Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/jQxU70tNCkESDvzx9MfjkCcFITY.roa
File:                     jQxU70tNCkESDvzx9MfjkCcFITY.roa (raw, json)
Hash identifier:          suk2U02U9qaMFYn71p6wtGvEDO0JALocFyeXiWekq/Y=
Subject key identifier:   8D:0C:54:EF:4B:4D:0A:41:12:0E:FC:F1:F4:C7:E3:90:27:05:21:36
Certificate issuer:       /CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
Certificate serial:       018CC64A94777299EC332296D613011F475C
Authority key identifier: 81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/jQxU70tNCkESDvzx9MfjkCcFITY.roa
Signing time:             Mon 01 Jan 2024 18:30:25 +0000
ROA not before:           Mon 01 Jan 2024 18:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212222
IP address blocks:        193.227.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:94:77:72:99:ec:33:22:96:d6:13:01:1f:47:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
        Validity
            Not Before: Jan  1 18:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d0c54ef4b4d0a41120efcf1f4c7e39027052136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:19:a2:70:6e:d1:74:60:2f:61:a1:37:b1:28:
                    bd:4c:ee:14:b8:0d:58:a8:fc:7b:aa:27:d8:ff:80:
                    91:60:1e:b1:8d:e8:2c:aa:7f:45:c2:cd:af:cf:ab:
                    97:56:a3:b9:b1:69:4d:5b:35:9c:d5:2c:f0:8e:f6:
                    8b:53:e3:a9:28:95:d4:b9:dd:0e:c2:dd:26:0b:22:
                    ad:8b:61:8d:88:3f:25:1d:03:e3:d1:1b:93:18:1a:
                    b1:1b:15:ed:9f:8f:59:a6:34:ab:c4:b6:63:75:de:
                    cd:e9:75:54:62:a1:37:36:e8:72:b1:d2:61:fb:59:
                    ee:ec:22:c1:00:33:33:0f:54:3e:2d:e2:9a:a0:b6:
                    e2:01:2e:72:46:0e:97:52:f1:35:e9:43:2e:99:f4:
                    ce:a1:e7:53:96:3c:8d:fb:8a:78:e5:49:ff:b2:0b:
                    88:ad:3a:5f:51:e7:5d:50:9f:9e:03:0c:24:67:2b:
                    57:da:1e:ed:a2:fa:d0:4e:b8:b8:49:bc:12:a9:93:
                    8f:b0:21:76:30:f9:e5:73:b4:14:e9:a7:07:1a:7d:
                    50:19:fc:ab:0c:75:b6:4b:cd:ef:59:b2:31:eb:33:
                    e3:9e:8a:7d:13:d2:89:2c:ee:9c:d0:68:ec:e0:61:
                    13:4e:a1:14:18:2a:7e:02:58:e9:12:83:fc:35:78:
                    11:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:0C:54:EF:4B:4D:0A:41:12:0E:FC:F1:F4:C7:E3:90:27:05:21:36
            X509v3 Authority Key Identifier:
                keyid:81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/jQxU70tNCkESDvzx9MfjkCcFITY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:66:00:f3:b8:65:0f:1b:e9:15:07:0c:11:81:d6:ce:de:e9:
         ff:aa:71:bb:23:41:c7:05:27:21:8b:c7:85:29:a1:b8:e9:53:
         68:01:a0:f6:a4:ae:21:ae:98:44:d0:e8:7c:67:06:4f:3c:d0:
         6e:7f:ce:64:06:d9:72:bb:ff:36:eb:6b:51:a9:53:84:d2:e8:
         0e:fa:20:b2:30:6e:c2:29:40:b9:b5:7e:a7:a7:09:2f:e5:0d:
         bc:8d:41:9c:7e:fa:1e:7f:f3:52:7d:b1:0a:eb:07:8f:93:13:
         4d:5c:32:3f:3b:e8:a1:80:3b:0f:b4:53:24:8c:5f:2f:94:dc:
         b5:67:1a:a3:fa:12:f3:e3:c3:ee:79:e2:c7:06:17:dd:31:18:
         e5:2e:9a:5b:86:25:86:49:a2:35:c2:75:3e:ef:99:73:32:36:
         20:4d:a1:89:38:54:0e:84:3a:47:65:23:14:c8:be:d1:7b:d5:
         5e:5b:ff:78:76:eb:e7:70:ca:70:99:ef:75:55:73:6e:0d:fc:
         ed:e2:1d:ed:ad:91:c1:67:61:41:73:ae:3c:3a:a9:56:41:8a:
         f6:ae:06:21:e4:63:b7:1f:a4:dd:59:bd:61:f6:4f:1d:9e:ba:
         2b:03:c2:18:0a:7f:b3:21:2f:40:6c:ad:6a:31:d0:b3:6c:1e:
         80:3a:15:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpR3cpnsMyKW1hMBH0dcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTdjZThiYWNiZWNlZWIxNmY2MDBiNjA3ZDFiZmQwODAz
M2IzMDIwHhcNMjQwMTAxMTgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDBjNTRlZjRiNGQwYTQxMTIwZWZjZjFmNGM3ZTM5MDI3MDUyMTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhmicG7RdGAvYaE3sSi9TO4UuA1Y
qPx7qifY/4CRYB6xjegsqn9Fws2vz6uXVqO5sWlNWzWc1SzwjvaLU+OpKJXUud0O
wt0mCyKti2GNiD8lHQPj0RuTGBqxGxXtn49ZpjSrxLZjdd7N6XVUYqE3NuhysdJh
+1nu7CLBADMzD1Q+LeKaoLbiAS5yRg6XUvE16UMumfTOoedTljyN+4p45Un/sguI
rTpfUeddUJ+eAwwkZytX2h7tovrQTri4SbwSqZOPsCF2MPnlc7QU6acHGn1QGfyr
DHW2S83vWbIx6zPjnop9E9KJLO6c0Gjs4GETTqEUGCp+AljpEoP8NXgRUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0MVO9LTQpBEg788fTH45AnBSE2MB8GA1UdIwQY
MBaAFIGnzousvs7rFvYAtgfRv9CAM7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzct
YjI3ZDg3MzBhMjcwLzEvalF4VTcwdE5Da0VTRHZ6eDlNZmprQ2NGSVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzctYjI3ZDg3MzBhMjcw
LzEvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweN1MA0G
CSqGSIb3DQEBCwUAA4IBAQDLZgDzuGUPG+kVBwwRgdbO3un/qnG7I0HHBSchi8eF
KaG46VNoAaD2pK4hrphE0Oh8ZwZPPNBuf85kBtlyu/8262tRqVOE0ugO+iCyMG7C
KUC5tX6npwkv5Q28jUGcfvoef/NSfbEK6wePkxNNXDI/O+ihgDsPtFMkjF8vlNy1
Zxqj+hLz48PueeLHBhfdMRjlLppbhiWGSaI1wnU+75lzMjYgTaGJOFQOhDpHZSMU
yL7Re9VeW/94duvncMpwme91VXNuDfzt4h3trZHBZ2FBc648OqlWQYr2rgYh5GO3
H6TdWb1h9k8dnrorA8IYCn+zIS9AbK1qMdCzbB6AOhWi
-----END CERTIFICATE-----