Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/JxqshhcKdZ0yRGCQ5F9n_JcNPFI.roa
File:                     JxqshhcKdZ0yRGCQ5F9n_JcNPFI.roa (raw, json)
Hash identifier:          Qb/UPpdJBI+4gVCSIa5D48Dk6PtpeSIq4RWXPzyD+/s=
Subject key identifier:   27:1A:AC:86:17:0A:75:9D:32:44:60:90:E4:5F:67:FC:97:0D:3C:52
Certificate issuer:       /CN=98fb582c1cd1881f2d46d0a70382cab69225f1a9
Certificate serial:       01919E1BBACE2E408725FE5ABA9D6754484C
Authority key identifier: 98:FB:58:2C:1C:D1:88:1F:2D:46:D0:A7:03:82:CA:B6:92:25:F1:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/JxqshhcKdZ0yRGCQ5F9n_JcNPFI.roa
Signing time:             Thu 29 Aug 2024 12:28:22 +0000
ROA not before:           Thu 29 Aug 2024 12:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.1.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9e:1b:ba:ce:2e:40:87:25:fe:5a:ba:9d:67:54:48:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98fb582c1cd1881f2d46d0a70382cab69225f1a9
        Validity
            Not Before: Aug 29 12:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=271aac86170a759d32446090e45f67fc970d3c52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ff:38:83:ed:07:d6:f5:1f:52:6a:a6:ed:8f:
                    1b:0e:93:99:61:18:db:1b:b7:9f:50:eb:64:3c:21:
                    75:57:24:43:19:a5:29:a9:d9:a7:b3:ad:99:12:78:
                    25:06:4f:37:ac:fe:83:08:1f:9d:85:97:dc:05:59:
                    14:d3:a9:15:42:1f:10:13:ee:f9:b9:f1:e1:5c:2e:
                    5a:fe:b8:92:9c:e7:37:49:a4:0a:e1:d1:1a:f4:43:
                    28:c5:57:cd:e2:4a:4c:da:94:c4:55:d7:8b:71:71:
                    63:ea:b3:1a:c9:46:64:09:74:af:67:68:b2:f9:c3:
                    b8:36:a8:8e:45:5d:5a:09:3b:b7:ea:82:50:e2:27:
                    a4:24:d6:8a:a4:c3:ae:50:16:9f:c3:5f:c6:14:a8:
                    63:3d:a5:08:e9:09:f5:17:8e:38:b2:1d:2f:85:35:
                    01:07:48:4e:dc:dd:49:43:3c:a5:44:21:b5:c6:67:
                    07:33:b8:00:67:a6:62:a5:cf:11:41:61:c8:75:4c:
                    73:f8:f5:be:e5:88:04:0c:ff:0e:2e:13:cd:ce:04:
                    5d:a7:36:db:f0:0a:9b:4a:f1:59:f1:15:e0:4e:f5:
                    90:2a:a0:74:32:65:25:4e:f3:f9:5c:5a:b1:73:95:
                    15:51:0e:a1:ef:7e:84:89:fd:02:51:21:8e:8c:86:
                    e2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:1A:AC:86:17:0A:75:9D:32:44:60:90:E4:5F:67:FC:97:0D:3C:52
            X509v3 Authority Key Identifier:
                keyid:98:FB:58:2C:1C:D1:88:1F:2D:46:D0:A7:03:82:CA:B6:92:25:F1:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/JxqshhcKdZ0yRGCQ5F9n_JcNPFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:22:b1:4b:1d:e7:5c:8d:83:a3:0a:6f:fb:0b:78:fb:b9:fd:
         10:80:34:7b:b9:09:41:6b:b9:68:49:78:aa:ec:ad:14:07:06:
         6d:67:de:6c:39:7e:da:e6:f9:3f:e8:61:be:ac:08:9c:d8:e6:
         ae:89:00:c1:5c:85:24:48:83:2d:70:95:4e:dc:bc:bc:49:04:
         d4:50:70:70:db:d6:5a:30:61:01:67:fa:58:82:41:90:a1:ce:
         11:00:e9:23:b0:ed:0c:a4:b9:9f:98:ea:8e:75:64:54:30:86:
         94:cc:70:f8:17:2d:69:21:49:7b:ef:0a:6b:b3:46:5f:71:74:
         84:d7:33:8f:8b:64:8d:df:3b:b7:c6:c0:9a:51:ef:12:81:b0:
         15:b6:74:57:d3:28:a9:ea:0f:0c:47:da:1d:e5:af:22:4b:f3:
         fa:96:2e:50:08:30:ec:8a:56:b9:50:46:ec:24:08:26:9d:cc:
         0b:48:55:37:4b:9f:3c:92:10:0f:f1:fe:3b:71:db:e0:61:07:
         35:e1:6f:e2:79:d9:51:eb:04:d4:9b:f2:f9:54:86:d3:70:40:
         0d:50:f8:60:7e:f0:b2:85:26:cd:fd:dd:43:5d:83:0b:c1:f0:
         6d:87:ed:1b:e5:d4:b6:b1:ab:6f:e7:87:28:ff:01:59:59:f1:
         d2:5d:e6:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGeG7rOLkCHJf5aup1nVEhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZmI1ODJjMWNkMTg4MWYyZDQ2ZDBhNzAzODJjYWI2OTIy
NWYxYTkwHhcNMjQwODI5MTIyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzFhYWM4NjE3MGE3NTlkMzI0NDYwOTBlNDVmNjdmYzk3MGQzYzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv84g+0H1vUfUmqm7Y8bDpOZYRjb
G7efUOtkPCF1VyRDGaUpqdmns62ZEnglBk83rP6DCB+dhZfcBVkU06kVQh8QE+75
ufHhXC5a/riSnOc3SaQK4dEa9EMoxVfN4kpM2pTEVdeLcXFj6rMayUZkCXSvZ2iy
+cO4NqiORV1aCTu36oJQ4iekJNaKpMOuUBafw1/GFKhjPaUI6Qn1F444sh0vhTUB
B0hO3N1JQzylRCG1xmcHM7gAZ6Zipc8RQWHIdUxz+PW+5YgEDP8OLhPNzgRdpzbb
8AqbSvFZ8RXgTvWQKqB0MmUlTvP5XFqxc5UVUQ6h736Eif0CUSGOjIbiOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcarIYXCnWdMkRgkORfZ/yXDTxSMB8GA1UdIwQY
MBaAFJj7WCwc0YgfLUbQpwOCyraSJfGpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVB0WUxCelJpQjh0UnRDbkE0TEt0cElsOGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lYzQwMWMtNDRlNC00ZmNjLWIwMzct
M2JjNDQxMDFlYzAwLzEvSnhxc2hoY0tkWjB5UkdDUTVGOW5fSmNOUEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lYzQwMWMtNDRlNC00ZmNjLWIwMzctM2JjNDQxMDFlYzAw
LzEvbVB0WUxCelJpQjh0UnRDbkE0TEt0cElsOGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGeMA0G
CSqGSIb3DQEBCwUAA4IBAQCOIrFLHedcjYOjCm/7C3j7uf0QgDR7uQlBa7loSXiq
7K0UBwZtZ95sOX7a5vk/6GG+rAic2OauiQDBXIUkSIMtcJVO3Ly8SQTUUHBw29Za
MGEBZ/pYgkGQoc4RAOkjsO0MpLmfmOqOdWRUMIaUzHD4Fy1pIUl77wprs0ZfcXSE
1zOPi2SN3zu3xsCaUe8SgbAVtnRX0yip6g8MR9od5a8iS/P6li5QCDDsila5UEbs
JAgmncwLSFU3S588khAP8f47cdvgYQc14W/iedlR6wTUm/L5VIbTcEANUPhgfvCy
hSbN/d1DXYMLwfBth+0b5dS2satv54co/wFZWfHSXeZb
-----END CERTIFICATE-----