Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/jGoCypdtrUQTHoLeem41J8b40ks.roa
File:                     jGoCypdtrUQTHoLeem41J8b40ks.roa (raw, json)
Hash identifier:          NQHoKbQ7gab0NijnpXb8utgyHwWqPRKfgpBELuFHOfA=
Subject key identifier:   8C:6A:02:CA:97:6D:AD:44:13:1E:82:DE:7A:6E:35:27:C6:F8:D2:4B
Certificate issuer:       /CN=0cbe91eb63a44f1e9f1a83edd218a1ec75c25e91
Certificate serial:       018CC79441529746EA3A8E5D622B3C4B0A36
Authority key identifier: 0C:BE:91:EB:63:A4:4F:1E:9F:1A:83:ED:D2:18:A1:EC:75:C2:5E:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DL6R62OkTx6fGoPt0hih7HXCXpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/jGoCypdtrUQTHoLeem41J8b40ks.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.235.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/DL6R62OkTx6fGoPt0hih7HXCXpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/DL6R62OkTx6fGoPt0hih7HXCXpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DL6R62OkTx6fGoPt0hih7HXCXpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:41:52:97:46:ea:3a:8e:5d:62:2b:3c:4b:0a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cbe91eb63a44f1e9f1a83edd218a1ec75c25e91
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c6a02ca976dad44131e82de7a6e3527c6f8d24b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:45:6f:af:68:61:cc:6a:15:64:4d:26:ef:4c:
                    40:5e:6d:b1:e8:e4:db:ef:4e:c0:e3:18:e9:f8:88:
                    31:74:74:08:a9:fb:84:44:26:58:0e:74:ec:be:72:
                    54:d8:d9:81:6e:1f:d2:d8:51:8a:7e:c5:89:f4:5f:
                    b9:70:90:6e:51:b7:07:73:1e:87:4f:59:db:77:01:
                    3d:d7:fc:ef:b6:4e:5e:89:70:24:ed:22:43:d6:72:
                    80:4f:9b:a3:b0:38:e6:ba:0d:65:43:ab:f4:5e:c2:
                    8e:0e:aa:d0:37:dd:87:05:36:49:fc:ea:59:84:21:
                    43:94:94:f4:e9:f2:29:aa:b6:a7:e2:0b:c4:ed:22:
                    6e:0b:4c:22:c1:1d:a7:12:99:f6:17:8e:0c:1d:e0:
                    e2:40:fc:9c:93:23:b5:0b:2f:0b:49:a0:8b:72:70:
                    98:7e:3c:18:f2:08:03:19:b5:f4:b4:a3:83:08:85:
                    b2:cd:95:3a:b2:2f:f8:73:3e:78:21:1c:bb:65:7f:
                    e5:a8:d0:ea:1b:17:a3:75:b7:51:e0:3a:51:4a:92:
                    3b:d9:22:dd:e6:76:ee:3e:63:80:9a:72:20:61:70:
                    26:e5:7e:94:7f:36:ca:60:eb:a2:dc:9c:8e:43:17:
                    71:2f:b5:7e:cd:84:7d:e2:f6:28:33:18:aa:90:d2:
                    7f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:6A:02:CA:97:6D:AD:44:13:1E:82:DE:7A:6E:35:27:C6:F8:D2:4B
            X509v3 Authority Key Identifier:
                keyid:0C:BE:91:EB:63:A4:4F:1E:9F:1A:83:ED:D2:18:A1:EC:75:C2:5E:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DL6R62OkTx6fGoPt0hih7HXCXpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/jGoCypdtrUQTHoLeem41J8b40ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/DL6R62OkTx6fGoPt0hih7HXCXpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:57:92:e7:05:c3:c2:70:cc:64:f2:32:3d:04:da:82:72:f9:
         05:61:7e:ff:c7:c5:05:88:52:30:5b:cf:53:5c:93:37:74:91:
         db:bf:80:f8:40:4e:8b:cc:71:e9:ca:b4:a0:97:ae:38:bc:d0:
         fc:f6:76:ad:9b:7d:92:fa:fa:64:c1:78:73:5b:ec:17:b5:e5:
         2e:02:30:81:9c:8d:79:97:44:cd:bd:38:34:05:a0:64:f7:6f:
         4e:9b:69:26:21:6f:e3:47:81:69:31:35:bc:0b:25:98:2e:40:
         3d:9e:24:47:a0:dc:fa:e4:85:7b:70:92:03:b8:79:38:e7:cc:
         e6:a8:88:18:92:26:1f:e2:62:73:c7:f1:9c:e7:64:6d:e8:e5:
         0f:63:ed:c6:7c:b1:fc:a4:95:7c:6d:c8:72:08:d8:fe:98:ec:
         11:23:87:5b:ba:83:5b:36:30:06:0e:53:dc:4a:74:0f:c2:d5:
         35:f6:6e:4d:df:ed:b1:19:11:40:3e:e6:47:90:8f:a4:37:fc:
         e2:e4:19:87:83:01:5d:2e:77:29:7c:8d:0c:21:e4:cd:d7:d8:
         e1:68:80:b0:56:13:40:fa:89:5d:f3:ff:ef:fe:e6:c6:ae:61:
         fb:4b:bf:46:b9:fd:dd:80:ff:df:40:16:4f:77:66:99:39:f9:
         42:5f:7d:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEFSl0bqOo5dYis8Swo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYmU5MWViNjNhNDRmMWU5ZjFhODNlZGQyMThhMWVjNzVj
MjVlOTEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzZhMDJjYTk3NmRhZDQ0MTMxZTgyZGU3YTZlMzUyN2M2ZjhkMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUVvr2hhzGoVZE0m70xAXm2x6OTb
707A4xjp+IgxdHQIqfuERCZYDnTsvnJU2NmBbh/S2FGKfsWJ9F+5cJBuUbcHcx6H
T1nbdwE91/zvtk5eiXAk7SJD1nKAT5ujsDjmug1lQ6v0XsKODqrQN92HBTZJ/OpZ
hCFDlJT06fIpqran4gvE7SJuC0wiwR2nEpn2F44MHeDiQPyckyO1Cy8LSaCLcnCY
fjwY8ggDGbX0tKODCIWyzZU6si/4cz54IRy7ZX/lqNDqGxejdbdR4DpRSpI72SLd
5nbuPmOAmnIgYXAm5X6UfzbKYOui3JyOQxdxL7V+zYR94vYoMxiqkNJ/jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxqAsqXba1EEx6C3npuNSfG+NJLMB8GA1UdIwQY
MBaAFAy+ketjpE8enxqD7dIYoex1wl6RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREw2UjYyT2tUeDZmR29QdDBoaWg3SFhDWHBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83ZTUxYjQtMGFiNC00NzE5LWIzMzAt
YmRjNWFlOGFiZGIxLzEvakdvQ3lwZHRyVVFUSG9MZWVtNDFKOGI0MGtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83ZTUxYjQtMGFiNC00NzE5LWIzMzAtYmRjNWFlOGFiZGIx
LzEvREw2UjYyT2tUeDZmR29QdDBoaWg3SFhDWHBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuevHMA0G
CSqGSIb3DQEBCwUAA4IBAQAOV5LnBcPCcMxk8jI9BNqCcvkFYX7/x8UFiFIwW89T
XJM3dJHbv4D4QE6LzHHpyrSgl644vND89natm32S+vpkwXhzW+wXteUuAjCBnI15
l0TNvTg0BaBk929Om2kmIW/jR4FpMTW8CyWYLkA9niRHoNz65IV7cJIDuHk458zm
qIgYkiYf4mJzx/Gc52Rt6OUPY+3GfLH8pJV8bchyCNj+mOwRI4dbuoNbNjAGDlPc
SnQPwtU19m5N3+2xGRFAPuZHkI+kN/zi5BmHgwFdLncpfI0MIeTN19jhaICwVhNA
+old8//v/ubGrmH7S79Guf3dgP/fQBZPd2aZOflCX33K
-----END CERTIFICATE-----