Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/dee68d-aacd-4673-ba42-9911e510a8a9/1/JD4f42-HQZFmR5tk-B5wQlN6cOE.roa
File:                     JD4f42-HQZFmR5tk-B5wQlN6cOE.roa (raw, json)
Hash identifier:          acXKIz2TLCbv2lK9FzhBfDyRBvNPW9AvIOItnOrJMqk=
Subject key identifier:   24:3E:1F:E3:6F:87:41:91:66:47:9B:64:F8:1E:70:42:53:7A:70:E1
Certificate issuer:       /CN=fb4abe13942abe420f20dc149fdc57df4045c143
Certificate serial:       018CC64A844B3B914217E856FB5952676E09
Authority key identifier: FB:4A:BE:13:94:2A:BE:42:0F:20:DC:14:9F:DC:57:DF:40:45:C1:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-0q-E5QqvkIPINwUn9xX30BFwUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/dee68d-aacd-4673-ba42-9911e510a8a9/1/JD4f42-HQZFmR5tk-B5wQlN6cOE.roa
Signing time:             Mon 01 Jan 2024 18:30:21 +0000
ROA not before:           Mon 01 Jan 2024 18:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197323
IP address blocks:        91.220.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/dee68d-aacd-4673-ba42-9911e510a8a9/1/1-0q-E5QqvkIPINwUn9xX30BFwUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/dee68d-aacd-4673-ba42-9911e510a8a9/1/1-0q-E5QqvkIPINwUn9xX30BFwUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-0q-E5QqvkIPINwUn9xX30BFwUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:04:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:84:4b:3b:91:42:17:e8:56:fb:59:52:67:6e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb4abe13942abe420f20dc149fdc57df4045c143
        Validity
            Not Before: Jan  1 18:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=243e1fe36f87419166479b64f81e7042537a70e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5f:79:34:29:23:62:f2:a0:aa:f8:83:99:f4:
                    ba:99:9b:d8:07:ea:bf:62:a6:a2:87:46:af:f8:54:
                    ee:64:d7:67:57:f5:25:6b:15:47:05:d5:c8:3e:b8:
                    6a:86:9f:65:5e:d5:99:da:d0:60:e1:05:7a:8e:25:
                    ca:c1:88:35:f2:0f:3a:96:cc:d5:31:17:bc:23:50:
                    36:37:d5:ce:d1:0f:59:bf:3c:65:7b:47:b4:c6:c3:
                    77:c5:13:c0:d2:bf:2e:a4:80:c8:33:cd:e9:a5:bc:
                    77:eb:30:08:66:aa:be:8f:07:fa:53:a4:90:0d:54:
                    13:8c:51:2d:7e:4e:5b:8a:e4:0c:5b:88:29:86:76:
                    52:13:ae:8a:0a:ba:36:36:f5:e9:90:56:11:cb:9a:
                    61:02:f1:a2:09:f8:dd:3e:31:d3:72:aa:41:ac:bf:
                    d1:84:ec:23:93:50:fe:66:c2:f6:e6:9e:72:b9:7a:
                    23:6e:9b:fd:7d:db:16:1c:7e:3c:63:1e:c1:95:4d:
                    fe:b5:fb:c8:b5:84:0b:b5:f1:7e:85:8e:d3:72:0f:
                    34:ff:fb:d3:64:0e:6f:4d:e6:0b:81:ee:e7:c6:bd:
                    a8:7e:1d:0b:60:c1:7a:83:43:4a:66:86:d4:c4:96:
                    00:68:46:4f:51:14:50:e8:d8:05:f6:97:f7:81:2f:
                    3f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:3E:1F:E3:6F:87:41:91:66:47:9B:64:F8:1E:70:42:53:7A:70:E1
            X509v3 Authority Key Identifier:
