Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/JgEbxRIiZD751uCsT2KG9wqFJk8.roa
File:                     JgEbxRIiZD751uCsT2KG9wqFJk8.roa (raw, json)
Hash identifier:          9UgF7/y/6hqkTKCWrn+sMLYzejQ2HBa1o//KHFFQ1GU=
Subject key identifier:   26:01:1B:C5:12:22:64:3E:F9:D6:E0:AC:4F:62:86:F7:0A:85:26:4F
Certificate issuer:       /CN=798bcb5432a45f25b04103967ab403c29d0d430a
Certificate serial:       018CC42559B946784A645EB794A119D204F1
Authority key identifier: 79:8B:CB:54:32:A4:5F:25:B0:41:03:96:7A:B4:03:C2:9D:0D:43:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eYvLVDKkXyWwQQOWerQDwp0NQwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/JgEbxRIiZD751uCsT2KG9wqFJk8.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62405
IP address blocks:        185.36.160.0/22 maxlen: 22
                          2a00:de20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/eYvLVDKkXyWwQQOWerQDwp0NQwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/eYvLVDKkXyWwQQOWerQDwp0NQwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eYvLVDKkXyWwQQOWerQDwp0NQwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:59:b9:46:78:4a:64:5e:b7:94:a1:19:d2:04:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798bcb5432a45f25b04103967ab403c29d0d430a
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26011bc51222643ef9d6e0ac4f6286f70a85264f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:94:55:d2:fc:39:c3:95:52:97:f8:5b:97:b5:
                    73:5b:45:6b:44:2f:ab:aa:19:8a:a6:89:7b:27:59:
                    c9:80:da:b5:48:35:03:6c:b3:3f:64:cb:e7:ef:46:
                    80:b5:e1:10:66:6a:6d:eb:0b:d0:ce:69:43:be:65:
                    c2:be:46:f6:2a:e5:9a:66:ff:f0:92:60:7d:c7:97:
                    e9:4e:11:4c:9f:c3:3f:e4:76:48:d7:e4:ab:39:5c:
                    d8:2e:f2:57:b7:68:06:e0:51:f0:43:ee:01:01:48:
                    c7:2e:48:dc:c5:52:8e:2a:2c:64:35:2a:a4:bc:54:
                    35:72:85:23:90:67:35:13:bc:5b:80:c1:80:4a:f3:
                    4c:28:36:ed:e4:8d:0c:14:d7:79:21:31:80:80:7f:
                    a7:24:52:f1:a2:91:53:fd:53:ce:65:e6:0c:73:53:
                    82:42:50:8b:2f:5e:2d:c3:90:12:86:a0:42:89:cc:
                    b1:99:ed:aa:b4:8e:a7:b9:e8:63:f2:df:7b:4b:37:
                    46:eb:05:26:77:69:c1:a7:9c:2c:03:03:b8:6d:86:
                    d8:5c:27:61:16:5e:35:a5:b8:98:a7:b6:3c:ca:3b:
                    30:eb:80:75:ad:ec:d1:1e:8f:5f:aa:d4:51:86:6a:
                    b5:9d:c0:e0:76:75:5a:2b:cd:a9:77:0b:d2:71:65:
                    69:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:01:1B:C5:12:22:64:3E:F9:D6:E0:AC:4F:62:86:F7:0A:85:26:4F
            X509v3 Authority Key Identifier:
