Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/Jd-ZMEZyRIte7yLCae5l-9682Tw.roa
File:                     Jd-ZMEZyRIte7yLCae5l-9682Tw.roa (raw, json)
Hash identifier:          2i87YNvku894e8h1PWRoOc86mQvoz0oz4QrRnz5Y5sk=
Subject key identifier:   25:DF:99:30:46:72:44:8B:5E:EF:22:C2:69:EE:65:FB:DE:BC:D9:3C
Certificate issuer:       /CN=e79dc5435a2dc97e365ff49570c04d513f6fced2
Certificate serial:       018CC34926BD759241A5D010E73A74EE22AC
Authority key identifier: E7:9D:C5:43:5A:2D:C9:7E:36:5F:F4:95:70:C0:4D:51:3F:6F:CE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/553FQ1otyX42X_SVcMBNUT9vztI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/Jd-ZMEZyRIte7yLCae5l-9682Tw.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208355
IP address blocks:        152.89.72.0/22 maxlen: 22
                          2a06:8200::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/553FQ1otyX42X_SVcMBNUT9vztI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/553FQ1otyX42X_SVcMBNUT9vztI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/553FQ1otyX42X_SVcMBNUT9vztI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:26:bd:75:92:41:a5:d0:10:e7:3a:74:ee:22:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e79dc5435a2dc97e365ff49570c04d513f6fced2
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25df99304672448b5eef22c269ee65fbdebcd93c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d2:ba:f6:8f:69:46:7f:ea:74:a6:6f:80:a4:
                    6f:6b:cd:41:30:78:06:c6:8e:e6:72:f8:ad:d0:44:
                    89:8e:62:ae:56:0e:6e:a1:79:c3:c6:30:50:b6:08:
                    93:67:63:91:7a:ad:74:1e:3e:b9:11:ed:c3:5b:06:
                    48:58:7c:dc:5f:03:fa:1b:06:f4:b3:03:c4:83:29:
                    9a:35:bc:ca:0f:a8:28:e2:71:4c:f2:40:6e:02:17:
                    f3:1f:8a:69:e6:03:44:2c:85:56:e8:a1:92:a8:ba:
                    c9:b9:33:c8:43:f4:b3:1f:b0:8e:3a:91:16:40:dc:
                    65:6c:10:8d:d7:05:70:94:88:11:07:6d:ea:71:d3:
                    1d:29:9e:24:81:25:dd:d8:99:e2:0f:8d:88:4e:26:
                    d1:8b:35:1f:86:07:1a:fc:65:9e:5a:e1:2e:f6:62:
                    5b:f9:27:97:39:0b:6b:19:41:e0:ec:f8:53:6d:0f:
                    4c:f0:8d:27:a9:3c:30:b1:8a:8c:ad:41:d2:b1:3f:
                    fe:55:c0:d8:8b:9f:a0:74:02:61:e5:6c:e7:9b:9f:
                    f6:26:74:dd:0f:70:4f:87:12:fc:29:5b:ef:c1:cf:
                    58:c8:39:b5:3d:99:4b:07:24:85:71:9d:0e:62:93:
                    81:11:58:1a:b4:e8:8c:6c:dd:a6:4d:80:08:fe:0b:
                    1e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:DF:99:30:46:72:44:8B:5E:EF:22:C2:69:EE:65:FB:DE:BC:D9:3C
            X509v3 Authority Key Identifier:
