Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/jp-3SG9n8ET0F2YMg9twAtFkZgY.roa
File:                     jp-3SG9n8ET0F2YMg9twAtFkZgY.roa (raw, json)
Hash identifier:          Wp4JriT2T+fqywzcS8usdCQCIHDZKuUEYiMK8kXs26M=
Subject key identifier:   8E:9F:B7:48:6F:67:F0:44:F4:17:66:0C:83:DB:70:02:D1:64:66:06
Certificate issuer:       /CN=fb061a39f0a037923113d6b8bb9b5bdab5b2f466
Certificate serial:       018D651ED6D0FBE278B1A0923CCA3498808D
Authority key identifier: FB:06:1A:39:F0:A0:37:92:31:13:D6:B8:BB:9B:5B:DA:B5:B2:F4:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/jp-3SG9n8ET0F2YMg9twAtFkZgY.roa
Signing time:             Thu 01 Feb 2024 14:42:16 +0000
ROA not before:           Thu 01 Feb 2024 14:42:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208293
IP address blocks:        78.109.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:1e:d6:d0:fb:e2:78:b1:a0:92:3c:ca:34:98:80:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb061a39f0a037923113d6b8bb9b5bdab5b2f466
        Validity
            Not Before: Feb  1 14:42:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e9fb7486f67f044f417660c83db7002d1646606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:65:52:db:45:7c:9e:41:48:5c:69:0e:50:2a:
                    e1:e4:63:a0:4f:1d:4f:3a:9b:50:3f:bc:03:36:90:
                    e4:74:8b:9d:a6:66:6a:c4:7e:6a:49:eb:aa:8d:98:
                    92:5d:9d:b0:c2:fe:a0:fd:95:21:ac:1b:b1:eb:7b:
                    5f:32:20:0e:b8:59:2b:52:ce:ce:f9:8d:ac:99:35:
                    6b:1f:45:07:cb:cc:cb:29:70:e2:dd:76:23:a9:15:
                    71:d3:97:26:26:e9:d7:36:4e:92:94:48:33:c7:c8:
                    33:31:54:63:91:d3:e4:cb:26:a8:ad:c0:25:7c:65:
                    1d:be:af:e5:ee:3f:e6:98:3d:32:ba:16:e4:10:c0:
                    03:0a:8e:30:da:68:46:ea:67:dc:fb:d1:ac:46:c8:
                    d5:8e:41:e6:7e:ad:a7:ff:05:86:56:77:f4:32:28:
                    49:96:6d:eb:0d:29:1b:ed:dd:12:2f:38:58:f7:a4:
                    8e:89:98:d1:58:ea:3d:24:3e:af:41:9a:c8:83:96:
                    1b:4f:02:32:74:c2:67:74:96:28:0d:fe:98:25:b2:
                    13:1c:e7:b1:7a:a4:59:d9:08:42:70:8d:72:2c:33:
                    d4:59:32:b6:11:c7:4c:58:9e:47:ea:ac:d0:1a:dd:
                    58:6c:24:cc:15:83:f6:ff:10:53:e9:df:86:7f:33:
                    a8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:9F:B7:48:6F:67:F0:44:F4:17:66:0C:83:DB:70:02:D1:64:66:06
            X509v3 Authority Key Identifier:
                keyid:FB:06:1A:39:F0:A0:37:92:31:13:D6:B8:BB:9B:5B:DA:B5:B2:F4:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/jp-3SG9n8ET0F2YMg9twAtFkZgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.109.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:e4:83:6e:e3:46:55:d9:98:59:28:e8:12:37:fe:41:44:7c:
