Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/db2912-89a9-4ee9-8229-a55f77b83e6b/1/Ju7TzLgGZyl_aw-AYDBEUBbSXN4.roa
File:                     Ju7TzLgGZyl_aw-AYDBEUBbSXN4.roa (raw, json)
Hash identifier:          bqX0fv+mpaF40sFgyLCsm8Ou9983v/uiqi6BTOmGGUo=
Subject key identifier:   26:EE:D3:CC:B8:06:67:29:7F:6B:0F:80:60:30:44:50:16:D2:5C:DE
Certificate issuer:       /CN=00ad6d83c8083729d7a9d8571d65ce97e058b821
Certificate serial:       0190A6AB7B1F937AB4DAEF4D56CB54812E84
Authority key identifier: 00:AD:6D:83:C8:08:37:29:D7:A9:D8:57:1D:65:CE:97:E0:58:B8:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK1tg8gINynXqdhXHWXOl-BYuCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/db2912-89a9-4ee9-8229-a55f77b83e6b/1/Ju7TzLgGZyl_aw-AYDBEUBbSXN4.roa
Signing time:             Fri 12 Jul 2024 11:19:34 +0000
ROA not before:           Fri 12 Jul 2024 11:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15743
IP address blocks:        192.166.167.0/24 maxlen: 24
                          192.166.176.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/db2912-89a9-4ee9-8229-a55f77b83e6b/1/AK1tg8gINynXqdhXHWXOl-BYuCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/db2912-89a9-4ee9-8229-a55f77b83e6b/1/AK1tg8gINynXqdhXHWXOl-BYuCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK1tg8gINynXqdhXHWXOl-BYuCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:ab:7b:1f:93:7a:b4:da:ef:4d:56:cb:54:81:2e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00ad6d83c8083729d7a9d8571d65ce97e058b821
        Validity
            Not Before: Jul 12 11:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26eed3ccb80667297f6b0f806030445016d25cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a5:33:e7:44:65:53:4c:46:01:6d:eb:e9:f7:
                    52:98:0a:10:70:26:a4:bb:30:b2:e6:41:bb:83:e6:
                    10:ef:07:db:41:ff:99:8c:9d:14:98:38:5e:54:d0:
                    0c:db:be:83:f1:c3:39:fd:65:ca:35:c4:db:76:1c:
                    68:21:24:7c:e0:10:07:99:18:09:47:ce:7b:fe:4e:
                    41:0d:bc:fb:e9:7f:55:2e:78:24:52:31:e4:52:60:
                    70:bf:82:af:cc:ca:e2:28:8e:b8:83:1e:fe:67:13:
                    1b:92:dc:87:22:51:6a:b2:cd:63:d5:0a:66:99:cd:
                    b7:3b:4e:72:e9:f2:40:a1:09:a1:28:29:c0:57:19:
                    40:e9:22:58:0c:75:fb:5d:03:76:13:31:dc:8d:3b:
                    f5:dd:c4:cb:cb:85:70:1f:5c:2a:24:f3:e8:9d:87:
                    18:56:be:55:6e:84:09:f9:98:2c:78:0f:55:49:51:
                    41:a3:a9:f0:77:ad:99:f9:a5:da:bd:33:5f:09:b8:
                    57:cc:c3:8f:23:91:1e:1b:b9:94:73:5d:f2:d3:d8:
                    c8:3f:18:d1:6d:71:71:34:2f:08:95:8a:6b:de:a6:
                    d2:8e:3a:14:ab:14:82:a0:82:80:69:1f:6f:5a:03:
                    03:68:0a:b8:15:4a:f5:0f:14:69:ee:41:40:b1:8c:
                    1a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:EE:D3:CC:B8:06:67:29:7F:6B:0F:80:60:30:44:50:16:D2:5C:DE
            X509v3 Authority Key Identifier:
