Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/jcv3D3fAZlTKpKQlKaM0bvvPUdY.roa
File:                     jcv3D3fAZlTKpKQlKaM0bvvPUdY.roa (raw, json)
Hash identifier:          a5SbIcL+GxwbgSAfCIBZ5nf9a1g0xXEGajmNPw33olk=
Subject key identifier:   8D:CB:F7:0F:77:C0:66:54:CA:A4:A4:25:29:A3:34:6E:FB:CF:51:D6
Certificate issuer:       /CN=40cf69cca2c86e194754788edcd88e352ed4e11c
Certificate serial:       018CC9BCB64CFE49B0F457C307C83A758B73
Authority key identifier: 40:CF:69:CC:A2:C8:6E:19:47:54:78:8E:DC:D8:8E:35:2E:D4:E1:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QM9pzKLIbhlHVHiO3NiONS7U4Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/jcv3D3fAZlTKpKQlKaM0bvvPUdY.roa
Signing time:             Tue 02 Jan 2024 10:33:57 +0000
ROA not before:           Tue 02 Jan 2024 10:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        176.119.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/QM9pzKLIbhlHVHiO3NiONS7U4Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/QM9pzKLIbhlHVHiO3NiONS7U4Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QM9pzKLIbhlHVHiO3NiONS7U4Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b6:4c:fe:49:b0:f4:57:c3:07:c8:3a:75:8b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40cf69cca2c86e194754788edcd88e352ed4e11c
        Validity
            Not Before: Jan  2 10:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dcbf70f77c06654caa4a42529a3346efbcf51d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:23:45:0e:00:4f:e4:41:bf:ad:6d:99:2e:33:
                    b5:4f:77:87:d5:68:83:6e:13:6b:56:90:9d:48:c1:
                    e4:2d:38:d9:15:79:36:27:fb:12:93:53:46:73:b9:
                    d2:08:d1:55:77:8c:08:89:b9:6d:62:92:01:3a:28:
                    e0:88:11:91:d6:d3:62:da:16:ca:85:df:b3:50:67:
                    05:6e:54:01:18:81:73:53:62:29:74:29:d9:17:b0:
                    42:52:f0:87:27:91:81:92:7c:c2:f2:46:3e:5e:8d:
                    3a:e9:c6:dd:81:2f:38:d8:e2:1b:a5:95:aa:0d:81:
                    16:15:31:af:9a:51:c5:ae:9c:49:42:c4:c3:2b:1a:
                    49:e5:3d:ca:be:bf:90:4b:17:ed:1d:c0:96:52:22:
                    00:34:2c:1d:7f:c5:a0:78:d6:1a:35:1c:e3:f1:3e:
                    a9:b7:36:76:c8:7e:2c:27:5d:dd:9a:84:3e:5f:6b:
                    2d:f3:78:51:28:3b:a9:94:54:74:51:e5:ec:6c:cc:
                    d3:63:44:6a:ba:35:e2:ef:89:38:9f:b8:4e:7a:2f:
                    d8:88:59:6e:88:bb:1a:ca:fe:4d:a3:32:22:06:6e:
                    7d:dd:44:5b:5c:f6:fc:06:5c:fc:bd:18:90:4d:6c:
                    9d:ec:32:f4:8a:ef:3d:26:a8:f2:f6:fe:f3:3f:d6:
                    22:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:CB:F7:0F:77:C0:66:54:CA:A4:A4:25:29:A3:34:6E:FB:CF:51:D6
            X509v3 Authority Key Identifier:
