Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/ab65c0-4828-41dd-b3da-ed8db62b3533/1/JKy8F4d38oVfzDE_4lfKq7dEGBg.roa
File:                     JKy8F4d38oVfzDE_4lfKq7dEGBg.roa (raw, json)
Hash identifier:          QRm3MSiqL3PWJo+Pyi9GoknJPDKHAE7TafHXCgu7igA=
Subject key identifier:   24:AC:BC:17:87:77:F2:85:5F:CC:31:3F:E2:57:CA:AB:B7:44:18:18
Certificate issuer:       /CN=93dc4bf1f8912beb7cdee409302988c611388e91
Certificate serial:       018CC425591486FD81B6B5049A9104401966
Authority key identifier: 93:DC:4B:F1:F8:91:2B:EB:7C:DE:E4:09:30:29:88:C6:11:38:8E:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9xL8fiRK-t83uQJMCmIxhE4jpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/ab65c0-4828-41dd-b3da-ed8db62b3533/1/JKy8F4d38oVfzDE_4lfKq7dEGBg.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56481
IP address blocks:        91.223.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/ab65c0-4828-41dd-b3da-ed8db62b3533/1/k9xL8fiRK-t83uQJMCmIxhE4jpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/ab65c0-4828-41dd-b3da-ed8db62b3533/1/k9xL8fiRK-t83uQJMCmIxhE4jpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9xL8fiRK-t83uQJMCmIxhE4jpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:59:14:86:fd:81:b6:b5:04:9a:91:04:40:19:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93dc4bf1f8912beb7cdee409302988c611388e91
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24acbc178777f2855fcc313fe257caabb7441818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5d:e1:3e:46:d5:3b:f6:d6:b6:32:33:cf:b0:
                    c2:0c:4c:35:52:6e:e4:a1:2f:b3:a3:e5:04:32:05:
                    ad:c7:f3:ef:df:ee:ec:ab:3d:c1:68:dc:0a:0a:57:
                    b6:55:66:32:c8:5b:6c:c2:82:6d:a4:fb:9c:82:00:
                    83:34:f8:08:9f:48:f8:ff:78:6d:7f:a8:69:44:1d:
                    b9:3c:97:97:b6:84:e4:c0:aa:f5:dc:14:0a:33:56:
                    76:8f:0b:0b:12:e4:c7:27:88:60:20:00:9e:27:84:
                    1f:3b:cb:09:72:18:20:29:f3:42:66:3d:c9:f6:5c:
                    32:b1:31:e9:20:5b:c8:0d:6e:6b:75:67:23:03:3f:
                    28:33:fc:f3:e6:b8:82:0a:c3:57:2e:d9:1d:84:79:
                    b6:73:bb:35:40:57:49:90:8f:d6:ef:ce:c0:ed:63:
                    fe:d0:3a:5a:74:19:f9:63:76:22:07:1e:09:e7:95:
                    4a:be:42:72:8b:54:93:19:2d:86:97:b2:e9:0e:89:
                    a5:8f:9a:9f:13:c6:00:6f:eb:25:82:c0:f7:38:8f:
                    a0:c5:2b:68:d9:a7:39:9c:d2:c0:59:27:87:8e:57:
                    8b:58:b9:9d:ad:22:68:b1:1a:9c:9e:97:98:18:78:
                    f0:0f:8c:e3:71:8e:a6:ed:ab:eb:6f:a5:19:b1:67:
                    85:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:AC:BC:17:87:77:F2:85:5F:CC:31:3F:E2:57:CA:AB:B7:44:18:18
            X509v3 Authority Key Identifier:
