Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/jCm3iogaNC5EfoK_D_WzeOEl-zU.roa
File:                     jCm3iogaNC5EfoK_D_WzeOEl-zU.roa (raw, json)
Hash identifier:          Dy+sEqMils9nsxbNPnAVtZ5GffRZj+kOWcM6XPT8TlM=
Subject key identifier:   8C:29:B7:8A:88:1A:34:2E:44:7E:82:BF:0F:F5:B3:78:E1:25:FB:35
Certificate issuer:       /CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
Certificate serial:       018CC3B742B8D0311DC263D7EBE7AC8BCE10
Authority key identifier: 72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/jCm3iogaNC5EfoK_D_WzeOEl-zU.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.227.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:42:b8:d0:31:1d:c2:63:d7:eb:e7:ac:8b:ce:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c29b78a881a342e447e82bf0ff5b378e125fb35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a4:d4:8d:3c:16:9c:34:69:1c:13:82:ec:fd:
                    cc:a4:33:f1:0c:35:90:ee:dd:90:a3:02:31:84:63:
                    2f:bc:c0:33:61:ce:32:3e:f7:24:bf:09:90:9d:10:
                    75:c2:3f:59:84:30:46:91:c4:53:94:9e:15:b7:d6:
                    e3:75:36:e3:92:a9:fa:1c:14:51:59:44:bf:20:2b:
                    73:aa:18:df:38:07:a1:90:72:9c:29:5b:4b:e2:7b:
                    29:cc:43:36:81:90:0c:1c:3e:9f:94:38:2e:c7:2c:
                    74:ae:e6:d4:17:cc:ad:41:a0:22:f1:c4:4c:8b:37:
                    c9:ef:31:82:0e:c0:fe:ab:35:90:c7:2e:91:ef:65:
                    da:f4:ef:33:ed:3c:47:a2:39:fd:2d:76:7f:90:fb:
                    c8:b8:2e:ac:77:3a:52:67:0f:a6:e7:2f:c9:df:4d:
                    b1:33:3b:44:81:c6:8d:7d:a8:90:b7:d6:15:cf:f7:
                    c1:ae:a5:05:ec:d8:c3:1f:47:6e:e9:e0:04:b9:24:
                    9b:e4:49:d8:ae:bf:3b:c5:ce:09:d4:1e:a3:30:af:
                    5e:e0:bd:ab:36:c3:c4:75:c6:bd:5e:1d:c1:44:8b:
                    95:ed:81:85:c0:7f:31:dd:3d:ff:05:ab:4f:ea:13:
                    42:3e:ad:6a:2c:35:7e:9e:3b:38:9d:46:d7:0d:d2:
                    13:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:29:B7:8A:88:1A:34:2E:44:7E:82:BF:0F:F5:B3:78:E1:25:FB:35
            X509v3 Authority Key Identifier:
                keyid:72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/jCm3iogaNC5EfoK_D_WzeOEl-zU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:c7:eb:7f:29:49:d1:9c:e5:0a:ae:37:23:8a:9c:36:9f:28:
         0e:bd:6a:56:f8:d0:56:da:22:1b:2e:d3:b9:0d:c0:07:3b:47:
         3a:c0:a1:16:0d:89:39:2f:1b:ad:bf:00:9d:e3:6c:a9:1a:a5:
         e0:b4:4a:da:c3:5e:f1:27:23:17:b6:e5:0f:c3:b8:16:d0:d6:
         b7:5a:81:4f:73:0a:4d:e3:cc:fa:2b:92:11:a7:a1:de:0d:83:
         f1:c0:a7:ca:bc:f0:86:67:f7:a6:70:ce:e4:20:c8:36:3b:2d:
         0a:51:6b:1c:2d:c0:a5:75:51:a5:3b:fe:52:c7:7d:f4:3b:d3:
         4d:04:67:27:65:6e:64:79:e8:35:f3:28:36:e1:b8:5c:b6:e2:
         f0:ce:43:61:03:02:ee:d5:f4:b1:da:a7:3d:b4:18:15:f5:62:
         8d:08:cb:49:7b:81:1f:27:3a:19:ad:4a:43:8c:17:4c:1d:8b:
         5d:27:0d:fe:1a:ec:f8:40:57:b7:0c:9f:6d:17:a3:ba:ff:26:
         0b:d8:92:6e:07:68:b1:5e:33:7b:07:94:47:5e:04:b8:b3:f4:
         a0:91:0a:43:b5:54:92:3d:e8:59:3e:eb:7e:01:87:e7:80:ae:
         2c:a3:26:2a:a7:8e:88:4f:a8:a3:47:47:85:d0:cf:9d:f4:ae:
         58:18:04:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0K40DEdwmPX6+esi84QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNDdiYTQzZTI3MGM5OGJkYzY0MmE5ZTNjMjE4Y2E1MjRl
YjBmNTMwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzI5Yjc4YTg4MWEzNDJlNDQ3ZTgyYmYwZmY1YjM3OGUxMjVmYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6TUjTwWnDRpHBOC7P3MpDPxDDWQ
7t2QowIxhGMvvMAzYc4yPvckvwmQnRB1wj9ZhDBGkcRTlJ4Vt9bjdTbjkqn6HBRR
WUS/ICtzqhjfOAehkHKcKVtL4nspzEM2gZAMHD6flDguxyx0rubUF8ytQaAi8cRM
izfJ7zGCDsD+qzWQxy6R72Xa9O8z7TxHojn9LXZ/kPvIuC6sdzpSZw+m5y/J302x
MztEgcaNfaiQt9YVz/fBrqUF7NjDH0du6eAEuSSb5EnYrr87xc4J1B6jMK9e4L2r
NsPEdca9Xh3BRIuV7YGFwH8x3T3/BatP6hNCPq1qLDV+njs4nUbXDdITdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwpt4qIGjQuRH6Cvw/1s3jhJfs1MB8GA1UdIwQY
MBaAFHJHukPicMmL3GQqnjwhjKUk6w9TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2Yt
Mjc5MjAzYjFkOTJjLzEvakNtM2lvZ2FOQzVFZm9LX0RfV3plT0VsLXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2YtMjc5MjAzYjFkOTJj
LzEvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuePqMA0G
CSqGSIb3DQEBCwUAA4IBAQAHx+t/KUnRnOUKrjcjipw2nygOvWpW+NBW2iIbLtO5
DcAHO0c6wKEWDYk5LxutvwCd42ypGqXgtEraw17xJyMXtuUPw7gW0Na3WoFPcwpN
48z6K5IRp6HeDYPxwKfKvPCGZ/emcM7kIMg2Oy0KUWscLcCldVGlO/5Sx330O9NN
BGcnZW5keeg18yg24bhctuLwzkNhAwLu1fSx2qc9tBgV9WKNCMtJe4EfJzoZrUpD
jBdMHYtdJw3+Guz4QFe3DJ9tF6O6/yYL2JJuB2ixXjN7B5RHXgS4s/SgkQpDtVSS
PehZPut+AYfngK4soyYqp46IT6ijR0eF0M+d9K5YGAQE
-----END CERTIFICATE-----