Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/Jsd1PBVXghRoMq4SybKusKw4c4M.roa
File:                     Jsd1PBVXghRoMq4SybKusKw4c4M.roa (raw, json)
Hash identifier:          Sj7l5Tf3TFI4DnuyKhbtYkbaR4etcH0GexAV/DLMLvo=
Subject key identifier:   26:C7:75:3C:15:57:82:14:68:32:AE:12:C9:B2:AE:B0:AC:38:73:83
Certificate issuer:       /CN=836528e152b6dcba1571241ac55be5bce01118b7
Certificate serial:       018CC794A487F057253AB3FC9F743CE5F9F3
Authority key identifier: 83:65:28:E1:52:B6:DC:BA:15:71:24:1A:C5:5B:E5:BC:E0:11:18:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2Uo4VK23LoVcSQaxVvlvOARGLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/Jsd1PBVXghRoMq4SybKusKw4c4M.roa
Signing time:             Tue 02 Jan 2024 00:30:56 +0000
ROA not before:           Tue 02 Jan 2024 00:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265554
IP address blocks:        185.198.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/g2Uo4VK23LoVcSQaxVvlvOARGLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/g2Uo4VK23LoVcSQaxVvlvOARGLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2Uo4VK23LoVcSQaxVvlvOARGLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a4:87:f0:57:25:3a:b3:fc:9f:74:3c:e5:f9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=836528e152b6dcba1571241ac55be5bce01118b7
        Validity
            Not Before: Jan  2 00:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26c7753c155782146832ae12c9b2aeb0ac387383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:63:b9:5c:d8:64:80:a7:aa:d9:19:58:50:44:
                    9f:a1:59:35:14:81:3d:2f:74:f6:2f:fa:20:55:5b:
                    dc:ed:96:02:12:92:19:d4:38:d0:4f:a4:41:53:b1:
                    68:4b:1b:9b:d3:48:01:11:79:bd:f1:78:85:7b:33:
                    4c:11:77:49:7a:74:ee:6a:1d:8d:a3:d7:73:43:94:
                    a7:44:d6:c0:0b:7e:30:57:b0:9c:b8:87:a3:11:ba:
                    04:c9:97:e9:70:ef:34:01:09:5d:be:4f:bd:49:48:
                    47:df:be:0e:4c:83:6f:f7:63:a9:d3:32:48:05:c7:
                    96:b1:db:31:db:6a:c4:81:0c:42:d1:dd:bc:6a:19:
                    98:6f:7a:7e:09:50:01:04:68:48:fc:fa:9c:39:ee:
                    66:01:90:db:7c:4a:1f:75:d2:91:3a:1e:20:7d:c6:
                    7b:11:bc:ba:a5:c1:e2:e2:3f:4c:4b:69:1c:eb:b9:
                    d9:43:df:50:b4:b8:04:9f:fe:14:9b:83:9b:78:69:
                    24:30:af:22:98:fe:c5:b4:92:28:b1:b2:d4:82:66:
                    fb:27:10:ab:ce:a8:c9:54:ff:df:a7:2c:99:a5:26:
                    14:16:13:48:01:83:cb:c8:e2:90:73:6e:ff:2f:e7:
                    8d:3a:e0:de:ee:59:aa:ac:26:e5:a8:8d:5d:34:1c:
                    c0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C7:75:3C:15:57:82:14:68:32:AE:12:C9:B2:AE:B0:AC:38:73:83
            X509v3 Authority Key Identifier:
