Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/JRVztGK8XOcz2d7MhpsRhajnNt0.roa
File:                     JRVztGK8XOcz2d7MhpsRhajnNt0.roa (raw, json)
Hash identifier:          zH690o7DHuqsVpYNCSte/wK4sJBigZCEk8Wkmeh98SU=
Subject key identifier:   25:15:73:B4:62:BC:5C:E7:33:D9:DE:CC:86:9B:11:85:A8:E7:36:DD
Certificate issuer:       /CN=09c552498881876556f16e323f1ca369b25edb0c
Certificate serial:       018CC50108C6E08106AA98A461917229A814
Authority key identifier: 09:C5:52:49:88:81:87:65:56:F1:6E:32:3F:1C:A3:69:B2:5E:DB:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CcVSSYiBh2VW8W4yPxyjabJe2ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/JRVztGK8XOcz2d7MhpsRhajnNt0.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48943
IP address blocks:        193.28.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/CcVSSYiBh2VW8W4yPxyjabJe2ww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/CcVSSYiBh2VW8W4yPxyjabJe2ww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CcVSSYiBh2VW8W4yPxyjabJe2ww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:08:c6:e0:81:06:aa:98:a4:61:91:72:29:a8:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09c552498881876556f16e323f1ca369b25edb0c
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=251573b462bc5ce733d9decc869b1185a8e736dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a5:cb:2f:04:13:8b:ac:52:89:11:d1:1d:b0:
                    b5:cb:db:65:b3:b6:18:56:9b:01:93:0a:da:96:af:
                    8c:c5:d8:81:09:4a:29:6b:05:98:07:9e:d5:41:85:
                    c4:7c:90:1c:f9:91:fe:06:75:c3:75:7c:8c:c6:f0:
                    c0:8c:27:d3:4c:e6:08:1a:6b:a1:3c:dd:b5:ee:10:
                    18:c4:9b:45:f8:95:82:10:b1:e4:a4:4d:12:ff:54:
                    fa:80:c1:5d:9a:22:01:21:ab:aa:5d:bc:41:ed:15:
                    29:de:32:5a:4f:f5:d9:5a:d7:f4:f0:96:b4:bd:e4:
                    45:43:60:79:7b:13:25:73:cf:80:23:ad:c4:54:56:
                    a6:b6:51:93:b3:16:df:56:6b:91:28:68:87:3e:cf:
                    ed:66:c1:eb:68:81:5f:2f:98:54:cf:55:74:c2:43:
                    c2:5e:19:1b:c5:19:22:7e:24:00:95:00:87:94:97:
                    2f:6e:8d:21:68:ca:e0:f7:b7:45:18:7d:ad:1a:6f:
                    2d:91:a2:70:39:6f:97:7a:ea:df:a2:42:83:00:f6:
                    73:8f:b5:43:b5:8f:1d:6b:50:c8:82:2a:d4:05:3b:
                    c0:2a:bd:0a:e5:0f:62:df:7d:e3:12:9d:b0:1e:b3:
                    25:a7:80:2c:d3:b2:89:51:06:73:23:2e:8e:cd:e6:
                    a8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:15:73:B4:62:BC:5C:E7:33:D9:DE:CC:86:9B:11:85:A8:E7:36:DD
            X509v3 Authority Key Identifier:
                keyid:09:C5:52:49:88:81:87:65:56:F1:6E:32:3F:1C:A3:69:B2:5E:DB:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CcVSSYiBh2VW8W4yPxyjabJe2ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/JRVztGK8XOcz2d7MhpsRhajnNt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/CcVSSYiBh2VW8W4yPxyjabJe2ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:fa:2b:e8:05:e6:cb:57:f5:39:9a:46:78:74:8a:ea:36:95:
         a3:7f:77:26:3f:40:45:c9:40:84:81:8d:6f:1c:b7:43:e8:83:
         14:0e:db:5f:e4:d2:3a:e0:2c:0b:a9:1c:a7:d9:44:15:be:d6:
         3d:93:b8:d6:de:b2:d6:ea:0d:af:b7:e0:79:5e:7e:1a:87:7b:
         ad:1e:6a:05:d9:1d:29:46:62:90:cd:4e:3e:bd:80:95:c8:84:
         fe:f0:69:e3:bd:5d:cb:62:3c:37:22:f0:4a:c0:ee:0a:38:1a:
         4e:24:83:f8:78:a7:68:9b:cf:fc:da:9e:f8:0f:8e:28:46:82:
         5c:68:53:24:d2:47:6b:51:e3:5f:c1:08:de:97:7d:ce:dd:ca:
         ab:cf:df:8f:f0:af:97:05:68:04:a2:3c:92:ba:a3:11:a5:aa:
         4a:42:24:55:68:03:8f:17:0f:99:1d:0a:02:9a:33:00:0c:3e:
         1e:88:5c:c3:6c:45:0b:e8:ca:a8:eb:f1:af:c9:80:a0:7f:8b:
         a6:c5:cf:ab:c8:93:ca:5d:b9:02:71:8b:6f:2c:1f:c1:1d:1e:
         41:13:a6:f0:35:bf:4f:57:13:81:9d:7a:92:d1:3c:12:64:90:
         2f:cc:bd:dd:94:78:db:d2:e6:37:6d:12:47:a3:cd:a7:35:c5:
         85:24:de:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQjG4IEGqpikYZFyKagUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YzU1MjQ5ODg4MTg3NjU1NmYxNmUzMjNmMWNhMzY5YjI1
ZWRiMGMwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTE1NzNiNDYyYmM1Y2U3MzNkOWRlY2M4NjliMTE4NWE4ZTczNmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqXLLwQTi6xSiRHRHbC1y9tls7YY
VpsBkwralq+MxdiBCUopawWYB57VQYXEfJAc+ZH+BnXDdXyMxvDAjCfTTOYIGmuh
PN217hAYxJtF+JWCELHkpE0S/1T6gMFdmiIBIauqXbxB7RUp3jJaT/XZWtf08Ja0
veRFQ2B5exMlc8+AI63EVFamtlGTsxbfVmuRKGiHPs/tZsHraIFfL5hUz1V0wkPC
XhkbxRkifiQAlQCHlJcvbo0haMrg97dFGH2tGm8tkaJwOW+XeurfokKDAPZzj7VD
tY8da1DIgirUBTvAKr0K5Q9i333jEp2wHrMlp4As07KJUQZzIy6OzeaoMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUVc7RivFznM9nezIabEYWo5zbdMB8GA1UdIwQY
MBaAFAnFUkmIgYdlVvFuMj8co2myXtsMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2NWU1NZaUJoMlZXOFc0eVB4eWphYkplMnd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jMzRjMzAtODFiNC00ZGJlLTgzZTgt
MTFmMzY1YTczNTJjLzEvSlJWenRHSzhYT2N6MmQ3TWhwc1JoYWpuTnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jMzRjMzAtODFiNC00ZGJlLTgzZTgtMTFmMzY1YTczNTJj
LzEvQ2NWU1NZaUJoMlZXOFc0eVB4eWphYkplMnd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRwMMA0G
CSqGSIb3DQEBCwUAA4IBAQBI+ivoBebLV/U5mkZ4dIrqNpWjf3cmP0BFyUCEgY1v
HLdD6IMUDttf5NI64CwLqRyn2UQVvtY9k7jW3rLW6g2vt+B5Xn4ah3utHmoF2R0p
RmKQzU4+vYCVyIT+8GnjvV3LYjw3IvBKwO4KOBpOJIP4eKdom8/82p74D44oRoJc
aFMk0kdrUeNfwQjel33O3cqrz9+P8K+XBWgEojySuqMRpapKQiRVaAOPFw+ZHQoC
mjMADD4eiFzDbEUL6Mqo6/GvyYCgf4umxc+ryJPKXbkCcYtvLB/BHR5BE6bwNb9P
VxOBnXqS0TwSZJAvzL3dlHjb0uY3bRJHo82nNcWFJN6U
-----END CERTIFICATE-----