWDON1lu83/2OBtxJC1K4msJUPJTyu9sLLzf1GSN58
3PE9Xa21elTFXMIaN8XtY0fp71iWlYNCTpV35acL+r58VKpY6oH8kq5oeDTmxPjM
Ol8NlGVWOJoY1UFoEgf/4T/6izD+fzaYWsrLWFi6MMMMsFMIp1bI1tYzXtWHAKP1
dG/64qNo7cfK271CEzuWstC7Ll3MeG9h5mMas/412u9s1cnwHJ8Q6MPXKg/c3Zgq
xiw6Y1rFmb5ZHSOCwvxluaXUnI0Q6iyyEKYSSKOwX3gHS5r5gjIXSbPxFcGoepNR
oxTzsz1weRY1Zd2cVoxMF1ozgA2BWAwPj2WudDji1hkN
-----END CERTIFICATE-----