                keyid:FB:4A:BE:13:94:2A:BE:42:0F:20:DC:14:9F:DC:57:DF:40:45:C1:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-0q-E5QqvkIPINwUn9xX30BFwUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/dee68d-aacd-4673-ba42-9911e510a8a9/1/JD4f42-HQZFmR5tk-B5wQlN6cOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/dee68d-aacd-4673-ba42-9911e510a8a9/1/1-0q-E5QqvkIPINwUn9xX30BFwUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:7c:b4:56:87:b1:6f:ba:70:ea:b0:e2:a0:22:70:58:c9:a8:
         de:8e:e9:7e:20:66:c0:f1:a4:05:b9:a9:b0:b4:95:ac:7d:6a:
         27:2c:f5:65:62:bb:75:f3:94:ad:92:20:9b:22:76:8f:9e:5d:
         bd:bb:1e:69:95:de:c9:bd:d7:a1:d2:ad:b9:96:c5:87:e5:03:
         b0:29:8a:dc:00:98:77:4e:b0:93:9d:d6:76:c5:97:f3:8f:e8:
         f0:2d:fd:cb:83:88:88:e3:52:52:08:42:ef:83:e1:4a:87:05:
         26:1b:f5:07:26:dd:32:a9:65:70:98:a2:30:a1:d2:81:cd:76:
         1d:9b:3c:7a:e0:b1:66:66:ec:b9:79:33:84:5e:58:1f:69:89:
         3b:ba:72:1a:56:e6:3d:b6:ee:54:f2:22:3b:b9:a2:76:d6:cf:
         c5:7a:16:93:d5:a4:66:59:e9:2c:25:da:c0:65:c3:06:6a:6a:
         b9:63:d8:4f:50:56:62:d5:ed:a6:c3:4d:56:21:ec:e1:95:49:
         76:cf:a9:d7:13:2b:4b:c6:f2:cd:8c:41:21:6b:64:3e:97:e9:
         e1:06:ef:2b:f7:56:d2:29:3f:7e:29:f9:94:07:70:30:43:49:
         54:6a:04:fd:78:6f:40:90:47:c8:c9:9d:7f:80:0d:47:9f:66:
         76:09:05:2b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSoRLO5FCF+hW+1lSZ24JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNGFiZTEzOTQyYWJlNDIwZjIwZGMxNDlmZGM1N2RmNDA0
NWMxNDMwHhcNMjQwMTAxMTgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDNlMWZlMzZmODc0MTkxNjY0NzliNjRmODFlNzA0MjUzN2E3MGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV95NCkjYvKgqviDmfS6mZvYB+q/
Yqaih0av+FTuZNdnV/UlaxVHBdXIPrhqhp9lXtWZ2tBg4QV6jiXKwYg18g86lszV
MRe8I1A2N9XO0Q9Zvzxle0e0xsN3xRPA0r8upIDIM83ppbx36zAIZqq+jwf6U6SQ
DVQTjFEtfk5biuQMW4gphnZSE66KCro2NvXpkFYRy5phAvGiCfjdPjHTcqpBrL/R
hOwjk1D+ZsL25p5yuXojbpv9fdsWHH48Yx7BlU3+tfvItYQLtfF+hY7Tcg80//vT
ZA5vTeYLge7nxr2ofh0LYMF6g0NKZobUxJYAaEZPURRQ6NgF9pf3gS8/vwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCQ+H+Nvh0GRZkebZPgecEJTenDhMB8GA1UdIwQY
MBaAFPtKvhOUKr5CDyDcFJ/cV99ARcFDMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0wcS1FNVFxdmtJUElOd1VuOXhYMzBCRndVTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWEvZGVlNjhkLWFhY2QtNDY3My1iYTQy
LTk5MTFlNTEwYThhOS8xL0pENGY0Mi1IUVpGbVI1dGstQjV3UWxONmNPRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWEvZGVlNjhkLWFhY2QtNDY3My1iYTQyLTk5MTFlNTEwYThh
OS8xLzEtMHEtRTVRcXZrSVBJTndVbjl4WDMwQkZ3VU0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb3C8w
DQYJKoZIhvcNAQELBQADggEBAMF8tFaHsW+6cOqw4qAicFjJqN6O6X4gZsDxpAW5
qbC0lax9aics9WViu3XzlK2SIJsido+eXb27HmmV3sm916HSrbmWxYflA7ApitwA
mHdOsJOd1nbFl/OP6PAt/cuDiIjjUlIIQu+D4UqHBSYb9Qcm3TKpZXCYojCh0oHN
dh2bPHrgsWZm7Ll5M4ReWB9piTu6chpW5j227lTyIju5onbWz8V6FpPVpGZZ6Swl
2sBlwwZqarlj2E9QVmLV7abDTVYh7OGVSXbPqdcTK0vG8s2MQSFrZD6X6eEG7yv3
VtIpP34p+ZQHcDBDSVRqBP14b0CQR8jJnX+ADUefZnYJBSs=
-----END CERTIFICATE-----