                keyid:93:DC:4B:F1:F8:91:2B:EB:7C:DE:E4:09:30:29:88:C6:11:38:8E:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9xL8fiRK-t83uQJMCmIxhE4jpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ab65c0-4828-41dd-b3da-ed8db62b3533/1/JKy8F4d38oVfzDE_4lfKq7dEGBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ab65c0-4828-41dd-b3da-ed8db62b3533/1/k9xL8fiRK-t83uQJMCmIxhE4jpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:d4:28:ce:d2:de:30:ad:6f:f8:30:02:92:c4:ff:38:03:28:
         12:46:51:3b:bd:fd:f7:fd:90:1e:17:82:05:d0:40:8f:1c:e8:
         dc:8b:67:e1:f1:e4:40:06:81:4a:9d:5b:ca:81:24:05:7a:be:
         94:ce:4e:6e:66:ab:81:66:ed:32:a4:f1:67:88:93:1f:05:de:
         da:cd:56:46:d5:32:79:65:c0:c2:63:5d:ec:9e:43:03:0f:f7:
         90:41:73:23:a1:ac:fc:f1:3e:ca:8f:df:28:bf:73:dc:ce:87:
         aa:9d:54:9a:36:03:a6:c8:bf:af:e6:ff:97:04:7f:ee:11:f6:
         c1:3c:dc:80:fb:e1:8d:33:73:2a:6a:57:35:13:71:84:43:d4:
         c5:e5:43:a4:ec:81:ad:e6:58:e7:e1:cd:e7:eb:dd:2f:07:19:
         1a:c9:b7:3e:81:21:f7:33:e3:c5:ff:34:b2:56:99:ee:06:4c:
         75:ba:85:1a:91:4f:da:12:11:83:7c:a4:b2:28:56:f2:f2:96:
         c3:fa:05:ef:c6:0b:41:2b:6b:e6:53:a7:63:09:d8:e7:b1:4b:
         83:c6:f0:d9:1f:6a:5a:14:57:f4:c4:30:28:5d:d5:f1:2f:5a:
         b9:53:37:ef:28:a7:e2:93:fb:08:6f:75:e2:bf:8b:2a:f3:bc:
         4d:83:3a:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVkUhv2BtrUEmpEEQBlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZGM0YmYxZjg5MTJiZWI3Y2RlZTQwOTMwMjk4OGM2MTEz
ODhlOTEwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGFjYmMxNzg3NzdmMjg1NWZjYzMxM2ZlMjU3Y2FhYmI3NDQxODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn13hPkbVO/bWtjIzz7DCDEw1Um7k
oS+zo+UEMgWtx/Pv3+7sqz3BaNwKCle2VWYyyFtswoJtpPucggCDNPgIn0j4/3ht
f6hpRB25PJeXtoTkwKr13BQKM1Z2jwsLEuTHJ4hgIACeJ4QfO8sJchggKfNCZj3J
9lwysTHpIFvIDW5rdWcjAz8oM/zz5riCCsNXLtkdhHm2c7s1QFdJkI/W787A7WP+
0DpadBn5Y3YiBx4J55VKvkJyi1STGS2Gl7LpDomlj5qfE8YAb+slgsD3OI+gxSto
2ac5nNLAWSeHjleLWLmdrSJosRqcnpeYGHjwD4zjcY6m7avrb6UZsWeFBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSsvBeHd/KFX8wxP+JXyqu3RBgYMB8GA1UdIwQY
MBaAFJPcS/H4kSvrfN7kCTApiMYROI6RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazl4TDhmaVJLLXQ4M3VRSk1DbUl4aEU0anBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9hYjY1YzAtNDgyOC00MWRkLWIzZGEt
ZWQ4ZGI2MmIzNTMzLzEvSkt5OEY0ZDM4b1ZmekRFXzRsZktxN2RFR0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9hYjY1YzAtNDgyOC00MWRkLWIzZGEtZWQ4ZGI2MmIzNTMz
LzEvazl4TDhmaVJLLXQ4M3VRSk1DbUl4aEU0anBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+uMA0G
CSqGSIb3DQEBCwUAA4IBAQCS1CjO0t4wrW/4MAKSxP84AygSRlE7vf33/ZAeF4IF
0ECPHOjci2fh8eRABoFKnVvKgSQFer6Uzk5uZquBZu0ypPFniJMfBd7azVZG1TJ5
ZcDCY13snkMDD/eQQXMjoaz88T7Kj98ov3PczoeqnVSaNgOmyL+v5v+XBH/uEfbB
PNyA++GNM3Mqalc1E3GEQ9TF5UOk7IGt5ljn4c3n690vBxkaybc+gSH3M+PF/zSy
VpnuBkx1uoUakU/aEhGDfKSyKFby8pbD+gXvxgtBK2vmU6djCdjnsUuDxvDZH2pa
FFf0xDAoXdXxL1q5UzfvKKfik/sIb3Xiv4sq87xNgzr+
-----END CERTIFICATE-----