Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/JKBflARmJ34B2jka1mCDx1XBCUQ.roa
File:                     JKBflARmJ34B2jka1mCDx1XBCUQ.roa (raw, json)
Hash identifier:          r9L+ROn73Wbed7xM+bA3RbEOGxFGj7oTq9G4X2brk+0=
Subject key identifier:   24:A0:5F:94:04:66:27:7E:01:DA:39:1A:D6:60:83:C7:55:C1:09:44
Certificate issuer:       /CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
Certificate serial:       018CC870A65C199B98C2F0A31D6B9DEEDD4E
Authority key identifier: DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/JKBflARmJ34B2jka1mCDx1XBCUQ.roa
Signing time:             Tue 02 Jan 2024 04:31:14 +0000
ROA not before:           Tue 02 Jan 2024 04:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204922
IP address blocks:        193.16.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:a6:5c:19:9b:98:c2:f0:a3:1d:6b:9d:ee:dd:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
        Validity
            Not Before: Jan  2 04:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24a05f940466277e01da391ad66083c755c10944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:52:1c:c0:cc:ac:0e:da:45:f2:ae:2c:d2:29:
                    73:59:f0:23:2b:78:2b:9e:11:7b:dd:1e:8b:b8:98:
                    87:21:32:b3:9f:cb:4f:d7:b8:60:5b:26:3c:7f:5e:
                    da:56:5c:f7:b7:b8:07:56:e3:be:71:a8:87:40:5f:
                    19:b8:62:f2:1d:53:75:49:c7:ff:dc:25:e5:d0:cd:
                    45:dc:3b:8d:07:9a:30:b8:b6:d2:6f:a6:53:4b:d2:
                    a5:79:9f:a8:89:f5:7f:8d:e4:14:5e:32:e3:e6:31:
                    a9:94:62:9a:21:b1:d3:89:0c:9d:2d:e3:69:ed:ac:
                    12:f1:d5:45:9f:2f:17:c2:a6:5e:f7:04:92:73:4e:
                    2c:45:95:bb:30:43:11:fc:e5:6f:62:c5:8c:cb:8e:
                    f4:99:06:d7:cb:d8:61:2d:4b:3e:01:d0:e8:08:e3:
                    9f:81:39:8a:a4:d7:44:c4:89:ee:a3:2e:7d:a0:6e:
                    c4:ea:ee:32:dc:f7:84:0b:75:8a:27:19:dd:71:c4:
                    1c:f4:fc:19:bb:6e:1e:a7:5d:1a:78:ff:61:92:50:
                    5a:47:0f:f7:9b:27:03:93:da:a7:c0:8f:a2:c6:78:
                    9b:22:c1:da:a4:0d:e1:c2:54:9b:fb:bc:d8:6a:57:
                    cf:1b:45:38:f5:00:7f:8f:ef:ed:b9:7e:e4:e4:83:
                    22:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A0:5F:94:04:66:27:7E:01:DA:39:1A:D6:60:83:C7:55:C1:09:44
            X509v3 Authority Key Identifier:
                keyid:DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/JKBflARmJ34B2jka1mCDx1XBCUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:fb:a3:7e:3d:5b:8a:0f:56:31:29:aa:4f:9f:8e:6a:b2:90:
         b5:00:b8:09:65:0e:1b:ab:b8:c4:26:85:c4:74:7c:31:1a:a9:
         36:d3:aa:4b:a5:87:26:3a:22:a9:33:df:59:d1:6a:e5:96:19:
         1f:ea:9c:ab:c6:f7:0a:69:0a:1b:52:c7:02:8a:c9:c5:e8:a5:
         95:6a:97:fa:43:01:c6:ff:2b:ca:f5:32:7a:5c:46:dd:e4:e3:
         bb:b4:27:7a:f8:6a:3d:f7:bd:ee:8f:6d:26:65:a0:8b:34:82:
         2f:28:df:89:0a:a4:a2:0b:b1:b7:30:76:00:cf:ca:a9:17:4a:
         6d:93:f3:29:bb:90:9a:aa:8c:76:80:98:82:52:0a:0e:65:cd:
         98:90:7f:55:06:12:c6:db:ab:52:ba:93:09:83:dc:df:8f:e4:
         dc:0c:a1:75:9c:34:5d:29:af:09:4a:20:d6:ae:75:cd:a1:98:
         95:61:39:11:e2:8c:17:76:f9:ab:b2:2d:3c:bd:06:75:b5:ee:
         0e:6a:a0:81:f1:fd:71:a2:85:15:88:89:51:13:99:26:f7:37:
         6a:4c:80:79:43:74:46:c3:58:9a:78:04:9e:98:25:e2:a5:5a:
         09:26:74:26:2a:e0:98:82:c8:c7:1b:f4:d9:99:c1:31:12:e8:
         35:95:c6:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcKZcGZuYwvCjHWud7t1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiY2MyYmJhZjNlMGQ0MzQyYTAxNGY4YjcwZjg3M2NlZTlh
OGNhYzUwHhcNMjQwMTAyMDQzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEwNWY5NDA0NjYyNzdlMDFkYTM5MWFkNjYwODNjNzU1YzEwOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1IcwMysDtpF8q4s0ilzWfAjK3gr
nhF73R6LuJiHITKzn8tP17hgWyY8f17aVlz3t7gHVuO+caiHQF8ZuGLyHVN1Scf/
3CXl0M1F3DuNB5owuLbSb6ZTS9KleZ+oifV/jeQUXjLj5jGplGKaIbHTiQydLeNp
7awS8dVFny8XwqZe9wSSc04sRZW7MEMR/OVvYsWMy470mQbXy9hhLUs+AdDoCOOf
gTmKpNdExInuoy59oG7E6u4y3PeEC3WKJxndccQc9PwZu24ep10aeP9hklBaRw/3
mycDk9qnwI+ixnibIsHapA3hwlSb+7zYalfPG0U49QB/j+/tuX7k5IMiSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSgX5QEZid+Ado5GtZgg8dVwQlEMB8GA1UdIwQY
MBaAFNvMK7rz4NQ0KgFPi3D4c87pqMrFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4Yzkt
ZjRkNWU4NGFjMWRkLzEvSktCZmxBUm1KMzRCMmprYTFtQ0R4MVhCQ1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4YzktZjRkNWU4NGFjMWRk
LzEvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRDqMA0G
CSqGSIb3DQEBCwUAA4IBAQAP+6N+PVuKD1YxKapPn45qspC1ALgJZQ4bq7jEJoXE
dHwxGqk206pLpYcmOiKpM99Z0Wrllhkf6pyrxvcKaQobUscCisnF6KWVapf6QwHG
/yvK9TJ6XEbd5OO7tCd6+Go9973uj20mZaCLNIIvKN+JCqSiC7G3MHYAz8qpF0pt
k/Mpu5Caqox2gJiCUgoOZc2YkH9VBhLG26tSupMJg9zfj+TcDKF1nDRdKa8JSiDW
rnXNoZiVYTkR4owXdvmrsi08vQZ1te4OaqCB8f1xooUViIlRE5km9zdqTIB5Q3RG
w1iaeASemCXipVoJJnQmKuCYgsjHG/TZmcExEug1lcbD
-----END CERTIFICATE-----