Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/jWeBbCY-WnOWrgxpNFfhFnVuUWM.roa
File:                     jWeBbCY-WnOWrgxpNFfhFnVuUWM.roa (raw, json)
Hash identifier:          +TSEzMMMGPsJopg7UZE/NC98tSDQRlb98Nt2igXst0k=
Subject key identifier:   8D:67:81:6C:26:3E:5A:73:96:AE:0C:69:34:57:E1:16:75:6E:51:63
Certificate issuer:       /CN=331bce2ee806e93621112dbd618536f775f44fba
Certificate serial:       018CCA2B9BE55CFE06BC3C4826066FA21537
Authority key identifier: 33:1B:CE:2E:E8:06:E9:36:21:11:2D:BD:61:85:36:F7:75:F4:4F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/jWeBbCY-WnOWrgxpNFfhFnVuUWM.roa
Signing time:             Tue 02 Jan 2024 12:35:04 +0000
ROA not before:           Tue 02 Jan 2024 12:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25145
IP address blocks:        185.198.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9b:e5:5c:fe:06:bc:3c:48:26:06:6f:a2:15:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331bce2ee806e93621112dbd618536f775f44fba
        Validity
            Not Before: Jan  2 12:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d67816c263e5a7396ae0c693457e116756e5163
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1f:37:cd:6e:c2:db:cb:60:d1:59:81:39:45:
                    bc:58:a5:6e:4c:57:39:e2:b5:84:30:76:ad:92:8d:
                    a1:a9:1f:99:42:81:c0:22:2e:4d:e6:a1:ba:92:f5:
                    9c:38:c4:7c:fe:d0:27:33:0c:43:bf:d4:10:69:fb:
                    75:c4:91:ef:64:cd:71:08:63:7e:2f:2b:23:1c:33:
                    4d:3b:ab:9a:e5:0f:1b:1a:bd:37:ed:6d:f7:20:d2:
                    c5:a5:ac:86:b4:77:75:f6:16:6a:12:c9:0a:87:ef:
                    c7:c9:92:11:5b:6b:2e:3a:f8:57:41:78:78:00:4b:
                    aa:56:dd:32:c7:13:b0:d5:dc:a4:90:ba:36:7a:e6:
                    88:24:56:dd:33:cb:c9:b9:d0:22:aa:98:53:72:1e:
                    74:35:aa:a5:f8:5c:45:7a:f3:2f:e6:36:46:c7:7b:
                    a3:5e:eb:fc:fd:7a:84:cb:48:43:1a:0b:e1:50:94:
                    e5:4c:7e:21:52:53:2e:06:25:29:ba:98:1e:3b:9e:
                    58:d8:2b:7b:9d:f3:ca:80:07:3f:7c:7a:ea:25:b7:
                    b4:7e:f3:d4:2c:47:3e:18:c1:4d:cb:95:15:eb:ec:
                    62:eb:37:a3:be:49:61:19:f4:b4:d4:c1:fe:29:ee:
                    06:49:0b:e4:49:e9:98:35:eb:ef:2a:d8:a4:1c:f9:
                    86:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:67:81:6C:26:3E:5A:73:96:AE:0C:69:34:57:E1:16:75:6E:51:63
            X509v3 Authority Key Identifier:
                keyid:33:1B:CE:2E:E8:06:E9:36:21:11:2D:BD:61:85:36:F7:75:F4:4F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/jWeBbCY-WnOWrgxpNFfhFnVuUWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:39:3a:6a:a8:7a:f4:6b:d8:3b:bc:e1:1f:4b:6f:80:5d:0a:
