Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/j0JF6hHrninNOTX2xMvyx0eFRWo.roa
File:                     j0JF6hHrninNOTX2xMvyx0eFRWo.roa (raw, json)
Hash identifier:          M9mhyuxxxJT9hjsENiEu+Qq/iCUziTgO73adxUEzxgs=
Subject key identifier:   8F:42:45:EA:11:EB:9E:29:CD:39:35:F6:C4:CB:F2:C7:47:85:45:6A
Certificate issuer:       /CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
Certificate serial:       018F96559F226B40C43AA0914BB663652DDD
Authority key identifier: AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/j0JF6hHrninNOTX2xMvyx0eFRWo.roa
Signing time:             Mon 20 May 2024 14:09:04 +0000
ROA not before:           Mon 20 May 2024 14:09:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214893
IP address blocks:        185.155.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Oct 2024 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:55:9f:22:6b:40:c4:3a:a0:91:4b:b6:63:65:2d:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
        Validity
            Not Before: May 20 14:09:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f4245ea11eb9e29cd3935f6c4cbf2c74785456a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:02:52:c5:00:d4:48:b5:0f:ba:53:66:b2:8e:
                    a8:4a:1c:b5:60:ef:3a:e2:7c:5a:23:51:4b:a3:26:
                    ca:62:d2:16:38:a6:74:3e:48:dd:a5:b5:a2:2f:0b:
                    e6:bf:d8:55:5f:26:30:31:b0:7c:81:80:93:75:90:
                    d5:be:4d:7f:c5:2f:6e:65:6c:a3:03:c5:3c:96:40:
                    eb:9b:38:f0:34:7c:64:3a:07:f6:e4:34:77:a0:a0:
                    8e:ef:2b:86:4b:41:54:6d:94:44:58:fa:fd:5b:b3:
                    aa:f5:f5:51:11:79:5d:93:e3:3d:75:d1:45:b7:5f:
                    0e:5d:b0:a7:44:61:c1:38:fa:66:5d:4a:96:79:14:
                    c6:35:c3:5c:3b:c4:17:c2:2b:56:a9:73:3c:46:4a:
                    27:f4:d4:9d:03:7c:93:eb:cc:62:60:5c:c0:ec:9d:
                    59:67:c1:39:75:6d:f4:19:17:1e:98:d0:8e:e4:72:
                    2a:ad:06:40:51:33:62:05:cc:02:79:80:de:d3:47:
                    84:0d:6a:93:bf:f8:4a:59:81:64:a9:63:79:ca:eb:
                    22:3c:a1:c9:9c:52:83:6b:65:f7:e3:cf:ce:a4:59:
                    a5:22:f5:3f:c1:b9:f8:fa:66:ed:65:2e:c7:3a:9b:
                    46:cc:01:d6:66:86:ac:af:db:5a:b1:18:22:7a:cc:
                    98:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:42:45:EA:11:EB:9E:29:CD:39:35:F6:C4:CB:F2:C7:47:85:45:6A
            X509v3 Authority Key Identifier:
                keyid:AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/j0JF6hHrninNOTX2xMvyx0eFRWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:ed:46:ae:d1:d6:b2:02:fd:91:9e:1b:2b:96:ee:db:e0:e9:
         35:9d:48:13:3a:3f:6a:79:a1:0f:52:d1:2d:52:a7:55:79:ae:
         e3:1f:31:d6:32:6f:22:f4:0f:56:7d:35:02:b7:34:63:38:11:
         ca:ab:f9:1c:23:b5:1b:27:07:d1:07:cb:12:73:94:4e:be:86:
         85:dc:2c:fb:b3:d7:73:45:fb:6b:dd:14:48:4c:6c:cd:14:b4:
         31:15:af:49:1a:33:b3:d6:25:70:15:5d:da:9d:85:b7:fe:dc:
         4c:8d:c0:e6:d1:83:e2:23:af:7c:a6:52:47:1b:40:15:9c:9e:
         d9:7a:0c:20:f3:2e:a7:68:d9:87:de:d0:6a:2c:e2:8c:7d:fd:
         9d:dc:09:0a:db:1c:d6:8f:33:be:50:a4:d2:5b:51:20:86:0c:
         21:d4:9d:a4:48:2e:fd:66:1c:a0:4b:5d:8d:ce:c2:55:51:8f:
         d7:2f:aa:bc:22:1a:d3:8b:e8:86:e8:9c:d3:0e:da:b7:b8:65:
         89:76:00:0d:19:b3:79:f2:64:62:2e:a9:50:f3:ef:85:5d:88:
         4c:ba:49:cb:42:3a:f5:12:2b:a1:11:29:48:9a:7f:f4:56:f5:
         c6:c1:4a:1c:f9:76:6d:0b:cb:28:22:29:65:9f:55:cb:c4:30:
         f1:c3:4a:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+WVZ8ia0DEOqCRS7ZjZS3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZTA4ZDkzMzZmMmU2Y2QxNjVlYjczMDI5N2ZlNmQyMGM4
M2MzOWEwHhcNMjQwNTIwMTQwOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjQyNDVlYTExZWI5ZTI5Y2QzOTM1ZjZjNGNiZjJjNzQ3ODU0NTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwJSxQDUSLUPulNmso6oShy1YO86
4nxaI1FLoybKYtIWOKZ0PkjdpbWiLwvmv9hVXyYwMbB8gYCTdZDVvk1/xS9uZWyj
A8U8lkDrmzjwNHxkOgf25DR3oKCO7yuGS0FUbZREWPr9W7Oq9fVREXldk+M9ddFF
t18OXbCnRGHBOPpmXUqWeRTGNcNcO8QXwitWqXM8Rkon9NSdA3yT68xiYFzA7J1Z
Z8E5dW30GRcemNCO5HIqrQZAUTNiBcwCeYDe00eEDWqTv/hKWYFkqWN5yusiPKHJ
nFKDa2X348/OpFmlIvU/wbn4+mbtZS7HOptGzAHWZoasr9tasRgiesyYvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9CReoR654pzTk19sTL8sdHhUVqMB8GA1UdIwQY
MBaAFK7gjZM28ubNFl63MCl/5tIMg8OaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnVDTmt6Ynk1czBXWHJjd0tYX20wZ3lEdzVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9mODUzZjgtMjA3MS00OWRlLWI2YTAt
NDk3YmVkZDcxZWI5LzEvajBKRjZoSHJuaW5OT1RYMnhNdnl4MGVGUldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9mODUzZjgtMjA3MS00OWRlLWI2YTAtNDk3YmVkZDcxZWI5
LzEvcnVDTmt6Ynk1czBXWHJjd0tYX20wZ3lEdzVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZueMA0G
CSqGSIb3DQEBCwUAA4IBAQBP7Uau0dayAv2Rnhsrlu7b4Ok1nUgTOj9qeaEPUtEt
UqdVea7jHzHWMm8i9A9WfTUCtzRjOBHKq/kcI7UbJwfRB8sSc5ROvoaF3Cz7s9dz
Rftr3RRITGzNFLQxFa9JGjOz1iVwFV3anYW3/txMjcDm0YPiI698plJHG0AVnJ7Z
egwg8y6naNmH3tBqLOKMff2d3AkK2xzWjzO+UKTSW1Eghgwh1J2kSC79ZhygS12N
zsJVUY/XL6q8IhrTi+iG6JzTDtq3uGWJdgANGbN58mRiLqlQ8++FXYhMuknLQjr1
EiuhESlImn/0VvXGwUoc+XZtC8soIilln1XLxDDxw0pE
-----END CERTIFICATE-----