                keyid:83:65:28:E1:52:B6:DC:BA:15:71:24:1A:C5:5B:E5:BC:E0:11:18:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2Uo4VK23LoVcSQaxVvlvOARGLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/Jsd1PBVXghRoMq4SybKusKw4c4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/g2Uo4VK23LoVcSQaxVvlvOARGLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:00:12:ed:12:f4:24:6a:23:85:11:fc:4b:46:2b:47:97:6a:
         f7:4c:06:3f:c5:83:31:d2:5e:fc:3e:03:1a:ae:0b:42:93:0e:
         14:66:fc:d3:11:45:4b:c8:9c:95:0c:a1:17:89:03:af:c3:14:
         d9:b2:bd:14:2b:6a:55:74:4c:56:49:73:32:04:ca:77:fb:10:
         41:24:17:e5:09:be:c4:0c:69:2e:a3:4f:4d:ec:15:64:f6:61:
         f5:84:b2:60:ea:8a:69:99:f0:3a:f6:93:58:33:88:7f:e0:21:
         b0:02:cb:3a:4c:bc:fd:67:01:68:03:ec:db:94:39:61:81:a1:
         36:9d:b7:16:70:f4:70:9d:8f:33:c3:36:0e:b0:c0:a8:ca:35:
         a3:25:ac:92:ea:58:c0:27:8d:cd:17:f1:ac:94:e1:2c:1f:f7:
         1c:02:55:a0:13:78:2a:a0:ae:18:80:90:ad:d3:e3:28:7f:9b:
         71:9a:ec:c3:67:48:0d:6b:82:68:10:df:87:0b:6b:ec:b4:20:
         5a:8d:6e:d3:ee:c2:d2:30:a8:af:21:c1:82:8d:d5:91:b2:6d:
         43:0d:3e:a8:28:0c:e5:a3:15:54:8e:41:94:5f:6d:31:28:d2:
         5a:43:46:ec:fe:eb:a3:b9:b7:0e:cd:d3:ba:e3:c0:60:85:fe:
         80:89:33:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKSH8FclOrP8n3Q85fnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNjUyOGUxNTJiNmRjYmExNTcxMjQxYWM1NWJlNWJjZTAx
MTE4YjcwHhcNMjQwMTAyMDAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmM3NzUzYzE1NTc4MjE0NjgzMmFlMTJjOWIyYWViMGFjMzg3MzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGO5XNhkgKeq2RlYUESfoVk1FIE9
L3T2L/ogVVvc7ZYCEpIZ1DjQT6RBU7FoSxub00gBEXm98XiFezNMEXdJenTuah2N
o9dzQ5SnRNbAC34wV7CcuIejEboEyZfpcO80AQldvk+9SUhH374OTINv92Op0zJI
BceWsdsx22rEgQxC0d28ahmYb3p+CVABBGhI/PqcOe5mAZDbfEofddKROh4gfcZ7
Eby6pcHi4j9MS2kc67nZQ99QtLgEn/4Um4ObeGkkMK8imP7FtJIosbLUgmb7JxCr
zqjJVP/fpyyZpSYUFhNIAYPLyOKQc27/L+eNOuDe7lmqrCblqI1dNBzAzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbHdTwVV4IUaDKuEsmyrrCsOHODMB8GA1UdIwQY
MBaAFINlKOFStty6FXEkGsVb5bzgERi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJVbzRWSzIzTG9WY1NRYXhWdmx2T0FSR0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC83YzcwZjQtNWYzYS00ZmQzLTg4M2Mt
ZWI5NDE1ZWM1NDhhLzEvSnNkMVBCVlhnaFJvTXE0U3liS3VzS3c0YzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC83YzcwZjQtNWYzYS00ZmQzLTg4M2MtZWI5NDE1ZWM1NDhh
LzEvZzJVbzRWSzIzTG9WY1NRYXhWdmx2T0FSR0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucZkMA0G
CSqGSIb3DQEBCwUAA4IBAQBIABLtEvQkaiOFEfxLRitHl2r3TAY/xYMx0l78PgMa
rgtCkw4UZvzTEUVLyJyVDKEXiQOvwxTZsr0UK2pVdExWSXMyBMp3+xBBJBflCb7E
DGkuo09N7BVk9mH1hLJg6oppmfA69pNYM4h/4CGwAss6TLz9ZwFoA+zblDlhgaE2
nbcWcPRwnY8zwzYOsMCoyjWjJayS6ljAJ43NF/GslOEsH/ccAlWgE3gqoK4YgJCt
0+Mof5txmuzDZ0gNa4JoEN+HC2vstCBajW7T7sLSMKivIcGCjdWRsm1DDT6oKAzl
oxVUjkGUX20xKNJaQ0bs/uujubcOzdO648Bghf6AiTNS
-----END CERTIFICATE-----