Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/jyZ0ryyLJPedroVwLz0ivwHFik0.roa
File:                     jyZ0ryyLJPedroVwLz0ivwHFik0.roa (raw, json)
Hash identifier:          23kei/IR0ft2Gk9v2S/vTRWu2Ul6KqjILvc43VboPS4=
Subject key identifier:   8F:26:74:AF:2C:8B:24:F7:9D:AE:85:70:2F:3D:22:BF:01:C5:8A:4D
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       018CC2DB06237851646BD06DE1A172545656
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/jyZ0ryyLJPedroVwLz0ivwHFik0.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15585
IP address blocks:        86.118.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:06:23:78:51:64:6b:d0:6d:e1:a1:72:54:56:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f2674af2c8b24f79dae85702f3d22bf01c58a4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:84:59:1b:4e:57:94:b3:6e:56:57:9b:52:2e:
                    9f:e7:33:b1:82:26:bc:b9:39:95:4b:8e:15:ed:c2:
                    67:28:56:8b:1b:76:35:8a:a3:14:01:89:58:d9:97:
                    10:bf:68:fd:69:dd:2d:54:da:c6:12:44:51:9b:fd:
                    27:b8:18:b5:85:d7:a9:3b:c5:37:48:48:63:bd:fd:
                    42:5b:10:b3:c6:9a:8b:f7:5a:f4:15:b9:98:3f:27:
                    dc:44:22:f1:38:88:f9:b5:a3:7f:9d:75:e3:1b:88:
                    6b:3a:d6:cd:8b:90:71:30:dd:3d:37:26:13:30:5a:
                    61:a8:9c:53:50:75:28:4d:a8:dc:6c:48:71:91:66:
                    25:1d:0c:9d:fd:8e:a6:2c:e5:5b:04:39:b0:42:15:
                    f4:7c:5a:30:ef:1b:76:4d:5b:cf:0d:86:32:61:43:
                    9b:9e:0e:87:f5:99:d8:47:b9:67:ba:be:c6:e7:af:
                    23:49:3d:e7:16:47:4e:f8:9b:7f:ac:fb:f1:63:73:
                    fb:a3:f0:a0:58:01:2f:70:b1:e2:92:6e:90:9a:46:
                    dc:d5:3e:0d:9f:04:f6:fd:6b:7d:78:5e:08:81:d2:
                    32:07:bd:eb:27:28:42:dd:51:b4:84:5d:57:c4:2f:
                    97:47:fd:2d:ae:78:85:be:6c:5d:ab:98:b8:19:d6:
                    61:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:26:74:AF:2C:8B:24:F7:9D:AE:85:70:2F:3D:22:BF:01:C5:8A:4D
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/jyZ0ryyLJPedroVwLz0ivwHFik0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.118.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         31:09:f5:6c:eb:80:41:68:8c:6e:49:e4:be:7c:ee:1e:0b:4f:
         92:17:a3:34:b1:09:b4:14:3c:59:13:7e:ba:78:e3:a6:d9:3f:
         fc:d0:c1:49:cc:86:c6:ae:31:33:54:4f:28:96:a5:bb:e6:17:
         05:d8:58:ab:51:4c:4d:f2:1a:9a:1f:f4:dd:a1:d8:d5:2e:5a:
         8e:17:d4:7f:7d:60:e5:35:88:35:8c:0d:13:d6:41:7b:d2:df:
         6e:d3:1a:ed:66:e9:f7:e1:de:86:10:fb:e5:47:29:bd:b8:d6:
         c1:a6:24:24:7b:7a:22:fc:da:54:55:be:16:fb:13:25:b8:68:
         e9:bc:72:c4:b6:77:8e:24:e2:da:91:b2:36:f9:18:c8:2b:f0:
         fe:74:9d:32:55:23:65:8f:10:0f:cf:01:7d:a5:da:52:21:57:
         f1:e9:1c:3a:8e:4f:0a:47:aa:dc:55:b3:c0:07:cc:6c:1b:1d:
         7e:a1:84:32:c4:6e:e8:05:be:7b:f7:0c:21:33:26:c9:ec:17:
         d1:f2:ad:f8:a4:46:7d:f7:0a:2e:7a:4b:97:bd:3e:26:da:71:
         c0:5d:43:7a:7e:e0:b2:53:13:b7:29:df:b5:9c:0a:5c:97:cc:
         75:e5:92:eb:24:94:b0:89:b2:39:b5:b9:6e:bc:6c:b7:03:a7:
         4a:d3:70:99
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzC2wYjeFFka9Bt4aFyVFZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNWRiYzAwNDMzZTI5ZjJhZGViMDM4ZmVhMmZiZDcwNDhm
YjYzMmYwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjI2NzRhZjJjOGIyNGY3OWRhZTg1NzAyZjNkMjJiZjAxYzU4YTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoRZG05XlLNuVlebUi6f5zOxgia8
uTmVS44V7cJnKFaLG3Y1iqMUAYlY2ZcQv2j9ad0tVNrGEkRRm/0nuBi1hdepO8U3
SEhjvf1CWxCzxpqL91r0FbmYPyfcRCLxOIj5taN/nXXjG4hrOtbNi5BxMN09NyYT
MFphqJxTUHUoTajcbEhxkWYlHQyd/Y6mLOVbBDmwQhX0fFow7xt2TVvPDYYyYUOb
ng6H9ZnYR7lnur7G568jST3nFkdO+Jt/rPvxY3P7o/CgWAEvcLHikm6Qmkbc1T4N
nwT2/Wt9eF4IgdIyB73rJyhC3VG0hF1XxC+XR/0trniFvmxdq5i4GdZhsQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFI8mdK8siyT3na6FcC89Ir8BxYpNMB8GA1UdIwQY
MBaAFBFdvABDPinyresDj+ovvXBI+2MvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTkt
MjI5YjRhZTc0MmRlLzEvanlaMHJ5eUxKUGVkcm9Wd0x6MGl2d0hGaWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTktMjI5YjRhZTc0MmRl
LzEvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAVnYwDQYJ
KoZIhvcNAQELBQADggEBADEJ9WzrgEFojG5J5L587h4LT5IXozSxCbQUPFkTfrp4
46bZP/zQwUnMhsauMTNUTyiWpbvmFwXYWKtRTE3yGpof9N2h2NUuWo4X1H99YOU1
iDWMDRPWQXvS327TGu1m6ffh3oYQ++VHKb241sGmJCR7eiL82lRVvhb7EyW4aOm8
csS2d44k4tqRsjb5GMgr8P50nTJVI2WPEA/PAX2l2lIhV/HpHDqOTwpHqtxVs8AH
zGwbHX6hhDLEbugFvnv3DCEzJsnsF9HyrfikRn33Ci56S5e9PibaccBdQ3p+4LJT
E7cp37WcClyXzHXlkusklLCJsjm1uW68bLcDp0rTcJk=
-----END CERTIFICATE-----