Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/Jxa9S4YiEUO2lP2akFFsy67vlYk.roa
File:                     Jxa9S4YiEUO2lP2akFFsy67vlYk.roa (raw, json)
Hash identifier:          xFerZuh8bHl9rVLcfXG2nYbxooRjAQGO2Rt92DELTls=
Subject key identifier:   27:16:BD:4B:86:22:11:43:B6:94:FD:9A:90:51:6C:CB:AE:EF:95:89
Certificate issuer:       /CN=f7aa039b886b226578bdb6a42781bf59044bb138
Certificate serial:       018CC6B88031D09099063EF8B01F80F86EB1
Authority key identifier: F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/Jxa9S4YiEUO2lP2akFFsy67vlYk.roa
Signing time:             Mon 01 Jan 2024 20:30:29 +0000
ROA not before:           Mon 01 Jan 2024 20:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203703
IP address blocks:        185.124.188.0/22 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:80:31:d0:90:99:06:3e:f8:b0:1f:80:f8:6e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7aa039b886b226578bdb6a42781bf59044bb138
        Validity
            Not Before: Jan  1 20:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2716bd4b86221143b694fd9a90516ccbaeef9589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f9:b8:71:96:e5:ee:7a:ee:88:4a:cb:2b:14:
                    3e:1e:23:af:36:eb:44:69:34:da:99:83:7a:1c:b2:
                    99:4f:a3:60:23:dd:c5:9c:9e:8b:36:46:0a:a1:9f:
                    f7:f5:b4:1d:fb:8f:c3:07:40:c8:90:85:f1:5b:b5:
                    22:3b:30:e7:c5:c5:af:4a:0f:37:e7:ef:b1:01:d0:
                    ef:f3:b3:68:53:05:bb:bd:55:54:2a:b2:d6:c5:d4:
                    9d:d3:cb:10:5e:c5:17:47:76:9e:86:ef:bf:4b:44:
                    e1:78:a4:ca:eb:3f:5a:0b:51:3a:4d:c5:ee:02:18:
                    59:11:03:92:92:c4:0e:bd:30:3f:aa:3d:a6:a5:bd:
                    91:0e:f3:e5:fb:4a:6f:ea:b9:ad:dd:ef:40:5e:7e:
                    51:8e:fd:1d:61:c7:74:1b:73:8d:02:72:48:21:4b:
                    5a:00:a8:ae:58:fa:65:d4:91:37:15:fb:4e:80:a8:
                    4b:1c:f3:57:43:6a:79:0c:3b:b4:bf:bd:49:3c:3a:
                    b9:aa:ea:1c:22:42:34:cc:64:d2:c8:72:01:25:12:
                    79:65:b3:de:55:18:e3:db:f8:fb:3b:7e:19:aa:16:
                    d5:1f:5f:54:0e:38:f9:f7:b3:bc:29:60:55:1a:f0:
                    1e:f8:52:08:9e:c7:cc:a4:72:f9:90:d1:cc:d2:82:
                    b2:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:16:BD:4B:86:22:11:43:B6:94:FD:9A:90:51:6C:CB:AE:EF:95:89
            X509v3 Authority Key Identifier:
                keyid:F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/Jxa9S4YiEUO2lP2akFFsy67vlYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:27:51:c0:47:42:74:62:61:7c:86:8c:c3:e6:eb:f7:d4:6a:
         d3:ce:5e:a6:bf:1d:86:95:31:50:de:af:4e:7a:9d:66:2b:e0:
         51:4f:32:29:01:04:d1:86:5e:10:29:f6:a9:2b:d4:d4:3b:a4:
         59:c6:69:9b:f5:fd:69:b1:6d:95:d4:2c:4e:a7:d1:ff:68:aa:
         97:f6:ff:20:94:44:3e:20:43:cd:62:52:14:e1:7f:23:9f:c5:
         e3:7b:d9:e1:06:60:b9:e9:66:4a:fa:a5:05:bc:93:9e:de:fa:
         db:f1:2f:31:5e:ad:95:82:ce:ec:d5:2b:82:38:3d:97:bf:b3:
         a2:32:e8:ce:aa:43:f6:8e:8e:ac:8c:74:4c:66:e2:40:e3:52:
         93:2a:66:4f:c4:5f:45:a1:a8:30:5a:4d:69:42:5e:35:af:02:
         39:56:02:67:14:93:38:f3:b7:33:c8:46:3c:90:a9:e7:22:56:
         0f:10:23:8a:87:7d:25:4a:41:ea:a4:99:0b:d2:9b:5c:d4:0b:
         2e:44:4d:38:12:9c:50:65:29:6c:ec:7f:78:f0:66:c6:c6:bd:
         86:a6:48:93:db:70:3b:e9:b9:7d:e4:7f:a0:04:3c:3e:ff:f8:
         4e:6a:43:d4:b6:25:3a:89:7c:db:88:95:16:2a:27:57:98:32:
         b6:5e:46:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuIAx0JCZBj74sB+A+G6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YWEwMzliODg2YjIyNjU3OGJkYjZhNDI3ODFiZjU5MDQ0
YmIxMzgwHhcNMjQwMTAxMjAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzE2YmQ0Yjg2MjIxMTQzYjY5NGZkOWE5MDUxNmNjYmFlZWY5NTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvm4cZbl7nruiErLKxQ+HiOvNutE
aTTamYN6HLKZT6NgI93FnJ6LNkYKoZ/39bQd+4/DB0DIkIXxW7UiOzDnxcWvSg83
5++xAdDv87NoUwW7vVVUKrLWxdSd08sQXsUXR3aehu+/S0TheKTK6z9aC1E6TcXu
AhhZEQOSksQOvTA/qj2mpb2RDvPl+0pv6rmt3e9AXn5Rjv0dYcd0G3ONAnJIIUta
AKiuWPpl1JE3FftOgKhLHPNXQ2p5DDu0v71JPDq5quocIkI0zGTSyHIBJRJ5ZbPe
VRjj2/j7O34ZqhbVH19UDjj597O8KWBVGvAe+FIInsfMpHL5kNHM0oKypwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcWvUuGIhFDtpT9mpBRbMuu75WJMB8GA1UdIwQY
MBaAFPeqA5uIayJleL22pCeBv1kES7E4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWIt
NmY2MjFkNzM2YWZmLzEvSnhhOVM0WWlFVU8ybFAyYWtGRnN5Njd2bFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWItNmY2MjFkNzM2YWZm
LzEvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXy8MA0G
CSqGSIb3DQEBCwUAA4IBAQAaJ1HAR0J0YmF8hozD5uv31GrTzl6mvx2GlTFQ3q9O
ep1mK+BRTzIpAQTRhl4QKfapK9TUO6RZxmmb9f1psW2V1CxOp9H/aKqX9v8glEQ+
IEPNYlIU4X8jn8Xje9nhBmC56WZK+qUFvJOe3vrb8S8xXq2Vgs7s1SuCOD2Xv7Oi
MujOqkP2jo6sjHRMZuJA41KTKmZPxF9FoagwWk1pQl41rwI5VgJnFJM487czyEY8
kKnnIlYPECOKh30lSkHqpJkL0ptc1AsuRE04EpxQZSls7H948GbGxr2GpkiT23A7
6bl95H+gBDw+//hOakPUtiU6iXzbiJUWKidXmDK2XkaK
-----END CERTIFICATE-----