Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/jl6DVrDlJspb9jjCD5sTy9GcsOQ.roa
File:                     jl6DVrDlJspb9jjCD5sTy9GcsOQ.roa (raw, json)
Hash identifier:          V5ggyUP5t6YcP0T6Q6s9+k1Y2SfOMXmqTYB50wo0emA=
Subject key identifier:   8E:5E:83:56:B0:E5:26:CA:5B:F6:38:C2:0F:9B:13:CB:D1:9C:B0:E4
Certificate issuer:       /CN=d82e130f6b6bdf6d39280e375df344e6e0a34b3c
Certificate serial:       018CC86F163BBCDF24D05B48DB4BED06AC69
Authority key identifier: D8:2E:13:0F:6B:6B:DF:6D:39:28:0E:37:5D:F3:44:E6:E0:A3:4B:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2C4TD2tr3205KA43XfNE5uCjSzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/jl6DVrDlJspb9jjCD5sTy9GcsOQ.roa
Signing time:             Tue 02 Jan 2024 04:29:32 +0000
ROA not before:           Tue 02 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50180
IP address blocks:        195.189.166.0/23 maxlen: 23
                          2001:67c:2ff0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/2C4TD2tr3205KA43XfNE5uCjSzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/2C4TD2tr3205KA43XfNE5uCjSzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2C4TD2tr3205KA43XfNE5uCjSzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:16:3b:bc:df:24:d0:5b:48:db:4b:ed:06:ac:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d82e130f6b6bdf6d39280e375df344e6e0a34b3c
        Validity
            Not Before: Jan  2 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e5e8356b0e526ca5bf638c20f9b13cbd19cb0e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d2:81:32:1c:e8:9b:c2:f5:fe:df:1f:df:d5:
                    d2:36:16:0d:7d:c3:2a:b1:df:7b:30:9b:f5:7e:db:
                    2f:d7:33:1d:db:a3:d2:ba:4d:57:58:09:21:09:7a:
                    e3:01:c9:4d:2e:6c:ec:24:21:3e:00:52:a9:6c:76:
                    3c:05:b4:04:77:c0:8c:68:9a:63:27:7d:54:e0:6a:
                    5e:f3:9d:c9:6a:24:be:ef:0f:7c:ff:a2:36:14:20:
                    13:ad:1f:1a:19:01:77:16:e8:46:a8:65:2b:14:4a:
                    de:19:c9:0c:79:37:fa:d7:19:44:cb:ee:c5:5b:1c:
                    80:cc:f4:77:97:95:ec:d0:05:47:a5:ad:7f:f3:e1:
                    fa:20:53:ca:1e:cc:7a:e3:c0:91:a8:33:ee:48:e0:
                    35:13:79:f7:80:39:0f:3a:13:a2:6e:99:3f:02:ae:
                    09:ce:ce:6a:51:13:57:0d:16:b5:3e:75:63:04:00:
                    3a:36:de:83:f7:83:c5:31:c8:a9:f3:cf:50:82:7e:
                    47:56:ec:19:82:6e:4b:de:a7:87:5e:78:38:f5:a0:
                    29:69:23:c6:a1:12:3d:7f:0c:a7:d5:b4:73:de:49:
                    20:76:3b:c7:5a:7a:e5:f7:92:3a:a7:81:73:aa:da:
                    99:f2:21:56:64:29:ac:1f:2b:75:db:04:14:2b:51:
                    9f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:5E:83:56:B0:E5:26:CA:5B:F6:38:C2:0F:9B:13:CB:D1:9C:B0:E4
            X509v3 Authority Key Identifier:
