Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/Jnl7SyceuuaNgi59c06_vnm66h0.roa
File:                     Jnl7SyceuuaNgi59c06_vnm66h0.roa (raw, json)
Hash identifier:          ncbPY4Kvy0G7PUmcL4jYgOykLMrX3tSy/oHD8Qtxsbk=
Subject key identifier:   26:79:7B:4B:27:1E:BA:E6:8D:82:2E:7D:73:4E:BF:BE:79:BA:EA:1D
Certificate issuer:       /CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
Certificate serial:       018CC5DD267E57780B43AE574A911568CBC2
Authority key identifier: C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/Jnl7SyceuuaNgi59c06_vnm66h0.roa
Signing time:             Mon 01 Jan 2024 16:30:54 +0000
ROA not before:           Mon 01 Jan 2024 16:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        185.102.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:26:7e:57:78:0b:43:ae:57:4a:91:15:68:cb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
        Validity
            Not Before: Jan  1 16:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26797b4b271ebae68d822e7d734ebfbe79baea1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:13:72:b5:c4:9b:d4:b2:0e:aa:5b:df:b1:49:
                    bf:b6:fc:0c:37:90:85:cb:fb:5f:42:d3:98:f5:71:
                    78:73:a1:c7:fd:e1:21:38:2c:8c:56:15:21:8e:89:
                    43:00:0b:c1:31:56:e8:b3:d0:6a:ba:7a:cb:3f:34:
                    cd:e6:02:b1:ed:f9:44:03:8b:08:73:fc:5a:cc:af:
                    9e:92:7b:66:62:47:5a:b5:28:bb:6e:24:44:17:cb:
                    c2:f2:7b:6e:f7:d2:81:39:dd:8f:c8:e1:78:a4:2d:
                    ff:26:93:55:02:7e:c2:c6:30:30:46:d7:f1:59:f6:
                    60:e5:90:f6:6c:cc:17:a0:92:53:3f:6e:bb:1a:7c:
                    79:63:72:9a:cc:41:08:d9:2f:ea:73:97:c1:b4:12:
                    79:df:03:88:be:fe:fc:a1:c4:65:b8:3a:80:6a:73:
                    9d:66:32:10:88:d4:2d:5d:31:f9:5c:0f:d7:cf:fe:
                    12:e5:4b:97:f1:93:9b:4d:53:84:7f:17:69:e9:63:
                    11:42:e8:7b:0a:ea:6c:c2:59:77:e5:39:58:10:57:
                    b1:5a:1e:8e:5f:00:9b:60:59:46:3a:9e:7a:84:4e:
                    53:bb:bc:8b:5c:8e:dc:42:da:82:65:51:d8:54:39:
                    55:6b:15:78:a4:65:79:50:d3:3f:14:4d:55:ef:04:
                    5b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:79:7B:4B:27:1E:BA:E6:8D:82:2E:7D:73:4E:BF:BE:79:BA:EA:1D
            X509v3 Authority Key Identifier:
                keyid:C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/Jnl7SyceuuaNgi59c06_vnm66h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:91:69:07:7c:f6:01:83:d8:63:63:fd:56:e7:3a:00:ca:0d:
         8d:c7:c4:47:bf:de:e3:e6:ca:1f:c2:45:53:6d:02:6b:ca:11:
         3c:be:17:af:ad:b9:e8:7c:96:71:ba:4c:52:87:bf:5a:82:7f:
         d9:00:8d:27:54:91:d7:02:b3:ca:8a:de:62:3f:d8:04:a4:42:
         bd:b7:c0:20:40:54:86:15:48:02:84:a1:f5:77:a1:b1:19:cc:
         79:e7:7b:4d:0d:d9:16:eb:f2:b3:3f:e7:3d:a3:3f:35:3f:0a:
         00:98:4a:97:05:fc:d5:37:22:6a:9b:ef:2d:8b:6a:3d:c5:64:
         87:7f:78:92:f4:ff:32:d0:11:2d:6a:ad:96:9a:db:75:2c:37:
         f9:c8:5d:ca:37:8e:f6:f3:7b:7c:67:70:b6:6e:6f:af:1b:cc:
         fe:19:bc:a9:c4:33:25:23:37:a2:f1:d9:f8:16:54:68:03:78:
         05:f8:ba:71:ed:b0:1c:f3:cf:27:08:e9:98:77:bc:68:cd:a9:
         5e:3f:ee:76:5d:a2:46:95:0d:da:8b:b3:0b:54:85:99:07:82:
         71:7c:8d:e0:86:89:47:09:a7:1f:d8:38:36:bb:30:12:60:0c:
         9f:30:74:eb:86:73:73:d5:ef:df:16:1a:9f:e6:72:8a:9c:85:
         9e:07:59:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3SZ+V3gLQ65XSpEVaMvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWU3ZDdiYjY5ZWZhY2IwYzczOTAyOTcyYzc0ZDcyZDI5
YmY3N2YwHhcNMjQwMTAxMTYzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjc5N2I0YjI3MWViYWU2OGQ4MjJlN2Q3MzRlYmZiZTc5YmFlYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhNytcSb1LIOqlvfsUm/tvwMN5CF
y/tfQtOY9XF4c6HH/eEhOCyMVhUhjolDAAvBMVbos9BqunrLPzTN5gKx7flEA4sI
c/xazK+ekntmYkdatSi7biREF8vC8ntu99KBOd2PyOF4pC3/JpNVAn7CxjAwRtfx
WfZg5ZD2bMwXoJJTP267Gnx5Y3KazEEI2S/qc5fBtBJ53wOIvv78ocRluDqAanOd
ZjIQiNQtXTH5XA/Xz/4S5UuX8ZObTVOEfxdp6WMRQuh7Cupswll35TlYEFexWh6O
XwCbYFlGOp56hE5Tu7yLXI7cQtqCZVHYVDlVaxV4pGV5UNM/FE1V7wRbJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZ5e0snHrrmjYIufXNOv755uuodMB8GA1UdIwQY
MBaAFMFefXu2nvrLDHOQKXLHTXLSm/d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAt
MzQ3YTBmN2M1YjA4LzEvSm5sN1N5Y2V1dWFOZ2k1OWMwNl92bm02NmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAtMzQ3YTBmN2M1YjA4
LzEvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWapMA0G
CSqGSIb3DQEBCwUAA4IBAQBYkWkHfPYBg9hjY/1W5zoAyg2Nx8RHv97j5sofwkVT
bQJryhE8vhevrbnofJZxukxSh79agn/ZAI0nVJHXArPKit5iP9gEpEK9t8AgQFSG
FUgChKH1d6GxGcx553tNDdkW6/KzP+c9oz81PwoAmEqXBfzVNyJqm+8ti2o9xWSH
f3iS9P8y0BEtaq2Wmtt1LDf5yF3KN47283t8Z3C2bm+vG8z+GbypxDMlIzei8dn4
FlRoA3gF+Lpx7bAc888nCOmYd7xozaleP+52XaJGlQ3ai7MLVIWZB4JxfI3gholH
Cacf2Dg2uzASYAyfMHTrhnNz1e/fFhqf5nKKnIWeB1kr
-----END CERTIFICATE-----