         e2:40:dc:d3:89:d5:92:0c:e3:7f:30:3a:76:85:5d:cb:5a:74:
         b9:45:03:f3:a8:99:ec:00:93:a3:62:b6:d1:2a:e2:c3:c0:18:
         53:cf:bd:e3:e0:4e:6e:2f:2e:b9:6e:35:ad:93:2c:11:54:b8:
         63:e4:8e:24:50:79:db:1c:5e:db:3d:8b:42:6b:49:ae:7b:6b:
         01:3e:a5:7f:f1:19:60:41:fe:b1:4b:bd:37:22:eb:41:c6:8a:
         91:14:c4:86:7c:a7:45:89:89:08:86:63:05:71:18:fc:ab:c7:
         7d:96:ed:2a:c4:37:9c:88:5c:5a:34:a3:0e:f2:31:8d:58:3c:
         31:10:06:d6:63:72:d4:9f:8a:71:a2:e5:9e:27:ed:ff:05:55:
         80:32:4f:3c:c3:38:67:ad:e0:1e:7d:1e:1a:24:7e:75:6f:4d:
         d5:5d:16:f5:ab:ee:c8:4a:d7:d4:e5:8f:a9:62:9d:25:23:00:
         7a:09:e8:89:68:00:65:e3:f4:d4:97:cf:20:ac:6a:38:bb:1b:
         49:97:b8:13:79:15:89:2c:6d:03:91:03:d4:1e:8a:ad:ad:c4:
         e0:c3:28:bc:41:98:fa:10:b4:51:3b:3b:e7:b3:fe:98:b3:3c:
         72:15:f2:db
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY1lHtbQ++J4saCSPMo0mICNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMDYxYTM5ZjBhMDM3OTIzMTEzZDZiOGJiOWI1YmRhYjVi
MmY0NjYwHhcNMjQwMjAxMTQ0MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTlmYjc0ODZmNjdmMDQ0ZjQxNzY2MGM4M2RiNzAwMmQxNjQ2NjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmVS20V8nkFIXGkOUCrh5GOgTx1P
OptQP7wDNpDkdIudpmZqxH5qSeuqjZiSXZ2wwv6g/ZUhrBux63tfMiAOuFkrUs7O
+Y2smTVrH0UHy8zLKXDi3XYjqRVx05cmJunXNk6SlEgzx8gzMVRjkdPkyyaorcAl
fGUdvq/l7j/mmD0yuhbkEMADCo4w2mhG6mfc+9GsRsjVjkHmfq2n/wWGVnf0MihJ
lm3rDSkb7d0SLzhY96SOiZjRWOo9JD6vQZrIg5YbTwIydMJndJYoDf6YJbITHOex
eqRZ2QhCcI1yLDPUWTK2EcdMWJ5H6qzQGt1YbCTMFYP2/xBT6d+GfzOoCwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI6ft0hvZ/BE9BdmDIPbcALRZGYGMB8GA1UdIwQY
MBaAFPsGGjnwoDeSMRPWuLubW9q1svRmMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS13WWFPZkNnTjVJeEU5YTR1NXRiMnJXeTlHWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvYTMyOTRiLWQ0NzgtNGRiZC1hYWU1
LWZkMTY3YWQ5MmE5ZC8xL2pwLTNTRzluOEVUMEYyWU1nOXR3QXRGa1pnWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjMvYTMyOTRiLWQ0NzgtNGRiZC1hYWU1LWZkMTY3YWQ5MmE5
ZC8xLzEtd1lhT2ZDZ041SXhFOWE0dTV0YjJyV3k5R1kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABObeEw
DQYJKoZIhvcNAQELBQADggEBAIXkg27jRlXZmFko6BI3/kFEfOJA3NOJ1ZIM438w
OnaFXctadLlFA/OomewAk6NittEq4sPAGFPPvePgTm4vLrluNa2TLBFUuGPkjiRQ
edscXts9i0JrSa57awE+pX/xGWBB/rFLvTci60HGipEUxIZ8p0WJiQiGYwVxGPyr
x32W7SrEN5yIXFo0ow7yMY1YPDEQBtZjctSfinGi5Z4n7f8FVYAyTzzDOGet4B59
HhokfnVvTdVdFvWr7shK19Tlj6linSUjAHoJ6IloAGXj9NSXzyCsaji7G0mXuBN5
FYksbQORA9Qeiq2txODDKLxBmPoQtFE7O+ez/pizPHIV8ts=
-----END CERTIFICATE-----