Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/80c0a0-8539-46ed-b122-fe0ca1a7d35d/1/8j_N0gv7LbOBdoseMl3ZWbvefJI.roa
File:                     8j_N0gv7LbOBdoseMl3ZWbvefJI.roa (raw, json)
Hash identifier:          m5fAnNJ3loz3b5gusN+FRt0E8fJFiDvEtTAjpDDv5lk=
Subject key identifier:   F2:3F:CD:D2:0B:FB:2D:B3:81:76:8B:1E:32:5D:D9:59:BB:DE:7C:92
Certificate issuer:       /CN=e2b6a6ff5969a15d25ddc3bbddd6beb94f48a5f9
Certificate serial:       018CC3B734CFEB54751D73019B7EDBCC9088
Authority key identifier: E2:B6:A6:FF:59:69:A1:5D:25:DD:C3:BB:DD:D6:BE:B9:4F:48:A5:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ram_1lpoV0l3cO73da-uU9Ipfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/80c0a0-8539-46ed-b122-fe0ca1a7d35d/1/8j_N0gv7LbOBdoseMl3ZWbvefJI.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41038
IP address blocks:        185.187.124.0/22 maxlen: 22
                          2a0b:a180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/80c0a0-8539-46ed-b122-fe0ca1a7d35d/1/4ram_1lpoV0l3cO73da-uU9Ipfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/80c0a0-8539-46ed-b122-fe0ca1a7d35d/1/4ram_1lpoV0l3cO73da-uU9Ipfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ram_1lpoV0l3cO73da-uU9Ipfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:34:cf:eb:54:75:1d:73:01:9b:7e:db:cc:90:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2b6a6ff5969a15d25ddc3bbddd6beb94f48a5f9
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f23fcdd20bfb2db381768b1e325dd959bbde7c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7b:df:59:61:33:58:fb:37:28:a5:5c:b3:27:
                    9b:16:2d:53:ac:d3:f0:35:58:71:45:90:9e:5e:7f:
                    66:a6:b3:bf:cb:35:17:79:3e:79:55:fa:bd:63:f7:
                    c9:1d:02:24:d9:76:f7:01:70:91:c8:6f:0f:5b:ed:
                    5c:af:e3:ac:12:68:0f:f8:1e:34:d5:6d:c3:06:4f:
                    e8:ab:15:e6:4d:f3:a0:89:34:30:e4:46:7c:ea:4f:
                    8f:cc:89:36:a4:a5:45:62:59:c0:96:be:9d:df:a5:
                    8f:12:1d:8c:8a:98:82:4a:1e:59:ed:7a:c0:da:d6:
                    a9:70:71:14:63:68:2d:f9:97:9c:7e:f5:b3:c0:ac:
                    92:69:80:0b:7a:5f:ad:54:b3:94:2b:8e:19:d8:f0:
                    6f:63:74:86:95:1f:75:fc:79:38:c8:33:be:cd:ac:
                    06:71:0c:54:05:22:c1:3f:80:e7:15:5c:10:f2:39:
                    41:60:be:92:98:93:bd:b2:bf:37:26:aa:05:cd:66:
                    ed:60:08:bd:bc:e3:a7:2c:1a:dc:0f:d9:f9:c1:56:
                    a3:22:da:fa:75:7e:33:42:f5:35:fe:c2:93:e9:23:
                    d8:2c:46:3e:ff:e6:67:fc:67:a4:28:22:ae:00:ff:
                    0b:6b:96:63:b7:23:65:46:30:bd:0f:15:eb:dc:3a:
                    e5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3F:CD:D2:0B:FB:2D:B3:81:76:8B:1E:32:5D:D9:59:BB:DE:7C:92
            X509v3 Authority Key Identifier:
                keyid:E2:B6:A6:FF:59:69:A1:5D:25:DD:C3:BB:DD:D6:BE:B9:4F:48:A5:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ram_1lpoV0l3cO73da-uU9Ipfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/80c0a0-8539-46ed-b122-fe0ca1a7d35d/1/8j_N0gv7LbOBdoseMl3ZWbvefJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/80c0a0-8539-46ed-b122-fe0ca1a7d35d/1/4ram_1lpoV0l3cO73da-uU9Ipfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.124.0/22
                IPv6:
                  2a0b:a180::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:17:e9:a3:05:2c:ff:92:5b:eb:3b:65:70:5f:38:a9:53:57:
         c7:10:59:4a:89:34:bd:44:d5:87:1e:db:3f:75:e7:03:ce:54:
         ea:80:15:30:bd:a8:73:9a:6f:c5:3c:8d:05:a9:cc:1f:4c:33:
         ab:a4:1f:cb:06:c1:c9:7c:fe:e0:d2:61:14:f5:ae:b7:ed:cb:
         e2:a6:4a:3e:5c:a2:c3:4e:20:a6:2e:b9:32:9f:80:10:a1:d2:
         05:61:75:57:60:15:24:8d:12:a7:58:35:6e:ae:9e:f2:04:10:
         7c:3a:79:ed:33:09:97:a8:25:df:e9:7d:83:87:83:7c:af:15:
         a5:7d:64:20:77:c9:fd:2e:d3:1d:43:a6:49:a1:3f:40:85:e9:
         c2:98:6b:ba:78:a3:a7:ff:36:ed:ed:de:e9:b8:3e:1a:9a:1d:
         15:c3:fa:bd:4b:6d:86:05:39:18:da:c9:27:98:f9:0f:8b:1a:
         c5:cd:38:40:8f:7b:64:57:b8:8b:ab:0b:53:d1:33:8d:e9:1d:
         05:1a:3e:a3:04:f1:6e:af:e4:f7:d6:6c:9a:b9:af:f1:44:7a:
         f6:b2:b5:15:6a:94:86:4e:65:af:a9:c5:5e:22:6e:c6:96:fd:
         8a:47:09:4b:ab:c9:fd:42:01:25:83:74:7f:5f:75:8b:53:6f:
         3a:2c:6c:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtzTP61R1HXMBm37bzJCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYjZhNmZmNTk2OWExNWQyNWRkYzNiYmRkZDZiZWI5NGY0
OGE1ZjkwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjNmY2RkMjBiZmIyZGIzODE3NjhiMWUzMjVkZDk1OWJiZGU3YzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHvfWWEzWPs3KKVcsyebFi1TrNPw
NVhxRZCeXn9mprO/yzUXeT55Vfq9Y/fJHQIk2Xb3AXCRyG8PW+1cr+OsEmgP+B40
1W3DBk/oqxXmTfOgiTQw5EZ86k+PzIk2pKVFYlnAlr6d36WPEh2MipiCSh5Z7XrA
2tapcHEUY2gt+ZecfvWzwKySaYALel+tVLOUK44Z2PBvY3SGlR91/Hk4yDO+zawG
cQxUBSLBP4DnFVwQ8jlBYL6SmJO9sr83JqoFzWbtYAi9vOOnLBrcD9n5wVajItr6
dX4zQvU1/sKT6SPYLEY+/+Zn/GekKCKuAP8La5ZjtyNlRjC9DxXr3DrlrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPI/zdIL+y2zgXaLHjJd2Vm73nySMB8GA1UdIwQY
MBaAFOK2pv9ZaaFdJd3Du93WvrlPSKX5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJhbV8xbHBvVjBsM2NPNzNkYS11VTlJcGZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84MGMwYTAtODUzOS00NmVkLWIxMjIt
ZmUwY2ExYTdkMzVkLzEvOGpfTjBndjdMYk9CZG9zZU1sM1pXYnZlZkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84MGMwYTAtODUzOS00NmVkLWIxMjItZmUwY2ExYTdkMzVk
LzEvNHJhbV8xbHBvVjBsM2NPNzNkYS11VTlJcGZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubt8MA0E
AgACMAcDBQMqC6GAMA0GCSqGSIb3DQEBCwUAA4IBAQAxF+mjBSz/klvrO2VwXzip
U1fHEFlKiTS9RNWHHts/decDzlTqgBUwvahzmm/FPI0FqcwfTDOrpB/LBsHJfP7g
0mEU9a637cvipko+XKLDTiCmLrkyn4AQodIFYXVXYBUkjRKnWDVurp7yBBB8Onnt
MwmXqCXf6X2Dh4N8rxWlfWQgd8n9LtMdQ6ZJoT9AhenCmGu6eKOn/zbt7d7puD4a
mh0Vw/q9S22GBTkY2sknmPkPixrFzThAj3tkV7iLqwtT0TON6R0FGj6jBPFur+T3
1myaua/xRHr2srUVapSGTmWvqcVeIm7Glv2KRwlLq8n9QgElg3R/X3WLU286LGxQ
-----END CERTIFICATE-----