Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/JApIwsd1OjJYvEu9BzPlQV4vxfQ.roa
File:                     JApIwsd1OjJYvEu9BzPlQV4vxfQ.roa (raw, json)
Hash identifier:          6BXN2qEDy2py2MzKGEybRY4raNRUhexWcmVFj/OA/bQ=
Subject key identifier:   24:0A:48:C2:C7:75:3A:32:58:BC:4B:BD:07:33:E5:41:5E:2F:C5:F4
Certificate issuer:       /CN=65c920a27e3e53a367f9ea96db7baf7bd65a83ea
Certificate serial:       018CC64B4B4481BBE9CCEB30B84AA49B9139
Authority key identifier: 65:C9:20:A2:7E:3E:53:A3:67:F9:EA:96:DB:7B:AF:7B:D6:5A:83:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zckgon4-U6Nn-eqW23uve9Zag-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/JApIwsd1OjJYvEu9BzPlQV4vxfQ.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        185.252.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/Zckgon4-U6Nn-eqW23uve9Zag-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/Zckgon4-U6Nn-eqW23uve9Zag-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zckgon4-U6Nn-eqW23uve9Zag-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4b:44:81:bb:e9:cc:eb:30:b8:4a:a4:9b:91:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65c920a27e3e53a367f9ea96db7baf7bd65a83ea
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=240a48c2c7753a3258bc4bbd0733e5415e2fc5f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:45:3a:4f:4b:b4:ee:25:61:cb:9e:37:86:6f:
                    25:2d:aa:36:03:db:c1:62:01:e2:13:e8:ed:35:e3:
                    e0:43:0d:da:a5:49:da:1e:f7:17:e7:c4:df:87:63:
                    84:b8:cc:64:40:f6:6d:2c:5c:35:d2:5d:58:e1:c1:
                    9b:7c:9a:d7:a5:ca:fa:81:43:b4:46:f3:5c:dd:f3:
                    a5:ee:6f:81:5c:fa:c3:7e:5c:95:32:57:b1:ee:6e:
                    7e:c9:25:31:8d:89:9e:b5:3e:ab:6d:bb:28:07:a4:
                    d2:31:92:77:b2:b4:01:29:d6:92:6f:f0:3a:df:6f:
                    e2:30:8f:a3:18:c5:7e:04:ea:2b:a5:83:b2:a5:37:
                    4b:5b:6f:5d:e0:b3:20:39:7d:e7:d3:8c:8b:42:d1:
                    59:5d:a2:4b:ae:b9:41:c3:80:df:a7:27:16:50:ae:
                    b7:bf:41:23:93:04:49:9e:5c:2b:1b:7d:9f:b5:d9:
                    ed:e5:49:35:94:0d:a8:e6:48:f0:b2:dd:96:98:85:
                    47:65:2b:4d:d2:d3:9b:fa:8b:56:ce:23:68:b1:b4:
                    83:61:63:da:02:2f:a4:87:5e:65:18:79:93:a4:7f:
                    b4:3a:09:2d:73:50:7a:b3:2d:dd:0d:68:68:89:ac:
                    f3:12:f3:d1:a6:33:6f:bb:53:16:9c:36:e4:90:5a:
                    62:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:0A:48:C2:C7:75:3A:32:58:BC:4B:BD:07:33:E5:41:5E:2F:C5:F4
            X509v3 Authority Key Identifier:
                keyid:65:C9:20:A2:7E:3E:53:A3:67:F9:EA:96:DB:7B:AF:7B:D6:5A:83:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zckgon4-U6Nn-eqW23uve9Zag-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/JApIwsd1OjJYvEu9BzPlQV4vxfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/Zckgon4-U6Nn-eqW23uve9Zag-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:90:30:1f:d9:f5:55:7e:e4:7f:27:f8:d9:39:b6:75:90:61:
         60:a2:81:60:ea:26:5c:b0:eb:a8:73:b5:a3:85:24:7a:b8:d6:
         64:c4:58:e8:c3:76:5b:f1:a9:89:29:50:ba:8f:f7:10:0c:2e:
         f9:83:17:19:80:bc:10:f4:26:4c:c2:43:76:96:47:e1:82:8d:
         10:3b:a8:0c:79:83:4b:f9:dc:d2:65:24:97:48:74:e1:35:5f:
         f7:77:29:3d:90:cf:93:1b:d7:4e:bd:2e:96:f3:3a:ae:82:4f:
         e5:ce:f5:0e:81:f1:7d:37:c2:66:d2:47:5f:2f:70:8e:27:62:
         c3:fc:4f:5f:eb:9d:9b:87:0f:ed:00:d1:fe:b2:38:6d:ce:01:
         89:d9:eb:b3:cd:35:20:34:86:73:5f:c8:28:57:6f:c2:11:27:
         62:7f:0c:c2:34:75:30:bd:2e:1c:df:60:d9:c6:82:87:6a:3c:
         33:19:be:4c:f6:07:b6:80:30:6b:2e:a9:fa:f6:8e:d8:1c:4f:
         28:45:0e:81:bc:aa:98:bc:37:bb:dc:83:8c:d3:a4:15:ce:2f:
         28:d7:c0:3a:05:ef:f1:f9:90:1b:eb:bd:1d:67:a9:46:ee:d6:
         fb:32:f7:7f:0b:b8:77:f7:31:88:dd:03:0c:ee:e8:fa:0e:a4:
         57:33:82:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0tEgbvpzOswuEqkm5E5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YzkyMGEyN2UzZTUzYTM2N2Y5ZWE5NmRiN2JhZjdiZDY1
YTgzZWEwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDBhNDhjMmM3NzUzYTMyNThiYzRiYmQwNzMzZTU0MTVlMmZjNWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkU6T0u07iVhy543hm8lLao2A9vB
YgHiE+jtNePgQw3apUnaHvcX58Tfh2OEuMxkQPZtLFw10l1Y4cGbfJrXpcr6gUO0
RvNc3fOl7m+BXPrDflyVMlex7m5+ySUxjYmetT6rbbsoB6TSMZJ3srQBKdaSb/A6
32/iMI+jGMV+BOorpYOypTdLW29d4LMgOX3n04yLQtFZXaJLrrlBw4DfpycWUK63
v0EjkwRJnlwrG32ftdnt5Uk1lA2o5kjwst2WmIVHZStN0tOb+otWziNosbSDYWPa
Ai+kh15lGHmTpH+0Ogktc1B6sy3dDWhoiazzEvPRpjNvu1MWnDbkkFpiDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQKSMLHdToyWLxLvQcz5UFeL8X0MB8GA1UdIwQY
MBaAFGXJIKJ+PlOjZ/nqltt7r3vWWoPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmNrZ29uNC1VNk5uLWVxVzIzdXZlOVphZy1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9iMmRkMDAtYTYyMS00OWE5LWJiYWIt
MzdmOWJmNzg2MWI2LzEvSkFwSXdzZDFPakpZdkV1OUJ6UGxRVjR2eGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9iMmRkMDAtYTYyMS00OWE5LWJiYWItMzdmOWJmNzg2MWI2
LzEvWmNrZ29uNC1VNk5uLWVxVzIzdXZlOVphZy1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufzCMA0G
CSqGSIb3DQEBCwUAA4IBAQBKkDAf2fVVfuR/J/jZObZ1kGFgooFg6iZcsOuoc7Wj
hSR6uNZkxFjow3Zb8amJKVC6j/cQDC75gxcZgLwQ9CZMwkN2lkfhgo0QO6gMeYNL
+dzSZSSXSHThNV/3dyk9kM+TG9dOvS6W8zqugk/lzvUOgfF9N8Jm0kdfL3COJ2LD
/E9f652bhw/tANH+sjhtzgGJ2euzzTUgNIZzX8goV2/CESdifwzCNHUwvS4c32DZ
xoKHajwzGb5M9ge2gDBrLqn69o7YHE8oRQ6BvKqYvDe73IOM06QVzi8o18A6Be/x
+ZAb670dZ6lG7tb7Mvd/C7h39zGI3QMM7uj6DqRXM4Kq
-----END CERTIFICATE-----