                keyid:D8:2E:13:0F:6B:6B:DF:6D:39:28:0E:37:5D:F3:44:E6:E0:A3:4B:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2C4TD2tr3205KA43XfNE5uCjSzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/jl6DVrDlJspb9jjCD5sTy9GcsOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/2C4TD2tr3205KA43XfNE5uCjSzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.166.0/23
                IPv6:
                  2001:67c:2ff0::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:66:86:07:ba:8c:35:0a:68:e1:e2:2a:56:83:5c:08:6a:3a:
         d0:97:50:71:61:89:b8:69:2f:b8:d5:e4:d2:a5:9a:b9:bf:dc:
         e7:c7:40:84:5e:af:95:1f:95:df:bb:4e:2c:5d:02:54:28:0b:
         e8:8d:34:f5:10:36:95:3a:8d:21:1d:0c:fa:66:f1:45:d8:f6:
         7f:55:7c:8d:46:3b:ee:55:6c:44:ec:aa:bc:48:35:73:93:fe:
         b4:06:c4:76:04:ff:ee:5a:7f:d1:fa:0e:d3:ae:5d:60:10:24:
         bf:80:89:57:8e:6c:1b:2c:21:04:b5:22:26:ca:0c:ac:96:e4:
         56:9c:5c:c9:cf:93:e5:86:67:2d:b6:a3:c1:72:48:3e:60:45:
         05:82:d6:f7:e8:17:57:ec:44:45:4b:bb:30:1f:4f:73:65:5b:
         42:93:55:62:fa:ee:7b:1e:81:25:80:a5:45:82:34:9a:84:11:
         0e:e0:f8:19:04:93:d7:52:ae:ba:e2:ee:c1:f9:49:31:92:f0:
         80:1b:b3:e1:bd:3f:22:f1:69:c4:1f:c8:5a:03:fe:a2:d3:1f:
         12:15:16:41:0e:1c:29:b2:f9:79:91:68:32:e5:f9:a9:93:7d:
         8e:d8:db:9d:e9:88:2c:7e:10:5a:0f:01:97:d5:10:a5:b3:ac:
         de:3d:4b:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIbxY7vN8k0FtI20vtBqxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmUxMzBmNmI2YmRmNmQzOTI4MGUzNzVkZjM0NGU2ZTBh
MzRiM2MwHhcNMjQwMTAyMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTVlODM1NmIwZTUyNmNhNWJmNjM4YzIwZjliMTNjYmQxOWNiMGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tKBMhzom8L1/t8f39XSNhYNfcMq
sd97MJv1ftsv1zMd26PSuk1XWAkhCXrjAclNLmzsJCE+AFKpbHY8BbQEd8CMaJpj
J31U4Gpe853JaiS+7w98/6I2FCATrR8aGQF3FuhGqGUrFEreGckMeTf61xlEy+7F
WxyAzPR3l5Xs0AVHpa1/8+H6IFPKHsx648CRqDPuSOA1E3n3gDkPOhOibpk/Aq4J
zs5qURNXDRa1PnVjBAA6Nt6D94PFMcip889Qgn5HVuwZgm5L3qeHXng49aApaSPG
oRI9fwyn1bRz3kkgdjvHWnrl95I6p4FzqtqZ8iFWZCmsHyt12wQUK1GfIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI5eg1aw5SbKW/Y4wg+bE8vRnLDkMB8GA1UdIwQY
MBaAFNguEw9ra99tOSgON13zRObgo0s8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkM0VEQydHIzMjA1S0E0M1hmTkU1dUNqU3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yZGFmMDQtNGY3Ni00MzMzLWFiZjAt
MjM4ZTBiN2FlMjg0LzEvamw2RFZyRGxKc3BiOWpqQ0Q1c1R5OUdjc09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yZGFmMDQtNGY3Ni00MzMzLWFiZjAtMjM4ZTBiN2FlMjg0
LzEvMkM0VEQydHIzMjA1S0E0M1hmTkU1dUNqU3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw72mMA8E
AgACMAkDBwAgAQZ8L/AwDQYJKoZIhvcNAQELBQADggEBAARmhge6jDUKaOHiKlaD
XAhqOtCXUHFhibhpL7jV5NKlmrm/3OfHQIRer5Ufld+7TixdAlQoC+iNNPUQNpU6
jSEdDPpm8UXY9n9VfI1GO+5VbETsqrxINXOT/rQGxHYE/+5af9H6DtOuXWAQJL+A
iVeObBssIQS1IibKDKyW5FacXMnPk+WGZy22o8FySD5gRQWC1vfoF1fsREVLuzAf
T3NlW0KTVWL67nsegSWApUWCNJqEEQ7g+BkEk9dSrrri7sH5STGS8IAbs+G9PyLx
acQfyFoD/qLTHxIVFkEOHCmy+XmRaDLl+amTfY7Y253piCx+EFoPAZfVEKWzrN49
S9k=
-----END CERTIFICATE-----