                keyid:00:AD:6D:83:C8:08:37:29:D7:A9:D8:57:1D:65:CE:97:E0:58:B8:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK1tg8gINynXqdhXHWXOl-BYuCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/db2912-89a9-4ee9-8229-a55f77b83e6b/1/Ju7TzLgGZyl_aw-AYDBEUBbSXN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/db2912-89a9-4ee9-8229-a55f77b83e6b/1/AK1tg8gINynXqdhXHWXOl-BYuCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.167.0/24
                  192.166.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:72:8a:07:9a:75:a2:66:b2:43:ec:aa:e6:dd:05:76:43:df:
         43:ba:52:4a:0a:f7:79:59:1b:58:3d:82:e6:e8:81:0c:14:b5:
         5c:78:1b:15:bc:ec:d9:b2:06:5f:c3:f9:96:d9:1c:a8:10:19:
         d3:eb:35:2f:31:e1:6a:a8:b5:19:f6:2e:f1:07:a7:f5:66:e4:
         2b:13:38:8c:98:ab:e7:53:4c:98:e1:f5:d4:33:6c:1e:f3:e7:
         e3:f5:3d:63:57:43:94:22:d9:55:a6:9a:cc:71:28:3d:ed:04:
         b9:87:b0:3d:08:32:fe:d2:0f:97:43:84:fa:80:30:8e:6b:8c:
         3d:c2:dc:63:aa:d7:77:17:0f:16:d6:72:14:e8:f9:ac:8d:f7:
         20:41:35:68:3b:ec:c8:30:68:b4:25:2c:86:3c:05:06:46:11:
         dd:d2:c8:47:59:65:f5:f4:ba:52:23:04:08:13:46:f9:a2:1f:
         80:71:37:df:b4:05:46:9c:3c:46:4f:5e:64:8f:cf:0e:3f:a7:
         79:59:97:b6:32:eb:c0:79:f5:99:91:75:ca:37:d3:c2:e3:76:
         a7:62:53:c4:68:7b:98:74:17:fa:40:8a:92:b8:41:63:45:f9:
         e8:19:48:f0:b7:d5:87:74:af:72:3c:29:f5:7e:d3:68:5b:bd:
         1c:2e:3e:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCmq3sfk3q02u9NVstUgS6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWQ2ZDgzYzgwODM3MjlkN2E5ZDg1NzFkNjVjZTk3ZTA1
OGI4MjEwHhcNMjQwNzEyMTExOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmVlZDNjY2I4MDY2NzI5N2Y2YjBmODA2MDMwNDQ1MDE2ZDI1Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKUz50RlU0xGAW3r6fdSmAoQcCak
uzCy5kG7g+YQ7wfbQf+ZjJ0UmDheVNAM276D8cM5/WXKNcTbdhxoISR84BAHmRgJ
R857/k5BDbz76X9VLngkUjHkUmBwv4KvzMriKI64gx7+ZxMbktyHIlFqss1j1Qpm
mc23O05y6fJAoQmhKCnAVxlA6SJYDHX7XQN2EzHcjTv13cTLy4VwH1wqJPPonYcY
Vr5VboQJ+ZgseA9VSVFBo6nwd62Z+aXavTNfCbhXzMOPI5EeG7mUc13y09jIPxjR
bXFxNC8IlYpr3qbSjjoUqxSCoIKAaR9vWgMDaAq4FUr1DxRp7kFAsYwafwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCbu08y4Bmcpf2sPgGAwRFAW0lzeMB8GA1UdIwQY
MBaAFACtbYPICDcp16nYVx1lzpfgWLghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUsxdGc4Z0lOeW5YcWRoWEhXWE9sLUJZdUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kYjI5MTItODlhOS00ZWU5LTgyMjkt
YTU1Zjc3YjgzZTZiLzEvSnU3VHpMZ0daeWxfYXctQVlEQkVVQmJTWE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kYjI5MTItODlhOS00ZWU5LTgyMjktYTU1Zjc3YjgzZTZi
LzEvQUsxdGc4Z0lOeW5YcWRoWEhXWE9sLUJZdUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwKanAwQD
wKawMA0GCSqGSIb3DQEBCwUAA4IBAQCLcooHmnWiZrJD7Krm3QV2Q99DulJKCvd5
WRtYPYLm6IEMFLVceBsVvOzZsgZfw/mW2RyoEBnT6zUvMeFqqLUZ9i7xB6f1ZuQr
EziMmKvnU0yY4fXUM2we8+fj9T1jV0OUItlVpprMcSg97QS5h7A9CDL+0g+XQ4T6
gDCOa4w9wtxjqtd3Fw8W1nIU6PmsjfcgQTVoO+zIMGi0JSyGPAUGRhHd0shHWWX1
9LpSIwQIE0b5oh+AcTfftAVGnDxGT15kj88OP6d5WZe2MuvAefWZkXXKN9PC43an
YlPEaHuYdBf6QIqSuEFjRfnoGUjwt9WHdK9yPCn1ftNoW70cLj49
-----END CERTIFICATE-----