Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/jGC61NVCsG7LGDtP5l11IdLfRa8.roa
File:                     jGC61NVCsG7LGDtP5l11IdLfRa8.roa (raw, json)
Hash identifier:          EebVUUOT1KtDaoDbQbQgRpSOt/3/nHwi1m3EQZ4FFY0=
Subject key identifier:   8C:60:BA:D4:D5:42:B0:6E:CB:18:3B:4F:E6:5D:75:21:D2:DF:45:AF
Certificate issuer:       /CN=76a372b754e49208d646aa7859e348b475e526d2
Certificate serial:       0192A92B8E54C98D5B87F9D66B2924288667
Authority key identifier: 76:A3:72:B7:54:E4:92:08:D6:46:AA:78:59:E3:48:B4:75:E5:26:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqNyt1TkkgjWRqp4WeNItHXlJtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/jGC61NVCsG7LGDtP5l11IdLfRa8.roa
Signing time:             Sun 20 Oct 2024 09:04:16 +0000
ROA not before:           Sun 20 Oct 2024 09:04:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31549
IP address blocks:        185.211.84.0/24 maxlen: 24
                          185.211.85.0/24 maxlen: 24
                          185.211.86.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/dqNyt1TkkgjWRqp4WeNItHXlJtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/dqNyt1TkkgjWRqp4WeNItHXlJtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqNyt1TkkgjWRqp4WeNItHXlJtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a9:2b:8e:54:c9:8d:5b:87:f9:d6:6b:29:24:28:86:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a372b754e49208d646aa7859e348b475e526d2
        Validity
            Not Before: Oct 20 09:04:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c60bad4d542b06ecb183b4fe65d7521d2df45af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:16:bb:86:1d:8e:8a:10:94:8d:be:48:eb:d9:
                    e0:de:bb:19:40:9d:a0:a0:94:1b:5d:f8:bc:a8:73:
                    af:b3:d8:3e:c3:4d:a2:03:7e:4f:cd:db:f8:b4:e0:
                    34:ec:f2:15:db:71:c6:dd:1f:76:b1:43:2a:d4:bc:
                    3b:8c:01:2c:40:77:15:f3:06:71:10:31:44:49:3d:
                    66:04:c3:ee:00:20:34:d9:90:13:cc:ee:27:ea:dc:
                    cd:11:1d:c2:e3:f0:ac:2a:50:7f:a6:b0:b1:45:94:
                    91:bb:14:cd:65:c1:5a:d2:d5:f0:05:31:40:7f:3d:
                    13:a8:21:7d:45:ed:02:b5:ee:5e:ae:f9:3a:d4:b2:
                    17:a1:03:1b:51:df:69:b6:65:97:78:39:3b:30:a0:
                    aa:04:56:c2:88:62:17:aa:0c:88:3a:b9:20:a7:c6:
                    5a:ec:34:fb:0f:2b:c4:77:ec:ac:6a:ce:99:ee:78:
                    29:fb:2b:3c:5f:5e:82:b3:8f:01:1f:ca:b0:35:2e:
                    ac:9e:8b:ee:18:50:82:aa:b0:57:d4:da:ad:82:68:
                    38:73:11:35:9f:fd:7c:e3:29:0b:fb:6d:41:16:6b:
                    c9:cb:28:ee:2e:3c:f1:7a:88:0a:cf:5b:72:d2:f9:
                    27:d8:ca:94:7d:01:c4:c8:76:83:64:a8:21:2d:bf:
                    77:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:60:BA:D4:D5:42:B0:6E:CB:18:3B:4F:E6:5D:75:21:D2:DF:45:AF
            X509v3 Authority Key Identifier:
                keyid:76:A3:72:B7:54:E4:92:08:D6:46:AA:78:59:E3:48:B4:75:E5:26:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqNyt1TkkgjWRqp4WeNItHXlJtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/jGC61NVCsG7LGDtP5l11IdLfRa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/dqNyt1TkkgjWRqp4WeNItHXlJtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:75:1a:2a:7f:cd:68:dd:5f:d2:e7:8c:5b:17:8e:31:02:08:
         c5:e4:e5:64:56:9a:57:e8:3c:c8:6b:54:4b:fb:d8:42:50:62:
         37:d8:fb:66:8a:80:4b:d4:5d:e0:85:a7:1e:26:e8:d2:a8:75:
         c0:6c:76:c3:60:39:11:2e:dd:95:0f:31:64:f2:86:95:fe:4d:
         a4:62:e6:32:c6:49:33:1c:82:cc:39:65:c8:21:54:c9:a7:63:
         74:2a:c1:60:22:0b:a1:c1:d9:96:e3:8f:35:2f:3b:1f:34:a9:
         b8:99:bc:3f:07:4e:bd:da:61:e5:05:1b:6d:5a:9c:4c:a9:fa:
         7d:22:94:90:4b:6e:e6:8e:4a:db:98:8e:e6:b7:50:53:66:be:
         d3:6b:6b:bc:13:89:d2:03:83:cb:30:f8:b9:6e:a3:e3:d0:de:
         16:00:3e:97:58:87:4f:a9:17:c6:43:d2:af:57:d0:87:93:1c:
         a5:5d:d6:39:d3:a3:bb:4b:fb:ec:ae:39:7f:ae:dc:a8:10:f1:
         e1:6e:09:69:e2:f1:04:87:87:1b:57:45:24:cb:01:3c:b0:60:
         2b:01:84:56:15:55:29:c2:bb:7d:65:f1:88:08:77:5f:8c:11:
         21:20:2b:3a:4d:fa:b9:87:48:58:2f:ac:77:f1:22:31:8d:82:
         4d:a0:16:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKpK45UyY1bh/nWaykkKIZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTM3MmI3NTRlNDkyMDhkNjQ2YWE3ODU5ZTM0OGI0NzVl
NTI2ZDIwHhcNMjQxMDIwMDkwNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzYwYmFkNGQ1NDJiMDZlY2IxODNiNGZlNjVkNzUyMWQyZGY0NWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRa7hh2OihCUjb5I69ng3rsZQJ2g
oJQbXfi8qHOvs9g+w02iA35Pzdv4tOA07PIV23HG3R92sUMq1Lw7jAEsQHcV8wZx
EDFEST1mBMPuACA02ZATzO4n6tzNER3C4/CsKlB/prCxRZSRuxTNZcFa0tXwBTFA
fz0TqCF9Re0Cte5ervk61LIXoQMbUd9ptmWXeDk7MKCqBFbCiGIXqgyIOrkgp8Za
7DT7DyvEd+ysas6Z7ngp+ys8X16Cs48BH8qwNS6snovuGFCCqrBX1Nqtgmg4cxE1
n/184ykL+21BFmvJyyjuLjzxeogKz1ty0vkn2MqUfQHEyHaDZKghLb93TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxgutTVQrBuyxg7T+ZddSHS30WvMB8GA1UdIwQY
MBaAFHajcrdU5JII1kaqeFnjSLR15SbSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFOeXQxVGtrZ2pXUnFwNFdlTkl0SFhsSnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yMzVmZWMtYWZjOS00ZDJmLThiNTkt
YTk5ZWE5MWNiNWI5LzEvakdDNjFOVkNzRzdMR0R0UDVsMTFJZExmUmE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yMzVmZWMtYWZjOS00ZDJmLThiNTktYTk5ZWE5MWNiNWI5
LzEvZHFOeXQxVGtrZ2pXUnFwNFdlTkl0SFhsSnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudNUMA0G
CSqGSIb3DQEBCwUAA4IBAQB4dRoqf81o3V/S54xbF44xAgjF5OVkVppX6DzIa1RL
+9hCUGI32PtmioBL1F3ghaceJujSqHXAbHbDYDkRLt2VDzFk8oaV/k2kYuYyxkkz
HILMOWXIIVTJp2N0KsFgIguhwdmW4481LzsfNKm4mbw/B0692mHlBRttWpxMqfp9
IpSQS27mjkrbmI7mt1BTZr7Ta2u8E4nSA4PLMPi5bqPj0N4WAD6XWIdPqRfGQ9Kv
V9CHkxylXdY506O7S/vsrjl/rtyoEPHhbglp4vEEh4cbV0UkywE8sGArAYRWFVUp
wrt9ZfGICHdfjBEhICs6Tfq5h0hYL6x38SIxjYJNoBYB
-----END CERTIFICATE-----