                keyid:E7:9D:C5:43:5A:2D:C9:7E:36:5F:F4:95:70:C0:4D:51:3F:6F:CE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/553FQ1otyX42X_SVcMBNUT9vztI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/Jd-ZMEZyRIte7yLCae5l-9682Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/553FQ1otyX42X_SVcMBNUT9vztI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.72.0/22
                IPv6:
                  2a06:8200::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:e7:53:78:00:6c:bb:87:30:b7:b4:be:cc:58:ff:e7:62:d4:
         ae:3a:a7:66:9f:00:ce:b9:be:85:cc:76:75:68:3e:34:f5:1b:
         26:b2:07:7d:d5:e1:a9:03:32:a6:53:3f:3a:c3:0e:7c:3b:6e:
         72:32:79:0f:25:5f:a6:cb:53:69:24:30:8c:c0:c8:55:b6:2f:
         4e:de:a6:c6:c1:4a:83:8c:fe:0e:4c:56:6a:83:d9:04:06:74:
         07:d8:9f:2d:32:83:47:42:41:99:c4:9a:78:d4:83:18:b0:e0:
         14:5a:b9:4d:73:f9:40:a5:03:dd:32:e9:23:f8:f8:ae:6d:a3:
         0a:9e:00:01:d5:7a:8a:be:53:4a:fc:b2:88:28:5a:e6:46:c9:
         6d:7f:2f:71:a1:53:71:88:67:51:ca:90:47:42:ba:5c:d5:b3:
         a6:49:9c:cf:5a:a0:5b:41:e7:9e:6a:b7:99:8b:e2:47:00:c9:
         b1:e2:d3:22:bb:90:54:ab:65:a0:1f:88:5d:5e:8b:26:72:b5:
         fb:e4:da:4f:f9:6c:21:c1:15:e3:83:b1:16:88:14:fb:2f:e7:
         54:d4:b4:04:0d:b7:e9:ef:71:f3:7f:0f:8a:73:dc:5c:08:69:
         aa:5e:51:c5:b0:10:21:20:9a:93:82:03:17:b4:fc:f6:d6:ee:
         d2:b2:f5:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSSa9dZJBpdAQ5zp07iKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OWRjNTQzNWEyZGM5N2UzNjVmZjQ5NTcwYzA0ZDUxM2Y2
ZmNlZDIwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWRmOTkzMDQ2NzI0NDhiNWVlZjIyYzI2OWVlNjVmYmRlYmNkOTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktK69o9pRn/qdKZvgKRva81BMHgG
xo7mcvit0ESJjmKuVg5uoXnDxjBQtgiTZ2OReq10Hj65Ee3DWwZIWHzcXwP6Gwb0
swPEgymaNbzKD6go4nFM8kBuAhfzH4pp5gNELIVW6KGSqLrJuTPIQ/SzH7COOpEW
QNxlbBCN1wVwlIgRB23qcdMdKZ4kgSXd2JniD42ITibRizUfhgca/GWeWuEu9mJb
+SeXOQtrGUHg7PhTbQ9M8I0nqTwwsYqMrUHSsT/+VcDYi5+gdAJh5Wznm5/2JnTd
D3BPhxL8KVvvwc9YyDm1PZlLBySFcZ0OYpOBEVgatOiMbN2mTYAI/gsepQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCXfmTBGckSLXu8iwmnuZfvevNk8MB8GA1UdIwQY
MBaAFOedxUNaLcl+Nl/0lXDATVE/b87SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTUzRlExb3R5WDQyWF9TVmNNQk5VVDl2enRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9jZTk1YmUtYTM3YS00YzIzLWI5Y2It
NzA2NTU0Zjg4MDQ2LzEvSmQtWk1FWnlSSXRlN3lMQ2FlNWwtOTY4MlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9jZTk1YmUtYTM3YS00YzIzLWI5Y2ItNzA2NTU0Zjg4MDQ2
LzEvNTUzRlExb3R5WDQyWF9TVmNNQk5VVDl2enRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFlIMA0E
AgACMAcDBQAqBoIAMA0GCSqGSIb3DQEBCwUAA4IBAQAm51N4AGy7hzC3tL7MWP/n
YtSuOqdmnwDOub6FzHZ1aD409Rsmsgd91eGpAzKmUz86ww58O25yMnkPJV+my1Np
JDCMwMhVti9O3qbGwUqDjP4OTFZqg9kEBnQH2J8tMoNHQkGZxJp41IMYsOAUWrlN
c/lApQPdMukj+PiubaMKngAB1XqKvlNK/LKIKFrmRsltfy9xoVNxiGdRypBHQrpc
1bOmSZzPWqBbQeeeareZi+JHAMmx4tMiu5BUq2WgH4hdXosmcrX75NpP+WwhwRXj
g7EWiBT7L+dU1LQEDbfp73Hzfw+Kc9xcCGmqXlHFsBAhIJqTggMXtPz21u7SsvWU
-----END CERTIFICATE-----