Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/jqEXGloRnzS8LXM8SyJRkGuz1G4.roa
File:                     jqEXGloRnzS8LXM8SyJRkGuz1G4.roa (raw, json)
Hash identifier:          6L8N4ulkE143IpqeBdNH1nhLpoQgZ/yKXv1V/UqEg4A=
Subject key identifier:   8E:A1:17:1A:5A:11:9F:34:BC:2D:73:3C:4B:22:51:90:6B:B3:D4:6E
Certificate issuer:       /CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
Certificate serial:       018CC4246C584D7CF3C52CAF127A5B35AA08
Authority key identifier: 03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/jqEXGloRnzS8LXM8SyJRkGuz1G4.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60514
IP address blocks:        185.57.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 04:04:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6c:58:4d:7c:f3:c5:2c:af:12:7a:5b:35:aa:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ea1171a5a119f34bc2d733c4b2251906bb3d46e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fb:55:20:be:8d:f3:4c:09:29:0e:c7:7c:a4:
                    bc:5e:53:cc:8d:7c:83:3a:a6:68:62:1a:69:fb:89:
                    3f:43:85:57:9b:b3:c6:3a:20:86:a0:e5:ff:04:70:
                    87:9c:5c:8f:67:08:33:a0:31:29:e1:ab:d0:3f:5d:
                    b9:e4:39:c1:99:28:f3:e8:4a:6d:ac:c8:16:69:7d:
                    c6:be:5e:0f:fd:84:3d:84:2e:0a:d5:0d:00:65:e6:
                    96:ec:7c:f4:fd:37:30:fd:e4:68:d7:64:f3:13:41:
                    bf:4f:68:9b:95:e9:47:66:a7:e0:21:fb:35:12:f4:
                    54:bb:bc:67:e6:c4:1d:98:cd:81:0d:5f:83:e8:10:
                    d5:38:15:44:2c:bc:9b:d9:e5:c3:2e:85:e8:8d:be:
                    74:02:4c:bd:c5:d1:b1:9a:b7:1b:99:58:02:b3:51:
                    66:38:e1:e3:87:1e:ea:af:90:a2:34:ff:11:8d:04:
                    07:ec:85:bd:d1:ad:59:74:a7:39:23:0c:1c:b0:59:
                    ac:6e:e3:5f:f4:a1:57:cc:bb:07:0b:7c:22:cf:15:
                    67:a6:31:44:cd:f9:a4:a7:e4:65:aa:8a:2f:e8:f0:
                    39:a5:62:c6:92:19:80:fc:91:ab:c1:73:f5:41:1f:
                    1b:39:a5:8e:bb:2a:10:be:a1:fb:1a:2a:99:c7:70:
                    90:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A1:17:1A:5A:11:9F:34:BC:2D:73:3C:4B:22:51:90:6B:B3:D4:6E
            X509v3 Authority Key Identifier:
                keyid:03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/jqEXGloRnzS8LXM8SyJRkGuz1G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:f2:de:9c:4b:f7:f9:0e:9b:3e:fe:b4:b8:0d:64:b5:26:db:
         e8:d6:40:9b:7f:3b:d8:ad:f5:c6:4b:cb:03:d4:b4:83:5f:a1:
         5d:1e:63:ef:37:8f:55:d0:63:e7:00:d5:86:17:dd:e2:9f:2f:
         4e:58:63:6b:da:03:45:d5:e9:4e:ff:8c:8a:b9:8f:3d:26:57:
         87:fa:ce:cb:23:be:90:bd:fb:66:c1:6a:e4:40:4d:0d:f9:a6:
         4c:52:67:2c:0a:4d:2a:07:2e:31:aa:3a:e9:34:1f:ed:77:a8:
         71:b3:cd:63:0e:8f:72:d9:ea:01:63:25:c5:17:f3:95:92:d8:
         c5:90:7d:7a:d2:fa:bb:1f:74:0a:93:60:87:24:38:f0:93:38:
         c5:73:3c:79:fd:44:e6:9a:c1:9e:d4:d4:b3:79:2c:72:85:df:
         db:56:39:1e:b5:71:c3:eb:1d:d7:bf:2a:5f:61:2f:bd:09:32:
         27:32:1e:b5:f3:e5:e5:90:86:6a:b4:38:78:3a:b6:17:35:51:
         8a:67:83:95:67:ef:31:3f:4e:15:ca:76:72:b8:3e:65:76:54:
         06:2f:a0:51:f6:5b:83:fa:de:f9:36:3f:78:d7:a2:39:e2:88:
         cd:74:e2:67:73:3f:94:05:a1:db:9d:f3:05:a8:d4:e1:8f:88:
         74:3c:6d:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGxYTXzzxSyvEnpbNaoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNGIwZWVkMmM1YTc4N2FkODdmYjQ5ZjA0ZDNmZGYzZDBm
NDlkNGMwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWExMTcxYTVhMTE5ZjM0YmMyZDczM2M0YjIyNTE5MDZiYjNkNDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuftVIL6N80wJKQ7HfKS8XlPMjXyD
OqZoYhpp+4k/Q4VXm7PGOiCGoOX/BHCHnFyPZwgzoDEp4avQP1255DnBmSjz6Ept
rMgWaX3Gvl4P/YQ9hC4K1Q0AZeaW7Hz0/Tcw/eRo12TzE0G/T2iblelHZqfgIfs1
EvRUu7xn5sQdmM2BDV+D6BDVOBVELLyb2eXDLoXojb50Aky9xdGxmrcbmVgCs1Fm
OOHjhx7qr5CiNP8RjQQH7IW90a1ZdKc5IwwcsFmsbuNf9KFXzLsHC3wizxVnpjFE
zfmkp+Rlqoov6PA5pWLGkhmA/JGrwXP1QR8bOaWOuyoQvqH7GiqZx3CQzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6hFxpaEZ80vC1zPEsiUZBrs9RuMB8GA1UdIwQY
MBaAFANLDu0sWnh62H+0nwTT/fPQ9J1MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEt
ZTA4NTI3NWFhMzY0LzEvanFFWEdsb1JuelM4TFhNOFN5SlJrR3V6MUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEtZTA4NTI3NWFhMzY0
LzEvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTkvMA0G
CSqGSIb3DQEBCwUAA4IBAQC/8t6cS/f5Dps+/rS4DWS1Jtvo1kCbfzvYrfXGS8sD
1LSDX6FdHmPvN49V0GPnANWGF93iny9OWGNr2gNF1elO/4yKuY89JleH+s7LI76Q
vftmwWrkQE0N+aZMUmcsCk0qBy4xqjrpNB/td6hxs81jDo9y2eoBYyXFF/OVktjF
kH160vq7H3QKk2CHJDjwkzjFczx5/UTmmsGe1NSzeSxyhd/bVjketXHD6x3Xvypf
YS+9CTInMh618+XlkIZqtDh4OrYXNVGKZ4OVZ+8xP04VynZyuD5ldlQGL6BR9luD
+t75Nj9416I54ojNdOJncz+UBaHbnfMFqNThj4h0PG2V
-----END CERTIFICATE-----