Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/fda298-02c7-4d71-8ad3-951fd75ac9a2/1/JBsdjR6EaRUe1nWX2oRJLGdZW1E.roa
File:                     JBsdjR6EaRUe1nWX2oRJLGdZW1E.roa (raw, json)
Hash identifier:          jV2tttaxs6Vqu54glfL9YAxjjrL/uEsAzx39OEXML3s=
Subject key identifier:   24:1B:1D:8D:1E:84:69:15:1E:D6:75:97:DA:84:49:2C:67:59:5B:51
Certificate issuer:       /CN=cfc025a9d55bfd643757da4d499dce17201774d2
Certificate serial:       018CC64AB6B3F1E11014C5EE15DBF0AA3092
Authority key identifier: CF:C0:25:A9:D5:5B:FD:64:37:57:DA:4D:49:9D:CE:17:20:17:74:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8AlqdVb_WQ3V9pNSZ3OFyAXdNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/fda298-02c7-4d71-8ad3-951fd75ac9a2/1/JBsdjR6EaRUe1nWX2oRJLGdZW1E.roa
Signing time:             Mon 01 Jan 2024 18:30:34 +0000
ROA not before:           Mon 01 Jan 2024 18:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48782
IP address blocks:        91.212.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/fda298-02c7-4d71-8ad3-951fd75ac9a2/1/z8AlqdVb_WQ3V9pNSZ3OFyAXdNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/fda298-02c7-4d71-8ad3-951fd75ac9a2/1/z8AlqdVb_WQ3V9pNSZ3OFyAXdNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8AlqdVb_WQ3V9pNSZ3OFyAXdNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b6:b3:f1:e1:10:14:c5:ee:15:db:f0:aa:30:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc025a9d55bfd643757da4d499dce17201774d2
        Validity
            Not Before: Jan  1 18:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=241b1d8d1e8469151ed67597da84492c67595b51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e9:14:da:50:2e:19:fd:87:90:b4:40:6c:49:
                    c5:e5:36:58:46:fb:bb:96:65:f4:78:1f:14:c6:28:
                    6d:d2:89:77:a4:0b:6b:b4:3a:72:5d:bc:f2:c8:a7:
                    e8:c0:aa:6f:ac:89:7d:18:cf:5e:d0:f7:80:05:85:
                    cd:77:5b:92:34:18:a1:03:21:f3:59:42:55:3d:7e:
                    5c:05:d2:3e:15:e1:63:70:2c:eb:e5:ba:a4:02:ce:
                    8e:2b:71:05:b2:f9:7d:a8:68:9b:6e:30:98:e0:aa:
                    02:a2:46:cd:9d:29:e6:ff:be:25:1e:b2:c5:18:10:
                    c2:ee:5d:79:9f:38:7b:dc:70:1f:d7:44:78:7d:f6:
                    75:de:88:ca:93:34:82:41:b6:d0:13:8b:34:29:db:
                    c3:34:5e:31:f7:da:7a:40:25:3c:50:19:57:f3:3d:
                    a4:68:cb:1f:28:68:6d:3d:46:27:4d:93:88:a8:2e:
                    7c:d3:47:3b:d2:2b:7c:c3:c9:b0:34:3f:96:18:8c:
                    a1:24:2e:a4:17:42:e1:d3:38:69:13:c0:d6:ca:a4:
                    44:84:4e:c4:26:6c:b5:de:72:22:41:3c:34:20:44:
                    02:e8:98:24:45:58:b3:bf:04:55:ac:cd:3d:f9:9a:
                    d1:40:69:62:bb:98:2d:12:4a:a8:5a:9e:eb:63:b1:
                    b5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:1B:1D:8D:1E:84:69:15:1E:D6:75:97:DA:84:49:2C:67:59:5B:51
            X509v3 Authority Key Identifier:
                keyid:CF:C0:25:A9:D5:5B:FD:64:37:57:DA:4D:49:9D:CE:17:20:17:74:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8AlqdVb_WQ3V9pNSZ3OFyAXdNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/fda298-02c7-4d71-8ad3-951fd75ac9a2/1/JBsdjR6EaRUe1nWX2oRJLGdZW1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/fda298-02c7-4d71-8ad3-951fd75ac9a2/1/z8AlqdVb_WQ3V9pNSZ3OFyAXdNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:8c:22:ae:14:b5:9f:8a:c8:1b:e4:58:45:23:39:1b:3c:32:
         d2:75:d1:69:8e:98:0d:9d:9b:33:3e:ff:29:4f:e4:18:39:20:
         73:b0:55:30:03:75:d3:40:48:40:cf:8c:93:42:1f:16:3c:33:
         16:62:f4:7c:a1:0e:93:39:f8:3f:24:7e:93:02:06:7e:17:d1:
         b8:6a:c2:a5:ae:91:41:97:e9:f0:61:8e:a4:fe:8c:fd:8f:35:
         fc:03:1a:67:35:65:d4:3f:50:aa:1f:fd:16:e1:42:5c:f3:1d:
         da:b8:c2:60:1b:44:26:4c:ab:b1:ca:ce:0e:0b:78:c8:71:bf:
         ff:af:46:fd:0f:5c:fd:2f:6e:e3:57:55:82:e1:c0:11:62:cc:
         1e:a0:07:86:51:9e:5a:0e:28:56:0b:ae:5f:b8:5a:b1:d7:69:
         1d:65:55:73:fb:85:87:0d:cb:7d:e8:15:11:04:8f:d3:4d:88:
         32:ab:45:5a:ad:b1:25:b9:14:ef:4b:03:45:db:15:74:61:12:
         d8:3e:b9:72:0d:77:e9:df:44:75:89:2b:93:96:71:8e:89:b1:
         95:3b:12:29:11:0c:bc:84:dd:98:b9:86:85:67:dd:6b:23:65:
         ea:6a:8b:34:fd:74:fd:ec:c3:90:ed:1a:ca:af:cf:0b:ce:3a:
         4f:dd:05:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSraz8eEQFMXuFdvwqjCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzAyNWE5ZDU1YmZkNjQzNzU3ZGE0ZDQ5OWRjZTE3MjAx
Nzc0ZDIwHhcNMjQwMTAxMTgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDFiMWQ4ZDFlODQ2OTE1MWVkNjc1OTdkYTg0NDkyYzY3NTk1YjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOkU2lAuGf2HkLRAbEnF5TZYRvu7
lmX0eB8Uxiht0ol3pAtrtDpyXbzyyKfowKpvrIl9GM9e0PeABYXNd1uSNBihAyHz
WUJVPX5cBdI+FeFjcCzr5bqkAs6OK3EFsvl9qGibbjCY4KoCokbNnSnm/74lHrLF
GBDC7l15nzh73HAf10R4ffZ13ojKkzSCQbbQE4s0KdvDNF4x99p6QCU8UBlX8z2k
aMsfKGhtPUYnTZOIqC5800c70it8w8mwND+WGIyhJC6kF0Lh0zhpE8DWyqREhE7E
Jmy13nIiQTw0IEQC6JgkRVizvwRVrM09+ZrRQGliu5gtEkqoWp7rY7G1lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQbHY0ehGkVHtZ1l9qESSxnWVtRMB8GA1UdIwQY
MBaAFM/AJanVW/1kN1faTUmdzhcgF3TSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhBbHFkVmJfV1EzVjlwTlNaM09GeUFYZE5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9mZGEyOTgtMDJjNy00ZDcxLThhZDMt
OTUxZmQ3NWFjOWEyLzEvSkJzZGpSNkVhUlVlMW5XWDJvUkpMR2RaVzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9mZGEyOTgtMDJjNy00ZDcxLThhZDMtOTUxZmQ3NWFjOWEy
LzEvejhBbHFkVmJfV1EzVjlwTlNaM09GeUFYZE5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QeMA0G
CSqGSIb3DQEBCwUAA4IBAQAZjCKuFLWfisgb5FhFIzkbPDLSddFpjpgNnZszPv8p
T+QYOSBzsFUwA3XTQEhAz4yTQh8WPDMWYvR8oQ6TOfg/JH6TAgZ+F9G4asKlrpFB
l+nwYY6k/oz9jzX8AxpnNWXUP1CqH/0W4UJc8x3auMJgG0QmTKuxys4OC3jIcb//
r0b9D1z9L27jV1WC4cARYsweoAeGUZ5aDihWC65fuFqx12kdZVVz+4WHDct96BUR
BI/TTYgyq0VarbEluRTvSwNF2xV0YRLYPrlyDXfp30R1iSuTlnGOibGVOxIpEQy8
hN2YuYaFZ91rI2Xqaos0/XT97MOQ7RrKr88LzjpP3QXl
-----END CERTIFICATE-----