Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/JyvFZkmMeaB-NHbkeSqyXoDWXkk.roa
File:                     JyvFZkmMeaB-NHbkeSqyXoDWXkk.roa (raw, json)
Hash identifier:          A2J8T3TnsjTp/ujnd/lV29pPTKDI3V0DoD524pY6OvU=
Subject key identifier:   27:2B:C5:66:49:8C:79:A0:7E:34:76:E4:79:2A:B2:5E:80:D6:5E:49
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018E7F84FA5E59BEBA961BA4C5D9AD9A014F
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/JyvFZkmMeaB-NHbkeSqyXoDWXkk.roa
Signing time:             Wed 27 Mar 2024 10:46:45 +0000
ROA not before:           Wed 27 Mar 2024 10:46:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        146.247.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:84:fa:5e:59:be:ba:96:1b:a4:c5:d9:ad:9a:01:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Mar 27 10:46:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=272bc566498c79a07e3476e4792ab25e80d65e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:46:23:aa:cf:4e:75:7e:40:92:1e:ce:c0:2e:
                    12:11:2e:41:12:55:93:81:64:88:49:e0:04:09:f0:
                    b6:f5:73:58:ab:eb:c5:00:f2:5f:f5:ad:f0:2c:23:
                    e7:a3:1f:6a:b9:07:f3:a1:d9:46:ad:de:33:bf:57:
                    9c:92:be:2b:b4:aa:69:c8:73:c1:6a:69:b7:60:60:
                    34:7b:36:b2:ab:81:cf:0e:82:9f:6b:42:43:66:91:
                    a9:79:7c:89:9f:28:b2:fc:9d:ce:4b:0b:07:dd:85:
                    cd:b3:81:4a:f6:9b:7b:8c:8f:ac:cb:5d:cb:a4:56:
                    16:d7:40:23:1a:68:4b:78:89:0c:69:af:21:52:70:
                    5d:5c:a6:b4:5e:45:16:6c:47:0d:ab:52:c6:0a:89:
                    fb:fd:5c:3c:c0:6a:fd:5b:8c:e2:1b:f4:c5:83:81:
                    eb:13:aa:15:56:df:b0:92:2b:3b:1a:7c:5b:0a:e2:
                    75:d5:9e:e7:16:f1:41:42:77:31:24:d7:d1:a8:b8:
                    6e:b6:cc:76:8d:18:4a:24:d9:92:ef:e7:6b:98:53:
                    c8:f9:ff:5f:68:c9:4f:7d:ff:47:00:be:73:e8:fd:
                    80:9d:11:8c:35:6d:c6:ba:66:e8:83:0f:81:3f:b8:
                    ef:f0:bb:9f:5d:0a:e6:dc:2a:7d:0d:a3:29:98:1d:
                    05:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2B:C5:66:49:8C:79:A0:7E:34:76:E4:79:2A:B2:5E:80:D6:5E:49
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/JyvFZkmMeaB-NHbkeSqyXoDWXkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:16:6c:52:e6:e0:f7:09:90:5c:28:e6:15:a1:00:80:ff:3f:
         e1:96:41:b0:a5:bb:8b:78:50:6b:bf:3a:8b:6c:b5:f4:2a:08:
         9e:47:ae:38:01:dd:70:a1:d6:1c:ce:c7:ca:76:6a:13:f3:56:
         85:50:22:95:b5:9e:66:22:33:23:2e:95:75:c2:4f:1b:68:63:
         5a:6b:1b:e0:49:b7:aa:b3:90:11:73:f7:a9:ef:f6:71:0e:70:
         cd:81:0b:98:3e:6f:da:11:eb:47:10:16:5b:82:ed:38:f6:19:
         70:a2:68:ad:1f:48:74:dc:79:ae:fa:81:da:02:23:92:24:a7:
         12:ce:86:76:5f:d9:01:a7:1c:ae:9b:d9:d2:54:91:aa:fa:ce:
         21:bc:1c:48:31:e3:dc:6e:4a:3c:10:d9:d4:cf:6e:22:68:18:
         17:f9:41:07:d2:3c:cb:b1:a2:d1:08:a8:ea:01:ff:c5:33:fb:
         44:36:b4:f4:02:c1:5c:7a:42:c4:33:00:09:a8:30:2b:9e:fd:
         ab:e1:de:0e:9a:d4:b0:48:15:03:10:2c:cb:ab:35:6a:77:fb:
         18:03:cf:88:f6:17:44:83:82:aa:f6:cd:44:67:f6:41:47:b1:
         7b:b0:1c:15:76:49:02:0f:81:35:2d:58:05:c8:9a:6c:ed:a5:
         88:2a:36:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/hPpeWb66lhukxdmtmgFPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwMzI3MTA0NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJiYzU2NjQ5OGM3OWEwN2UzNDc2ZTQ3OTJhYjI1ZTgwZDY1ZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykYjqs9OdX5Akh7OwC4SES5BElWT
gWSISeAECfC29XNYq+vFAPJf9a3wLCPnox9quQfzodlGrd4zv1eckr4rtKppyHPB
amm3YGA0ezayq4HPDoKfa0JDZpGpeXyJnyiy/J3OSwsH3YXNs4FK9pt7jI+sy13L
pFYW10AjGmhLeIkMaa8hUnBdXKa0XkUWbEcNq1LGCon7/Vw8wGr9W4ziG/TFg4Hr
E6oVVt+wkis7GnxbCuJ11Z7nFvFBQncxJNfRqLhutsx2jRhKJNmS7+drmFPI+f9f
aMlPff9HAL5z6P2AnRGMNW3Gumbogw+BP7jv8LufXQrm3Cp9DaMpmB0F1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcrxWZJjHmgfjR25Hkqsl6A1l5JMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvSnl2RlprbU1lYUItTkhia2VTcXlYb0RXWGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvd7MA0G
CSqGSIb3DQEBCwUAA4IBAQAQFmxS5uD3CZBcKOYVoQCA/z/hlkGwpbuLeFBrvzqL
bLX0KgieR644Ad1wodYczsfKdmoT81aFUCKVtZ5mIjMjLpV1wk8baGNaaxvgSbeq
s5ARc/ep7/ZxDnDNgQuYPm/aEetHEBZbgu049hlwomitH0h03Hmu+oHaAiOSJKcS
zoZ2X9kBpxyum9nSVJGq+s4hvBxIMePcbko8ENnUz24iaBgX+UEH0jzLsaLRCKjq
Af/FM/tENrT0AsFcekLEMwAJqDArnv2r4d4OmtSwSBUDECzLqzVqd/sYA8+I9hdE
g4Kq9s1EZ/ZBR7F7sBwVdkkCD4E1LVgFyJps7aWIKjZC
-----END CERTIFICATE-----