Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/c0e651-85d1-4b32-8fc7-10c750c6e351/1/EGnxwDx_IuXYa659Q0tLIGCNaMc.roa
File:                     EGnxwDx_IuXYa659Q0tLIGCNaMc.roa (raw, json)
Hash identifier:          s67ffbgtutQeXzHEqgNskK7GNHRCIzpjtn5rEZdJYCY=
Subject key identifier:   10:69:F1:C0:3C:7F:22:E5:D8:6B:AE:7D:43:4B:4B:20:60:8D:68:C7
Certificate issuer:       /CN=251f4224ffe893e9b837839aa0a68a00380f54c6
Certificate serial:       018CCA9A160204F84969242E5918A61BE945
Authority key identifier: 25:1F:42:24:FF:E8:93:E9:B8:37:83:9A:A0:A6:8A:00:38:0F:54:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JR9CJP_ok-m4N4OaoKaKADgPVMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/c0e651-85d1-4b32-8fc7-10c750c6e351/1/EGnxwDx_IuXYa659Q0tLIGCNaMc.roa
Signing time:             Tue 02 Jan 2024 14:35:44 +0000
ROA not before:           Tue 02 Jan 2024 14:35:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204779
IP address blocks:        185.185.168.0/22 maxlen: 22
                          2a0b:5c80::/29 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/c0e651-85d1-4b32-8fc7-10c750c6e351/1/JR9CJP_ok-m4N4OaoKaKADgPVMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/c0e651-85d1-4b32-8fc7-10c750c6e351/1/JR9CJP_ok-m4N4OaoKaKADgPVMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JR9CJP_ok-m4N4OaoKaKADgPVMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:16:02:04:f8:49:69:24:2e:59:18:a6:1b:e9:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=251f4224ffe893e9b837839aa0a68a00380f54c6
        Validity
            Not Before: Jan  2 14:35:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1069f1c03c7f22e5d86bae7d434b4b20608d68c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:08:84:3d:fd:d1:7d:a8:70:dc:7d:74:ef:cf:
                    a9:3b:82:8f:75:12:04:00:c2:95:ff:42:ab:06:d0:
                    1f:ee:f0:3c:0d:8c:3c:2f:27:23:5c:44:17:c8:43:
                    51:3e:b6:3b:84:6e:7c:4f:8e:ea:73:ca:ee:7a:33:
                    42:5f:80:36:7a:fe:8a:10:47:92:a9:3a:ff:be:a8:
                    f5:66:af:6d:3e:bb:f7:c8:7d:bb:2c:d1:3f:80:3f:
                    69:00:b3:e2:e9:2d:bf:ac:f6:84:23:27:70:b4:d0:
                    58:55:fa:5f:5b:42:1a:29:f4:3d:54:25:56:9c:f3:
                    1a:0f:c6:bb:be:cd:81:d5:c2:12:62:62:5a:64:78:
                    28:f4:c0:47:c4:2e:6e:9d:dd:c9:35:65:94:e7:b0:
                    e2:36:f9:4b:41:fa:53:56:08:c5:8a:b1:60:f1:98:
                    a4:f6:85:e4:e2:a0:e3:d3:58:03:f4:44:95:fd:f6:
                    a4:ee:ab:6c:89:74:3b:3f:b6:37:01:91:a1:4a:0c:
                    cb:69:1d:c0:b7:c4:7f:1c:52:fc:fd:84:7b:f0:7d:
                    08:02:65:05:71:e9:f6:32:6c:c7:1e:cf:ef:02:c6:
                    49:2f:4e:27:4b:0e:4a:c6:56:12:d4:fa:2c:1c:59:
                    9a:b1:f2:ed:96:33:ca:20:38:0a:ca:fe:59:e4:8a:
                    f0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:69:F1:C0:3C:7F:22:E5:D8:6B:AE:7D:43:4B:4B:20:60:8D:68:C7
            X509v3 Authority Key Identifier:
                keyid:25:1F:42:24:FF:E8:93:E9:B8:37:83:9A:A0:A6:8A:00:38:0F:54:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JR9CJP_ok-m4N4OaoKaKADgPVMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/c0e651-85d1-4b32-8fc7-10c750c6e351/1/EGnxwDx_IuXYa659Q0tLIGCNaMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/c0e651-85d1-4b32-8fc7-10c750c6e351/1/JR9CJP_ok-m4N4OaoKaKADgPVMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.168.0/22
                IPv6:
                  2a0b:5c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:70:2c:10:7c:20:3b:36:a6:e4:d5:62:ab:b1:87:36:c4:7e:
         df:8f:22:d2:69:be:4d:ec:0d:1c:7e:f2:a4:c6:c6:66:b7:4d:
         ed:c7:48:74:13:5d:9c:8f:2a:24:9e:c8:a3:0d:b6:9a:2a:31:
         84:7a:81:35:ad:61:af:60:81:aa:ff:b3:87:0c:c8:5c:eb:32:
         62:d1:f2:4f:4f:18:fe:34:17:c5:47:ed:33:a6:48:2f:5c:89:
         b8:ed:d5:9f:1c:4c:a1:8d:4c:a0:c7:ca:0f:7d:3a:c7:4c:ae:
         c6:f1:fd:a7:a0:76:0b:de:cc:89:44:98:b8:8b:dd:b6:54:54:
         d9:29:a2:5e:42:56:6f:3d:b3:51:99:e6:16:21:a8:f7:47:aa:
         6a:53:e0:29:0c:8a:a4:f4:3c:ac:4f:91:24:d2:2e:16:dc:34:
         6a:d9:99:f4:71:2a:61:e6:c9:4d:c9:fe:2f:99:5b:ba:26:c5:
         f4:ae:81:44:c3:62:d5:e6:70:a6:67:94:1d:8d:e0:1f:7a:94:
         17:0b:2e:41:c0:46:88:d9:38:da:b6:43:d2:ef:de:22:27:44:
         66:29:7a:f5:cc:f0:59:92:87:c8:5e:3c:ea:b4:85:0e:c4:1f:
         a6:3c:83:e0:d4:ba:ce:17:a2:f8:78:a2:6a:34:61:fe:16:73:
         81:08:54:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmhYCBPhJaSQuWRimG+lFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MWY0MjI0ZmZlODkzZTliODM3ODM5YWEwYTY4YTAwMzgw
ZjU0YzYwHhcNMjQwMTAyMTQzNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDY5ZjFjMDNjN2YyMmU1ZDg2YmFlN2Q0MzRiNGIyMDYwOGQ2OGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AiEPf3Rfahw3H1078+pO4KPdRIE
AMKV/0KrBtAf7vA8DYw8LycjXEQXyENRPrY7hG58T47qc8ruejNCX4A2ev6KEEeS
qTr/vqj1Zq9tPrv3yH27LNE/gD9pALPi6S2/rPaEIydwtNBYVfpfW0IaKfQ9VCVW
nPMaD8a7vs2B1cISYmJaZHgo9MBHxC5und3JNWWU57DiNvlLQfpTVgjFirFg8Zik
9oXk4qDj01gD9ESV/fak7qtsiXQ7P7Y3AZGhSgzLaR3At8R/HFL8/YR78H0IAmUF
cen2MmzHHs/vAsZJL04nSw5KxlYS1PosHFmasfLtljPKIDgKyv5Z5IrwbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBBp8cA8fyLl2GuufUNLSyBgjWjHMB8GA1UdIwQY
MBaAFCUfQiT/6JPpuDeDmqCmigA4D1TGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlI5Q0pQX29rLW00TjRPYW9LYUtBRGdQVk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9jMGU2NTEtODVkMS00YjMyLThmYzct
MTBjNzUwYzZlMzUxLzEvRUdueHdEeF9JdVhZYTY1OVEwdExJR0NOYU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9jMGU2NTEtODVkMS00YjMyLThmYzctMTBjNzUwYzZlMzUx
LzEvSlI5Q0pQX29rLW00TjRPYW9LYUtBRGdQVk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubmoMA0E
AgACMAcDBQMqC1yAMA0GCSqGSIb3DQEBCwUAA4IBAQAccCwQfCA7Nqbk1WKrsYc2
xH7fjyLSab5N7A0cfvKkxsZmt03tx0h0E12cjyoknsijDbaaKjGEeoE1rWGvYIGq
/7OHDMhc6zJi0fJPTxj+NBfFR+0zpkgvXIm47dWfHEyhjUygx8oPfTrHTK7G8f2n
oHYL3syJRJi4i922VFTZKaJeQlZvPbNRmeYWIaj3R6pqU+ApDIqk9DysT5Ek0i4W
3DRq2Zn0cSph5slNyf4vmVu6JsX0roFEw2LV5nCmZ5QdjeAfepQXCy5BwEaI2Tja
tkPS794iJ0RmKXr1zPBZkofIXjzqtIUOxB+mPIPg1LrOF6L4eKJqNGH+FnOBCFTn
-----END CERTIFICATE-----