Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/JzQVAYplWW6qFez98FFKsjOKt1s.roa
File:                     JzQVAYplWW6qFez98FFKsjOKt1s.roa (raw, json)
Hash identifier:          BFYfOcHHQPZ2kc69Ap1QEVtami7oRAJLxTvXiYSxNr8=
Subject key identifier:   27:34:15:01:8A:65:59:6E:AA:15:EC:FD:F0:51:4A:B2:33:8A:B7:5B
Certificate issuer:       /CN=e37a20a7f28a824f67315a566e59244aaa8c7d4a
Certificate serial:       018CC86F2ECC79986F303C659DCD04C5DAE4
Authority key identifier: E3:7A:20:A7:F2:8A:82:4F:67:31:5A:56:6E:59:24:4A:AA:8C:7D:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/43ogp_KKgk9nMVpWblkkSqqMfUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/JzQVAYplWW6qFez98FFKsjOKt1s.roa
Signing time:             Tue 02 Jan 2024 04:29:38 +0000
ROA not before:           Tue 02 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56399
IP address blocks:        91.225.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/43ogp_KKgk9nMVpWblkkSqqMfUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/43ogp_KKgk9nMVpWblkkSqqMfUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/43ogp_KKgk9nMVpWblkkSqqMfUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2e:cc:79:98:6f:30:3c:65:9d:cd:04:c5:da:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37a20a7f28a824f67315a566e59244aaa8c7d4a
        Validity
            Not Before: Jan  2 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=273415018a65596eaa15ecfdf0514ab2338ab75b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5d:71:0a:4d:07:11:e7:2f:e5:53:85:fd:95:
                    0a:04:85:30:6c:83:0b:fb:57:b9:70:f4:c1:41:b5:
                    b2:00:04:fc:56:69:5c:90:a7:fb:b7:cb:df:ab:9b:
                    cd:27:00:1f:38:90:3b:5f:76:b3:e0:1a:38:a3:76:
                    f5:14:22:21:6c:e5:29:76:95:a1:41:e1:fe:3e:2f:
                    58:f9:1b:4b:1d:9d:39:f3:3f:c6:29:47:08:e2:52:
                    28:da:18:ff:1c:62:81:d0:f5:cc:68:41:83:b6:8d:
                    99:de:fd:df:49:63:76:a5:53:4b:96:82:5e:23:41:
                    a0:f3:b6:07:57:70:ef:4a:05:58:81:f3:4a:87:74:
                    6d:8d:e7:b0:a0:17:ff:a1:9b:47:39:e3:ab:c6:61:
                    5b:bd:21:bc:e8:79:16:22:ec:8a:be:3a:f1:ec:88:
                    47:4a:21:3c:17:ce:52:ae:40:c9:60:1c:41:9d:19:
                    e9:6c:9d:f1:a9:37:23:1d:63:84:47:15:53:06:5a:
                    d1:fa:dc:a4:c8:58:5e:cf:46:be:b5:1f:d7:82:e8:
                    2f:9b:65:44:92:68:50:63:57:03:69:ce:50:4a:0d:
                    e7:61:9d:26:97:33:70:4f:6f:62:48:ae:da:a2:c8:
                    47:fa:9b:9f:48:0d:56:7d:31:65:74:f1:5d:c3:b1:
                    6f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:34:15:01:8A:65:59:6E:AA:15:EC:FD:F0:51:4A:B2:33:8A:B7:5B
            X509v3 Authority Key Identifier:
                keyid:E3:7A:20:A7:F2:8A:82:4F:67:31:5A:56:6E:59:24:4A:AA:8C:7D:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/43ogp_KKgk9nMVpWblkkSqqMfUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/JzQVAYplWW6qFez98FFKsjOKt1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/43ogp_KKgk9nMVpWblkkSqqMfUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:8c:71:52:3f:1c:f7:df:e1:4a:06:71:10:1a:5a:0b:44:68:
         4d:0c:2b:b2:f3:a8:27:0e:02:d4:ad:42:18:d0:ca:37:1b:b4:
         26:42:f0:79:84:2a:04:f7:7c:18:8a:b8:2a:af:a4:fe:8e:d7:
         6e:f3:ef:d9:6f:d7:f8:b4:9c:97:3e:7d:88:ff:2e:5b:0b:38:
         15:89:ba:7a:0a:de:63:ab:07:a2:a4:51:41:0f:91:7c:2f:06:
         be:e8:1b:ff:93:8c:dd:32:91:c4:6c:cb:59:19:94:ab:a3:be:
         45:ca:22:52:0a:72:fc:ca:e1:d0:72:1e:48:69:e5:d9:9c:71:
         b3:9d:b5:8c:f8:59:03:eb:9a:a5:72:be:3e:32:c9:0e:1f:23:
         cf:91:cd:d5:39:09:62:e4:a5:78:fb:fa:c6:56:92:ac:12:61:
         83:61:aa:61:36:b5:05:71:41:f2:76:97:86:ad:b1:6f:9b:4d:
         d2:3d:9f:04:1a:30:15:ba:d2:40:f3:c2:9f:22:c4:5a:40:75:
         6f:b2:02:18:6b:02:01:e4:39:d0:dd:04:06:10:3a:ca:40:d1:
         b0:f3:cf:9e:75:e8:45:dc:e3:e8:d0:80:d0:02:b9:fb:d4:ad:
         a8:92:1a:a2:19:38:0e:d1:89:64:d9:a0:ad:0c:27:e0:e9:ec:
         76:0f:7e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIby7MeZhvMDxlnc0ExdrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2EyMGE3ZjI4YTgyNGY2NzMxNWE1NjZlNTkyNDRhYWE4
YzdkNGEwHhcNMjQwMTAyMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzM0MTUwMThhNjU1OTZlYWExNWVjZmRmMDUxNGFiMjMzOGFiNzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF1xCk0HEecv5VOF/ZUKBIUwbIML
+1e5cPTBQbWyAAT8VmlckKf7t8vfq5vNJwAfOJA7X3az4Bo4o3b1FCIhbOUpdpWh
QeH+Pi9Y+RtLHZ058z/GKUcI4lIo2hj/HGKB0PXMaEGDto2Z3v3fSWN2pVNLloJe
I0Gg87YHV3DvSgVYgfNKh3RtjeewoBf/oZtHOeOrxmFbvSG86HkWIuyKvjrx7IhH
SiE8F85SrkDJYBxBnRnpbJ3xqTcjHWOERxVTBlrR+tykyFhez0a+tR/Xgugvm2VE
kmhQY1cDac5QSg3nYZ0mlzNwT29iSK7aoshH+pufSA1WfTFldPFdw7FvOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCc0FQGKZVluqhXs/fBRSrIzirdbMB8GA1UdIwQY
MBaAFON6IKfyioJPZzFaVm5ZJEqqjH1KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDNvZ3BfS0tnazluTVZwV2Jsa2tTcXFNZlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hYzU5OGYtNWY1Mi00MzMwLWIwMTMt
NTcwNjllMDgwM2I1LzEvSnpRVkFZcGxXVzZxRmV6OThGRktzak9LdDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hYzU5OGYtNWY1Mi00MzMwLWIwMTMtNTcwNjllMDgwM2I1
LzEvNDNvZ3BfS0tnazluTVZwV2Jsa2tTcXFNZlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+GkMA0G
CSqGSIb3DQEBCwUAA4IBAQCljHFSPxz33+FKBnEQGloLRGhNDCuy86gnDgLUrUIY
0Mo3G7QmQvB5hCoE93wYirgqr6T+jtdu8+/Zb9f4tJyXPn2I/y5bCzgVibp6Ct5j
qweipFFBD5F8Lwa+6Bv/k4zdMpHEbMtZGZSro75FyiJSCnL8yuHQch5IaeXZnHGz
nbWM+FkD65qlcr4+MskOHyPPkc3VOQli5KV4+/rGVpKsEmGDYaphNrUFcUHydpeG
rbFvm03SPZ8EGjAVutJA88KfIsRaQHVvsgIYawIB5DnQ3QQGEDrKQNGw88+edehF
3OPo0IDQArn71K2okhqiGTgO0Ylk2aCtDCfg6ex2D34D
-----END CERTIFICATE-----