Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/JC9cViUEA16wJrSOj0WUg2U5tS0.roa
File:                     JC9cViUEA16wJrSOj0WUg2U5tS0.roa (raw, json)
Hash identifier:          YSqkK9H748UtrVGtYEka9DXedTDu3c0iGBmoVxfGePE=
Subject key identifier:   24:2F:5C:56:25:04:03:5E:B0:26:B4:8E:8F:45:94:83:65:39:B5:2D
Certificate issuer:       /CN=7792c3fc69154ac7d515bcac9daa07e78bc229cc
Certificate serial:       018CC5DC2CBDF062E1706DB50A868C863D31
Authority key identifier: 77:92:C3:FC:69:15:4A:C7:D5:15:BC:AC:9D:AA:07:E7:8B:C2:29:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d5LD_GkVSsfVFbysnaoH54vCKcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/JC9cViUEA16wJrSOj0WUg2U5tS0.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62336
IP address blocks:        185.99.56.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/d5LD_GkVSsfVFbysnaoH54vCKcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/d5LD_GkVSsfVFbysnaoH54vCKcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d5LD_GkVSsfVFbysnaoH54vCKcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2c:bd:f0:62:e1:70:6d:b5:0a:86:8c:86:3d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7792c3fc69154ac7d515bcac9daa07e78bc229cc
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=242f5c562504035eb026b48e8f4594836539b52d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:67:91:6d:2e:0e:d1:89:4c:08:08:1b:24:a4:
                    b1:94:1f:9c:41:c3:c7:2f:b4:56:86:b3:84:0b:8d:
                    c9:e7:1a:e9:88:96:8c:e5:69:30:ad:bb:a0:3b:5b:
                    f6:7e:37:32:86:5d:d1:68:2f:e5:86:12:19:29:83:
                    e6:b7:3b:75:22:0f:d4:e9:a0:2b:23:74:3e:1d:14:
                    dc:a3:f0:62:44:16:66:ad:38:d6:33:ed:be:57:6a:
                    9c:98:7f:9b:28:08:63:72:78:a8:cf:c7:73:32:50:
                    2a:0c:e2:b8:2b:e2:43:a0:2f:1a:a6:3f:df:1a:ce:
                    20:c3:91:c5:32:d2:8f:7f:b2:48:da:f1:26:06:10:
                    f7:9b:3c:83:7c:88:a8:0b:5e:de:6b:b4:16:a7:4d:
                    81:30:94:3f:d2:d7:b9:24:3d:58:e2:4e:a8:40:2d:
                    e9:2f:fe:c7:14:b4:2f:05:a9:89:ac:55:43:bf:09:
                    12:1a:1e:ca:0f:4e:ad:84:0f:39:44:d1:2e:20:31:
                    c9:b0:54:57:73:b2:30:e6:7a:9d:28:df:b8:45:c5:
                    45:80:68:9b:96:e4:31:6e:32:7e:18:6b:93:8d:4c:
                    13:b0:32:e9:71:e1:3c:5e:1a:f5:00:6e:79:63:43:
                    50:f4:40:e0:b8:a8:aa:c5:2a:f1:3f:c0:dc:b6:4f:
                    85:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:2F:5C:56:25:04:03:5E:B0:26:B4:8E:8F:45:94:83:65:39:B5:2D
            X509v3 Authority Key Identifier:
                keyid:77:92:C3:FC:69:15:4A:C7:D5:15:BC:AC:9D:AA:07:E7:8B:C2:29:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5LD_GkVSsfVFbysnaoH54vCKcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/JC9cViUEA16wJrSOj0WUg2U5tS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/d5LD_GkVSsfVFbysnaoH54vCKcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:8a:78:74:5c:c3:0b:99:43:bb:40:86:d8:64:e2:6e:7b:53:
         33:d2:7e:f4:12:53:8b:50:06:22:fd:de:be:6c:3c:f7:27:c2:
         6a:a3:a8:07:4c:c6:67:07:6d:f7:3a:77:fc:18:d7:0f:a8:b6:
         ac:fc:da:3d:20:fa:67:f4:85:27:62:a1:48:d6:f8:23:ee:49:
         74:b3:39:e5:2b:bf:a6:1a:d9:d9:ff:1e:6a:36:c5:17:0b:b1:
         0e:50:84:f0:bf:46:2d:0c:23:90:53:62:a0:14:0d:19:e3:f8:
         21:67:d1:e2:e4:0e:c4:48:3d:c0:aa:ae:3b:a7:45:f6:31:04:
         84:ad:3c:c6:06:9b:59:1c:ce:0b:8b:16:e5:f8:3a:bf:f1:23:
         49:f3:e9:be:6a:03:a7:7b:39:31:61:28:37:5e:df:0d:f9:fe:
         31:57:e3:f7:68:d6:12:14:ce:70:6c:2b:26:ce:09:77:fb:7c:
         de:c0:33:67:38:c6:a3:0c:a3:c6:0f:0d:f3:c7:e9:ba:cc:8d:
         a6:12:3f:99:0d:89:3f:33:5a:77:de:9e:85:ae:d8:06:e7:a4:
         31:42:2d:07:00:8c:35:d5:45:20:ef:73:03:a9:5a:8e:77:2b:
         d3:09:89:62:96:f0:cd:45:6c:f1:9d:be:bc:03:fd:ed:ad:e5:
         be:2a:d4:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Cy98GLhcG21CoaMhj0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OTJjM2ZjNjkxNTRhYzdkNTE1YmNhYzlkYWEwN2U3OGJj
MjI5Y2MwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDJmNWM1NjI1MDQwMzVlYjAyNmI0OGU4ZjQ1OTQ4MzY1MzliNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGeRbS4O0YlMCAgbJKSxlB+cQcPH
L7RWhrOEC43J5xrpiJaM5WkwrbugO1v2fjcyhl3RaC/lhhIZKYPmtzt1Ig/U6aAr
I3Q+HRTco/BiRBZmrTjWM+2+V2qcmH+bKAhjcnioz8dzMlAqDOK4K+JDoC8apj/f
Gs4gw5HFMtKPf7JI2vEmBhD3mzyDfIioC17ea7QWp02BMJQ/0te5JD1Y4k6oQC3p
L/7HFLQvBamJrFVDvwkSGh7KD06thA85RNEuIDHJsFRXc7Iw5nqdKN+4RcVFgGib
luQxbjJ+GGuTjUwTsDLpceE8Xhr1AG55Y0NQ9EDguKiqxSrxP8Dctk+FbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQvXFYlBANesCa0jo9FlINlObUtMB8GA1UdIwQY
MBaAFHeSw/xpFUrH1RW8rJ2qB+eLwinMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDVMRF9Ha1ZTc2ZWRmJ5c25hb0g1NHZDS2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC81MmI0OGQtMjhhOC00OGY1LWE0ZGYt
NGRiNDBhMzY1NjNlLzEvSkM5Y1ZpVUVBMTZ3SnJTT2owV1VnMlU1dFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC81MmI0OGQtMjhhOC00OGY1LWE0ZGYtNGRiNDBhMzY1NjNl
LzEvZDVMRF9Ha1ZTc2ZWRmJ5c25hb0g1NHZDS2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWM4MA0G
CSqGSIb3DQEBCwUAA4IBAQBBinh0XMMLmUO7QIbYZOJue1Mz0n70ElOLUAYi/d6+
bDz3J8Jqo6gHTMZnB233Onf8GNcPqLas/No9IPpn9IUnYqFI1vgj7kl0sznlK7+m
GtnZ/x5qNsUXC7EOUITwv0YtDCOQU2KgFA0Z4/ghZ9Hi5A7ESD3Aqq47p0X2MQSE
rTzGBptZHM4Lixbl+Dq/8SNJ8+m+agOnezkxYSg3Xt8N+f4xV+P3aNYSFM5wbCsm
zgl3+3zewDNnOMajDKPGDw3zx+m6zI2mEj+ZDYk/M1p33p6FrtgG56QxQi0HAIw1
1UUg73MDqVqOdyvTCYlilvDNRWzxnb68A/3treW+KtSV
-----END CERTIFICATE-----