Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/jvqXm9cRs2FBvobxiGCpixVLogM.roa
File:                     jvqXm9cRs2FBvobxiGCpixVLogM.roa (raw, json)
Hash identifier:          x+6ESnJUmPDrk+8zeCE/LOVP4NaanZvlaYi8y8CrF8I=
Subject key identifier:   8E:FA:97:9B:D7:11:B3:61:41:BE:86:F1:88:60:A9:8B:15:4B:A2:03
Certificate issuer:       /CN=2bd2c37284d84426f05e325b6b047ad5cf3fe4f2
Certificate serial:       018CC64AF1D0501F1F7F23BC31C8B09D8910
Authority key identifier: 2B:D2:C3:72:84:D8:44:26:F0:5E:32:5B:6B:04:7A:D5:CF:3F:E4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K9LDcoTYRCbwXjJbawR61c8_5PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/jvqXm9cRs2FBvobxiGCpixVLogM.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138915
IP address blocks:        185.23.180.0/24 maxlen: 24
                          185.23.183.0/24 maxlen: 24
                          185.23.181.0/24 maxlen: 24
                          185.23.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/K9LDcoTYRCbwXjJbawR61c8_5PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/K9LDcoTYRCbwXjJbawR61c8_5PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K9LDcoTYRCbwXjJbawR61c8_5PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f1:d0:50:1f:1f:7f:23:bc:31:c8:b0:9d:89:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bd2c37284d84426f05e325b6b047ad5cf3fe4f2
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8efa979bd711b36141be86f18860a98b154ba203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3a:d1:cd:75:19:83:46:d3:51:37:10:e5:c7:
                    7f:ca:ee:15:8e:59:4b:89:cc:68:b6:4f:2b:ae:13:
                    37:87:9b:08:7d:91:0a:96:07:7a:f6:4f:e1:de:b4:
                    2a:d7:2b:8d:8c:12:04:47:e4:30:74:5e:f2:2c:90:
                    ca:29:e3:65:e5:04:25:aa:b3:51:7d:15:ce:56:6d:
                    45:a2:4d:f2:7e:44:d6:d7:44:97:c7:d3:c5:7c:1e:
                    d8:67:10:ce:7c:f5:3b:23:3a:2e:e4:95:2d:ae:b2:
                    e5:2e:66:b6:13:c4:79:ce:59:35:39:cd:e0:4f:3d:
                    e0:ef:4a:d3:dc:72:3c:79:69:1e:02:ea:93:86:59:
                    9d:af:84:d0:ba:11:0c:b1:96:05:6f:a0:0b:15:28:
                    cc:73:be:d0:e4:7b:e0:e3:e0:5a:64:a7:1e:37:e0:
                    83:7f:4e:1d:8f:45:79:d2:22:f9:4f:19:ac:8f:61:
                    31:1c:69:56:d6:cb:a4:74:3c:41:72:f1:93:69:0f:
                    35:cf:90:de:c3:47:42:5b:6a:3b:c4:4e:82:ea:bc:
                    2b:9b:6a:32:7d:15:12:c5:f1:87:a2:10:bd:74:49:
                    ed:89:c6:f3:1e:ec:cb:88:ad:6f:d4:79:ad:33:37:
                    9b:e1:7a:e0:69:26:de:26:5b:5d:ef:fb:d3:c3:08:
                    e0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:FA:97:9B:D7:11:B3:61:41:BE:86:F1:88:60:A9:8B:15:4B:A2:03
            X509v3 Authority Key Identifier:
                keyid:2B:D2:C3:72:84:D8:44:26:F0:5E:32:5B:6B:04:7A:D5:CF:3F:E4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K9LDcoTYRCbwXjJbawR61c8_5PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/jvqXm9cRs2FBvobxiGCpixVLogM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/K9LDcoTYRCbwXjJbawR61c8_5PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:37:a4:6b:82:07:51:0e:57:87:bb:8a:99:6c:d3:b8:fa:c0:
         e9:2d:9f:e7:22:ac:18:bf:86:0c:f4:58:a8:fd:c1:67:7a:4e:
         c5:c7:19:c8:a6:7c:52:f6:26:98:e5:79:00:69:82:99:f1:18:
         5b:6b:26:3e:34:d3:a2:ec:c1:48:12:1b:c7:fd:eb:00:bb:91:
         06:be:c1:91:8e:62:1b:1c:30:8e:c0:ad:c2:06:45:9c:14:19:
         b8:d7:15:71:93:11:9a:08:cd:a4:f4:17:e6:4e:99:0b:6b:89:
         51:0d:df:5e:a7:5b:08:10:65:82:56:78:58:98:e0:b7:52:43:
         04:06:8c:ac:ed:ab:d1:0f:4f:bf:46:83:81:ba:00:87:5d:f3:
         1b:01:25:cb:e2:4d:32:bc:87:ab:1f:19:04:cc:0c:0b:36:4d:
         fa:e8:fb:8c:12:a2:64:52:30:1b:c5:ef:6e:56:53:ef:20:cc:
         aa:92:16:a2:3d:9c:df:c1:b4:60:a8:52:65:c6:fc:71:1a:60:
         23:f7:56:9a:fc:f8:a0:21:43:da:96:8a:87:58:19:2d:fd:1e:
         bb:14:59:bb:dd:f1:17:9f:01:4e:7f:99:b6:09:91:5f:38:24:
         e6:de:c4:8d:ee:99:b7:26:fa:2c:04:8b:69:29:6a:9b:9a:db:
         76:27:05:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvHQUB8ffyO8MciwnYkQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZDJjMzcyODRkODQ0MjZmMDVlMzI1YjZiMDQ3YWQ1Y2Yz
ZmU0ZjIwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWZhOTc5YmQ3MTFiMzYxNDFiZTg2ZjE4ODYwYTk4YjE1NGJhMjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjrRzXUZg0bTUTcQ5cd/yu4VjllL
icxotk8rrhM3h5sIfZEKlgd69k/h3rQq1yuNjBIER+QwdF7yLJDKKeNl5QQlqrNR
fRXOVm1Fok3yfkTW10SXx9PFfB7YZxDOfPU7Izou5JUtrrLlLma2E8R5zlk1Oc3g
Tz3g70rT3HI8eWkeAuqThlmdr4TQuhEMsZYFb6ALFSjMc77Q5Hvg4+BaZKceN+CD
f04dj0V50iL5Txmsj2ExHGlW1sukdDxBcvGTaQ81z5Dew0dCW2o7xE6C6rwrm2oy
fRUSxfGHohC9dEnticbzHuzLiK1v1HmtMzeb4XrgaSbeJltd7/vTwwjg3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI76l5vXEbNhQb6G8YhgqYsVS6IDMB8GA1UdIwQY
MBaAFCvSw3KE2EQm8F4yW2sEetXPP+TyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzlMRGNvVFlSQ2J3WGpKYmF3UjYxYzhfNVBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jNDY0ZDYtMGNiZC00ZWZkLTk4YWMt
NTNkOWQzYTQ0ZmNmLzEvanZxWG05Y1JzMkZCdm9ieGlHQ3BpeFZMb2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jNDY0ZDYtMGNiZC00ZWZkLTk4YWMtNTNkOWQzYTQ0ZmNm
LzEvSzlMRGNvVFlSQ2J3WGpKYmF3UjYxYzhfNVBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRe0MA0G
CSqGSIb3DQEBCwUAA4IBAQBgN6RrggdRDleHu4qZbNO4+sDpLZ/nIqwYv4YM9Fio
/cFnek7FxxnIpnxS9iaY5XkAaYKZ8RhbayY+NNOi7MFIEhvH/esAu5EGvsGRjmIb
HDCOwK3CBkWcFBm41xVxkxGaCM2k9BfmTpkLa4lRDd9ep1sIEGWCVnhYmOC3UkME
Boys7avRD0+/RoOBugCHXfMbASXL4k0yvIerHxkEzAwLNk366PuMEqJkUjAbxe9u
VlPvIMyqkhaiPZzfwbRgqFJlxvxxGmAj91aa/PigIUPaloqHWBkt/R67FFm73fEX
nwFOf5m2CZFfOCTm3sSN7pm3JvosBItpKWqbmtt2JwWJ
-----END CERTIFICATE-----