Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/j_Gj74yd6iCl0ZM7q19qXt_Mv5s.roa
File:                     j_Gj74yd6iCl0ZM7q19qXt_Mv5s.roa (raw, json)
Hash identifier:          Q/LUYZ8VM99V1Yvyv04ApVc6oiobL5xLm+LPwl95ga0=
Subject key identifier:   8F:F1:A3:EF:8C:9D:EA:20:A5:D1:93:3B:AB:5F:6A:5E:DF:CC:BF:9B
Certificate issuer:       /CN=331bce2ee806e93621112dbd618536f775f44fba
Certificate serial:       018CCA2B9D1D255C35A6166D7168C852D3C0
Authority key identifier: 33:1B:CE:2E:E8:06:E9:36:21:11:2D:BD:61:85:36:F7:75:F4:4F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/j_Gj74yd6iCl0ZM7q19qXt_Mv5s.roa
Signing time:             Tue 02 Jan 2024 12:35:04 +0000
ROA not before:           Tue 02 Jan 2024 12:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209500
IP address blocks:        185.130.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9d:1d:25:5c:35:a6:16:6d:71:68:c8:52:d3:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331bce2ee806e93621112dbd618536f775f44fba
        Validity
            Not Before: Jan  2 12:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ff1a3ef8c9dea20a5d1933bab5f6a5edfccbf9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e4:c1:f4:b2:91:60:89:f9:a4:b9:0c:ac:d3:
                    fc:27:9f:b3:d8:b7:cd:27:55:45:d1:f5:09:8a:76:
                    46:1e:4d:f9:f2:fb:8d:ec:51:26:f7:88:30:fd:2b:
                    11:38:2c:51:d3:50:01:0f:e6:3e:64:13:85:15:db:
                    8d:d2:7c:db:4d:f5:0c:2e:9e:6e:ca:c7:36:4d:a9:
                    03:2a:be:87:6f:9b:76:e9:fb:bd:6d:56:2d:3f:41:
                    1d:2f:26:f5:db:73:df:d5:05:ba:96:ac:97:92:f6:
                    c9:d1:61:16:95:22:8d:e7:1c:ae:1c:04:b7:66:1f:
                    72:9e:75:6e:77:76:0d:df:76:d1:b6:34:82:7b:e2:
                    7c:5f:a3:1d:78:e2:5e:da:9f:11:92:96:f4:93:be:
                    5d:5c:e9:1a:83:97:ad:33:da:6a:81:58:1f:6e:3b:
                    f2:61:f1:88:9b:39:c6:3b:52:ce:5c:76:2f:3a:56:
                    0b:38:ce:54:c6:ec:28:d9:75:1d:ad:dd:e3:bd:08:
                    d5:e8:e7:b6:75:be:df:df:1e:66:ae:f5:37:a5:78:
                    35:ea:bf:6e:14:fc:82:f4:fd:0f:a7:2c:ee:b1:dd:
                    65:b0:b1:19:7b:d9:9f:ab:69:66:61:67:b4:eb:c0:
                    a5:a9:71:a2:0e:49:23:c0:9f:c4:e4:c0:6a:a5:19:
                    82:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:F1:A3:EF:8C:9D:EA:20:A5:D1:93:3B:AB:5F:6A:5E:DF:CC:BF:9B
            X509v3 Authority Key Identifier:
                keyid:33:1B:CE:2E:E8:06:E9:36:21:11:2D:BD:61:85:36:F7:75:F4:4F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/j_Gj74yd6iCl0ZM7q19qXt_Mv5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:60:f1:25:84:81:64:95:58:8d:18:98:ca:a3:14:91:99:8b:
         77:4e:19:d7:1c:3e:07:e0:96:c6:52:de:e7:12:04:d7:cf:24:
         e9:8f:d4:bf:0e:49:48:7f:4b:d8:27:f4:b9:cd:39:55:19:67:
         38:19:81:2a:f4:c7:aa:02:75:c4:44:1a:46:81:35:a6:28:71:
         b9:6b:b6:f8:f5:28:b5:3d:63:c4:e9:9d:0a:b6:07:45:80:0e:
         7a:66:7f:97:4c:52:b9:8e:47:c8:73:58:6f:f4:47:ea:f5:74:
         7f:4e:aa:c1:08:18:24:0b:82:8c:71:03:1a:04:13:b2:e9:8a:
         eb:29:9b:2b:8f:0a:ca:d4:34:6a:79:50:dd:96:d8:a3:bb:81:
         60:a6:25:8c:53:11:43:2c:be:d6:ea:4d:47:45:d9:a2:d5:cf:
         44:90:c3:00:63:6b:28:2c:8e:16:33:2d:f0:48:5e:c5:d6:55:
         a0:ce:1f:aa:e4:17:8a:7a:0d:5f:fa:d0:03:94:7f:68:d4:d4:
         e2:6f:6e:82:68:d6:ba:ed:7e:28:a1:0d:c7:ab:d7:5b:ca:29:
         f2:1c:2d:4e:e5:39:86:18:e0:84:a3:c1:4c:0e:65:29:bf:64:
         56:78:35:36:5e:a8:f7:8d:1f:dd:ba:4c:58:95:eb:06:2b:f8:
         0e:06:6e:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK50dJVw1phZtcWjIUtPAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWJjZTJlZTgwNmU5MzYyMTExMmRiZDYxODUzNmY3NzVm
NDRmYmEwHhcNMjQwMTAyMTIzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmYxYTNlZjhjOWRlYTIwYTVkMTkzM2JhYjVmNmE1ZWRmY2NiZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuTB9LKRYIn5pLkMrNP8J5+z2LfN
J1VF0fUJinZGHk358vuN7FEm94gw/SsROCxR01ABD+Y+ZBOFFduN0nzbTfUMLp5u
ysc2TakDKr6Hb5t26fu9bVYtP0EdLyb123Pf1QW6lqyXkvbJ0WEWlSKN5xyuHAS3
Zh9ynnVud3YN33bRtjSCe+J8X6MdeOJe2p8Rkpb0k75dXOkag5etM9pqgVgfbjvy
YfGImznGO1LOXHYvOlYLOM5Uxuwo2XUdrd3jvQjV6Oe2db7f3x5mrvU3pXg16r9u
FPyC9P0Ppyzusd1lsLEZe9mfq2lmYWe068ClqXGiDkkjwJ/E5MBqpRmC+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/xo++MneogpdGTO6tfal7fzL+bMB8GA1UdIwQY
MBaAFDMbzi7oBuk2IREtvWGFNvd19E+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXh2T0x1Z0c2VFloRVMyOVlZVTI5M1gwVDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS80YmEzY2EtZDZmZC00MTE2LTkxNDYt
YWVhYzE2MjI3YzI1LzEval9Hajc0eWQ2aUNsMFpNN3ExOXFYdF9NdjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS80YmEzY2EtZDZmZC00MTE2LTkxNDYtYWVhYzE2MjI3YzI1
LzEvTXh2T0x1Z0c2VFloRVMyOVlZVTI5M1gwVDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYI4MA0G
CSqGSIb3DQEBCwUAA4IBAQARYPElhIFklViNGJjKoxSRmYt3ThnXHD4H4JbGUt7n
EgTXzyTpj9S/DklIf0vYJ/S5zTlVGWc4GYEq9MeqAnXERBpGgTWmKHG5a7b49Si1
PWPE6Z0KtgdFgA56Zn+XTFK5jkfIc1hv9Efq9XR/TqrBCBgkC4KMcQMaBBOy6Yrr
KZsrjwrK1DRqeVDdltiju4FgpiWMUxFDLL7W6k1HRdmi1c9EkMMAY2soLI4WMy3w
SF7F1lWgzh+q5BeKeg1f+tADlH9o1NTib26CaNa67X4ooQ3Hq9dbyinyHC1O5TmG
GOCEo8FMDmUpv2RWeDU2Xqj3jR/dukxYlesGK/gOBm6C
-----END CERTIFICATE-----