                keyid:40:CF:69:CC:A2:C8:6E:19:47:54:78:8E:DC:D8:8E:35:2E:D4:E1:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QM9pzKLIbhlHVHiO3NiONS7U4Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/jcv3D3fAZlTKpKQlKaM0bvvPUdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/QM9pzKLIbhlHVHiO3NiONS7U4Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:a0:fd:ca:7c:5c:fa:92:e9:65:1f:d7:e1:4a:1f:ca:03:40:
         99:ae:d5:c2:6a:9e:1a:d8:2c:61:08:cf:90:42:8b:1c:d0:e4:
         2f:bd:2f:62:b9:83:61:98:e1:08:08:e7:a0:60:b0:e4:5d:c1:
         9a:8e:ff:cf:95:0c:b7:b8:00:01:2b:57:23:f9:d2:74:b4:a7:
         2c:ce:0a:99:e3:fd:9a:48:e3:ca:4b:23:26:b9:8b:57:da:00:
         1e:86:1d:40:b8:9d:4e:99:62:e7:42:45:5f:c7:54:8a:a8:ff:
         65:93:88:d8:62:46:6d:dc:e0:66:85:b5:be:cc:fb:ba:fe:15:
         a7:3f:c7:01:fa:40:17:08:5a:26:42:d8:96:ef:a4:88:e8:c2:
         46:70:66:f2:35:b9:6e:6b:f8:4e:3d:3d:7c:4a:7c:c7:47:c0:
         9b:aa:5b:e8:62:11:82:b5:a5:04:47:2a:45:dc:ef:ff:5e:65:
         28:67:94:06:2e:b4:a7:c8:14:d8:64:ed:f4:05:49:d2:92:98:
         56:3c:f8:93:14:ef:84:16:93:a5:fc:a7:55:41:47:fb:3f:87:
         46:1d:bf:ad:77:e4:4b:b6:19:f3:d6:3f:74:11:f1:2d:bd:f9:
         a1:2c:81:de:77:80:6a:39:2f:b0:56:3b:c2:d0:d5:be:27:1d:
         28:7c:8c:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvLZM/kmw9FfDB8g6dYtzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwY2Y2OWNjYTJjODZlMTk0NzU0Nzg4ZWRjZDg4ZTM1MmVk
NGUxMWMwHhcNMjQwMTAyMTAzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGNiZjcwZjc3YzA2NjU0Y2FhNGE0MjUyOWEzMzQ2ZWZiY2Y1MWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiNFDgBP5EG/rW2ZLjO1T3eH1WiD
bhNrVpCdSMHkLTjZFXk2J/sSk1NGc7nSCNFVd4wIibltYpIBOijgiBGR1tNi2hbK
hd+zUGcFblQBGIFzU2IpdCnZF7BCUvCHJ5GBknzC8kY+Xo066cbdgS842OIbpZWq
DYEWFTGvmlHFrpxJQsTDKxpJ5T3Kvr+QSxftHcCWUiIANCwdf8WgeNYaNRzj8T6p
tzZ2yH4sJ13dmoQ+X2st83hRKDuplFR0UeXsbMzTY0RqujXi74k4n7hOei/YiFlu
iLsayv5NozIiBm593URbXPb8Blz8vRiQTWyd7DL0iu89Jqjy9v7zP9YiKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3L9w93wGZUyqSkJSmjNG77z1HWMB8GA1UdIwQY
MBaAFEDPacyiyG4ZR1R4jtzYjjUu1OEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU05cHpLTEliaGxIVkhpTzNOaU9OUzdVNFJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iOGI2MDYtYzY1YS00MDlhLWJhOGQt
Y2YxYTVkOGU1ZjZkLzEvamN2M0QzZkFabFRLcEtRbEthTTBidnZQVWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iOGI2MDYtYzY1YS00MDlhLWJhOGQtY2YxYTVkOGU1ZjZk
LzEvUU05cHpLTEliaGxIVkhpTzNOaU9OUzdVNFJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHfJMA0G
CSqGSIb3DQEBCwUAA4IBAQAcoP3KfFz6kullH9fhSh/KA0CZrtXCap4a2CxhCM+Q
Qosc0OQvvS9iuYNhmOEICOegYLDkXcGajv/PlQy3uAABK1cj+dJ0tKcszgqZ4/2a
SOPKSyMmuYtX2gAehh1AuJ1OmWLnQkVfx1SKqP9lk4jYYkZt3OBmhbW+zPu6/hWn
P8cB+kAXCFomQtiW76SI6MJGcGbyNblua/hOPT18SnzHR8CbqlvoYhGCtaUERypF
3O//XmUoZ5QGLrSnyBTYZO30BUnSkphWPPiTFO+EFpOl/KdVQUf7P4dGHb+td+RL
thnz1j90EfEtvfmhLIHed4BqOS+wVjvC0NW+Jx0ofIxq
-----END CERTIFICATE-----