                keyid:79:8B:CB:54:32:A4:5F:25:B0:41:03:96:7A:B4:03:C2:9D:0D:43:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eYvLVDKkXyWwQQOWerQDwp0NQwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/JgEbxRIiZD751uCsT2KG9wqFJk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/5d0fbb-ad7d-4a9a-b174-11b29052528d/1/eYvLVDKkXyWwQQOWerQDwp0NQwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.160.0/22
                IPv6:
                  2a00:de20::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:c7:6d:72:08:5b:54:98:68:2a:48:fb:b6:6f:7a:fd:9d:0f:
         63:c8:67:8a:87:11:c6:ac:8c:1c:cb:12:c7:68:70:45:06:c3:
         c7:6c:03:43:32:70:c1:02:c8:a9:0b:81:7a:cb:6a:37:23:ac:
         07:cd:35:48:18:52:54:6d:7d:e6:1b:ab:42:12:81:4b:82:55:
         68:f4:ca:a8:af:24:cf:bb:46:d3:9f:2c:56:01:0f:95:42:ef:
         32:74:7d:02:6c:40:74:1d:09:bf:c8:1a:9c:29:53:0c:7d:fb:
         d5:fd:d9:3f:0c:fd:f8:82:09:43:35:5e:10:65:fc:c6:ed:03:
         ce:32:6e:d6:b6:90:e2:b6:d5:88:52:fd:db:2f:4a:a0:53:61:
         c8:c8:11:ce:c3:dd:81:6f:bc:9a:70:0c:ea:eb:7c:13:6c:27:
         56:52:bf:70:8e:00:26:3a:33:8a:29:b1:25:9e:97:e0:1c:0e:
         39:03:51:97:58:db:b7:53:04:74:57:43:25:e7:3a:fa:e7:4e:
         5c:ad:1e:9c:94:1f:d6:68:46:67:24:06:7d:0b:00:94:9b:38:
         70:73:41:26:45:70:ca:01:0e:a0:3f:61:f4:34:6d:18:2f:86:
         bf:8f:c5:a6:29:1f:95:0b:86:5e:ac:f6:b3:9e:ad:f9:d3:b4:
         40:d4:d3:4e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJVm5RnhKZF63lKEZ0gTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGJjYjU0MzJhNDVmMjViMDQxMDM5NjdhYjQwM2MyOWQw
ZDQzMGEwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjAxMWJjNTEyMjI2NDNlZjlkNmUwYWM0ZjYyODZmNzBhODUyNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZRV0vw5w5VSl/hbl7VzW0VrRC+r
qhmKpol7J1nJgNq1SDUDbLM/ZMvn70aAteEQZmpt6wvQzmlDvmXCvkb2KuWaZv/w
kmB9x5fpThFMn8M/5HZI1+SrOVzYLvJXt2gG4FHwQ+4BAUjHLkjcxVKOKixkNSqk
vFQ1coUjkGc1E7xbgMGASvNMKDbt5I0MFNd5ITGAgH+nJFLxopFT/VPOZeYMc1OC
QlCLL14tw5AShqBCicyxme2qtI6nuehj8t97SzdG6wUmd2nBp5wsAwO4bYbYXCdh
Fl41pbiYp7Y8yjsw64B1rezRHo9fqtRRhmq1ncDgdnVaK82pdwvScWVpowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCYBG8USImQ++dbgrE9ihvcKhSZPMB8GA1UdIwQY
MBaAFHmLy1QypF8lsEEDlnq0A8KdDUMKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVl2TFZES2tYeVd3UVFPV2VyUUR3cDBOUXdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81ZDBmYmItYWQ3ZC00YTlhLWIxNzQt
MTFiMjkwNTI1MjhkLzEvSmdFYnhSSWlaRDc1MXVDc1QyS0c5d3FGSms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81ZDBmYmItYWQ3ZC00YTlhLWIxNzQtMTFiMjkwNTI1Mjhk
LzEvZVl2TFZES2tYeVd3UVFPV2VyUUR3cDBOUXdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSSgMA0E
AgACMAcDBQAqAN4gMA0GCSqGSIb3DQEBCwUAA4IBAQCdx21yCFtUmGgqSPu2b3r9
nQ9jyGeKhxHGrIwcyxLHaHBFBsPHbANDMnDBAsipC4F6y2o3I6wHzTVIGFJUbX3m
G6tCEoFLglVo9MqoryTPu0bTnyxWAQ+VQu8ydH0CbEB0HQm/yBqcKVMMffvV/dk/
DP34gglDNV4QZfzG7QPOMm7WtpDittWIUv3bL0qgU2HIyBHOw92Bb7yacAzq63wT
bCdWUr9wjgAmOjOKKbElnpfgHA45A1GXWNu3UwR0V0Ml5zr6505crR6clB/WaEZn
JAZ9CwCUmzhwc0EmRXDKAQ6gP2H0NG0YL4a/j8WmKR+VC4ZerPaznq3507RA1NNO
-----END CERTIFICATE-----