Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/JpOmjX6RvSx5SaiDwpvnNbYssEo.roa
File:                     JpOmjX6RvSx5SaiDwpvnNbYssEo.roa (raw, json)
Hash identifier:          17pgLo61VkSgmEireTe2lbf8ZxEMvfwEZSeSG5HHdJ4=
Subject key identifier:   26:93:A6:8D:7E:91:BD:2C:79:49:A8:83:C2:9B:E7:35:B6:2C:B0:4A
Certificate issuer:       /CN=6cf96a7c01d62e37acecf0786f64978905121647
Certificate serial:       0192BD8B509EFC7E4FA3E944C806CF81CF75
Authority key identifier: 6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/JpOmjX6RvSx5SaiDwpvnNbYssEo.roa
Signing time:             Thu 24 Oct 2024 08:01:16 +0000
ROA not before:           Thu 24 Oct 2024 08:01:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208561
IP address blocks:        185.117.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bd:8b:50:9e:fc:7e:4f:a3:e9:44:c8:06:cf:81:cf:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf96a7c01d62e37acecf0786f64978905121647
        Validity
            Not Before: Oct 24 08:01:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2693a68d7e91bd2c7949a883c29be735b62cb04a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8f:3d:64:83:d9:82:80:cf:5f:f1:90:f8:b8:
                    57:dc:23:be:ac:60:1b:41:01:b0:e9:00:68:ba:e8:
                    f1:16:d7:99:a1:0b:5c:ba:03:28:8a:d4:52:ca:ac:
                    7b:96:86:b5:04:8d:43:fe:a8:31:59:4e:e9:60:62:
                    99:77:3b:43:28:4d:51:8b:e4:e1:9b:bc:c5:91:7c:
                    3d:7a:08:f3:ea:1f:18:b4:18:ed:19:2f:6b:fd:f2:
                    52:e0:fa:df:a3:0b:c4:49:85:0c:8e:2a:49:95:e0:
                    b4:3f:c9:60:5f:9c:bd:8e:fa:23:fa:aa:01:ab:b6:
                    89:ac:2d:75:8a:cf:98:69:6a:40:f1:a1:da:2c:30:
                    9e:ca:01:c2:68:4e:d1:47:32:aa:3a:24:29:0f:90:
                    8b:3f:da:16:a4:15:6e:3e:aa:84:6b:71:3a:4b:89:
                    3a:90:23:bf:f4:01:c3:74:25:dd:df:c8:d7:95:c7:
                    14:bf:d1:d2:f0:4c:a4:1d:a0:53:c0:46:34:5f:4f:
                    16:ac:94:13:17:a5:97:13:68:3d:97:b8:29:f9:d3:
                    28:6a:9c:7f:d0:02:4a:86:d2:7b:80:30:60:ad:29:
                    68:a7:ef:34:14:16:11:c3:70:ea:3d:b5:59:e7:6a:
                    ff:fc:cc:c4:d4:51:98:b2:50:fd:1f:55:be:16:47:
                    ed:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:93:A6:8D:7E:91:BD:2C:79:49:A8:83:C2:9B:E7:35:B6:2C:B0:4A
            X509v3 Authority Key Identifier:
                keyid:6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/JpOmjX6RvSx5SaiDwpvnNbYssEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:cc:c3:30:db:89:17:7a:37:7b:76:7a:20:16:ac:33:27:92:
         37:87:17:e7:c4:d6:d8:8f:2a:15:80:01:38:96:32:d1:fd:49:
         b0:76:4e:3a:72:a7:8a:20:48:a1:e7:ca:52:7f:2d:91:a4:4e:
         0d:d5:10:2b:62:81:c1:2c:b7:41:71:89:db:2a:d6:f7:01:c2:
         15:bb:18:1b:94:7d:06:e1:f6:bd:5a:e3:a7:3d:1c:d2:58:3a:
         c4:f1:b0:e7:81:43:b5:03:41:36:96:2c:8a:cc:6a:04:08:1b:
         2d:17:ac:38:71:03:37:78:5a:ab:a7:f0:20:bc:4b:34:e8:05:
         1f:11:f1:8c:59:e6:8f:d4:d4:df:84:73:b7:23:4e:d3:da:08:
         36:3e:cb:b3:9d:bb:f6:3f:a7:13:7f:f0:98:62:77:82:59:f4:
         0d:8d:06:0a:8d:2a:80:95:d5:f4:57:b4:ce:b7:35:5f:67:b4:
         af:92:64:c6:e7:26:7d:07:21:35:27:e5:69:e6:39:f1:11:15:
         b6:7d:06:e4:ed:d2:c3:ac:72:38:ac:d5:1d:0a:80:8b:5b:37:
         24:6a:23:e7:16:f7:e8:9f:f5:d9:ed:de:fe:fd:59:51:fa:c5:
         47:1f:45:91:37:d2:83:51:9a:b8:14:50:cd:ba:21:db:93:33:
         87:92:7e:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK9i1Ce/H5Po+lEyAbPgc91MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjk2YTdjMDFkNjJlMzdhY2VjZjA3ODZmNjQ5Nzg5MDUx
MjE2NDcwHhcNMjQxMDI0MDgwMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjkzYTY4ZDdlOTFiZDJjNzk0OWE4ODNjMjliZTczNWI2MmNiMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwo89ZIPZgoDPX/GQ+LhX3CO+rGAb
QQGw6QBouujxFteZoQtcugMoitRSyqx7loa1BI1D/qgxWU7pYGKZdztDKE1Ri+Th
m7zFkXw9egjz6h8YtBjtGS9r/fJS4PrfowvESYUMjipJleC0P8lgX5y9jvoj+qoB
q7aJrC11is+YaWpA8aHaLDCeygHCaE7RRzKqOiQpD5CLP9oWpBVuPqqEa3E6S4k6
kCO/9AHDdCXd38jXlccUv9HS8EykHaBTwEY0X08WrJQTF6WXE2g9l7gp+dMoapx/
0AJKhtJ7gDBgrSlop+80FBYRw3DqPbVZ52r//MzE1FGYslD9H1W+FkftLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCaTpo1+kb0seUmog8Kb5zW2LLBKMB8GA1UdIwQY
MBaAFGz5anwB1i43rOzweG9kl4kFEhZHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEt
YjE1YjNmYmMwNGE2LzEvSnBPbWpYNlJ2U3g1U2FpRHdwdm5OYllzc0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEtYjE1YjNmYmMwNGE2
LzEvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXWEMA0G
CSqGSIb3DQEBCwUAA4IBAQCLzMMw24kXejd7dnogFqwzJ5I3hxfnxNbYjyoVgAE4
ljLR/Umwdk46cqeKIEih58pSfy2RpE4N1RArYoHBLLdBcYnbKtb3AcIVuxgblH0G
4fa9WuOnPRzSWDrE8bDngUO1A0E2liyKzGoECBstF6w4cQM3eFqrp/AgvEs06AUf
EfGMWeaP1NTfhHO3I07T2gg2Psuznbv2P6cTf/CYYneCWfQNjQYKjSqAldX0V7TO
tzVfZ7SvkmTG5yZ9ByE1J+Vp5jnxERW2fQbk7dLDrHI4rNUdCoCLWzckaiPnFvfo
n/XZ7d7+/VlR+sVHH0WRN9KDUZq4FFDNuiHbkzOHkn5/
-----END CERTIFICATE-----