         86:e8:67:3e:50:58:80:19:fd:e3:31:9c:82:df:b0:04:b4:ad:
         7d:3a:22:0b:23:5d:31:6d:9d:53:4e:fb:f8:f2:e2:1c:67:ea:
         65:30:bd:bc:32:2f:7a:db:9b:d2:d5:fc:4c:d9:62:c7:e6:ab:
         8c:5c:1b:a6:43:de:1c:ce:bc:03:2b:59:fb:68:0f:49:c4:23:
         eb:f9:84:09:27:bf:b8:0d:ba:67:53:95:22:44:28:51:04:9f:
         7e:d4:4e:79:08:80:5e:f5:12:88:6d:07:91:18:d6:6f:b4:b4:
         30:15:61:6d:f1:de:45:3b:16:65:60:ac:e4:9c:13:1f:5a:4e:
         c8:e5:92:d7:ab:44:f0:f3:b6:94:06:10:87:e6:9c:f0:68:19:
         19:ba:3e:2b:5f:f5:21:2e:9a:4f:3b:7c:3b:5a:e4:c0:88:db:
         ab:be:fc:14:c8:30:71:3c:31:7e:36:e3:be:ee:b8:4e:a2:0d:
         bd:04:bd:24:31:22:8a:80:0b:f4:8c:5e:97:0d:b0:28:6b:18:
         90:d3:a6:69:a5:64:5c:ba:43:a7:8a:93:d7:b6:95:de:5e:0a:
         dd:07:88:c0:0c:07:2f:d8:d7:f6:91:e6:96:8e:67:46:63:01:
         52:2d:bc:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK5vlXP4GvDxIJgZvohU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWJjZTJlZTgwNmU5MzYyMTExMmRiZDYxODUzNmY3NzVm
NDRmYmEwHhcNMjQwMTAyMTIzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDY3ODE2YzI2M2U1YTczOTZhZTBjNjkzNDU3ZTExNjc1NmU1MTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhR83zW7C28tg0VmBOUW8WKVuTFc5
4rWEMHatko2hqR+ZQoHAIi5N5qG6kvWcOMR8/tAnMwxDv9QQaft1xJHvZM1xCGN+
LysjHDNNO6ua5Q8bGr037W33INLFpayGtHd19hZqEskKh+/HyZIRW2suOvhXQXh4
AEuqVt0yxxOw1dykkLo2euaIJFbdM8vJudAiqphTch50Naql+FxFevMv5jZGx3uj
Xuv8/XqEy0hDGgvhUJTlTH4hUlMuBiUpupgeO55Y2Ct7nfPKgAc/fHrqJbe0fvPU
LEc+GMFNy5UV6+xi6zejvklhGfS01MH+Ke4GSQvkSemYNevvKtikHPmGrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1ngWwmPlpzlq4MaTRX4RZ1blFjMB8GA1UdIwQY
MBaAFDMbzi7oBuk2IREtvWGFNvd19E+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXh2T0x1Z0c2VFloRVMyOVlZVTI5M1gwVDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS80YmEzY2EtZDZmZC00MTE2LTkxNDYt
YWVhYzE2MjI3YzI1LzEvaldlQmJDWS1Xbk9Xcmd4cE5GZmhGblZ1VVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS80YmEzY2EtZDZmZC00MTE2LTkxNDYtYWVhYzE2MjI3YzI1
LzEvTXh2T0x1Z0c2VFloRVMyOVlZVTI5M1gwVDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucZJMA0G
CSqGSIb3DQEBCwUAA4IBAQAvOTpqqHr0a9g7vOEfS2+AXQqG6Gc+UFiAGf3jMZyC
37AEtK19OiILI10xbZ1TTvv48uIcZ+plML28Mi9625vS1fxM2WLH5quMXBumQ94c
zrwDK1n7aA9JxCPr+YQJJ7+4DbpnU5UiRChRBJ9+1E55CIBe9RKIbQeRGNZvtLQw
FWFt8d5FOxZlYKzknBMfWk7I5ZLXq0Tw87aUBhCH5pzwaBkZuj4rX/UhLppPO3w7
WuTAiNurvvwUyDBxPDF+NuO+7rhOog29BL0kMSKKgAv0jF6XDbAoaxiQ06ZppWRc
ukOnipPXtpXeXgrdB4jADAcv2Nf2keaWjmdGYwFSLbzt
-----END CERTIFICATE-----