Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/_J8NI_OE8v9DqIGpMlEZoB1kWTA.roa
File:                     _J8NI_OE8v9DqIGpMlEZoB1kWTA.roa (raw, json)
Hash identifier:          5V4v90MaJrDKrn/JqpuQeqj54IG44hjXLDmjZzo3TmY=
Subject key identifier:   FC:9F:0D:23:F3:84:F2:FF:43:A8:81:A9:32:51:19:A0:1D:64:59:30
Certificate issuer:       /CN=64e7553292af595426ee1d7dc919a2104894752b
Certificate serial:       018CC3B6CEC90D74586F1F401AC3E7C54C3E
Authority key identifier: 64:E7:55:32:92:AF:59:54:26:EE:1D:7D:C9:19:A2:10:48:94:75:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZOdVMpKvWVQm7h19yRmiEEiUdSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/_J8NI_OE8v9DqIGpMlEZoB1kWTA.roa
Signing time:             Mon 01 Jan 2024 06:29:46 +0000
ROA not before:           Mon 01 Jan 2024 06:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25003
IP address blocks:        185.223.0.0/22 maxlen: 24
                          141.226.250.0/23 maxlen: 24
                          2a0d:2800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/ZOdVMpKvWVQm7h19yRmiEEiUdSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/ZOdVMpKvWVQm7h19yRmiEEiUdSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZOdVMpKvWVQm7h19yRmiEEiUdSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ce:c9:0d:74:58:6f:1f:40:1a:c3:e7:c5:4c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64e7553292af595426ee1d7dc919a2104894752b
        Validity
            Not Before: Jan  1 06:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc9f0d23f384f2ff43a881a9325119a01d645930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:20:98:d9:ad:4d:58:35:b3:64:19:fd:33:9c:
                    f2:0b:61:d9:2e:1c:88:98:9c:ac:25:f1:ed:f6:a3:
                    d3:e7:14:38:7b:6d:1f:1e:26:d5:72:4f:cd:30:95:
                    0a:05:dc:36:8f:cf:2a:8d:fa:74:25:35:74:82:4f:
                    40:c3:96:13:91:a4:b8:0b:21:2e:7a:5c:68:cf:54:
                    8f:0d:52:5f:c2:f8:6e:ee:30:2d:f5:de:9c:bb:f7:
                    38:83:9d:3d:f4:42:44:aa:89:a9:3d:d2:d8:e8:2c:
                    5a:74:0e:91:91:8b:ed:ca:29:6f:86:b7:d3:ef:79:
                    a9:72:e5:d0:05:c5:ea:14:83:d2:67:6a:1e:84:0c:
                    c7:29:49:a3:1f:7d:33:2b:e2:17:b4:e0:18:09:e0:
                    0b:d7:8f:26:9b:68:c3:e5:64:e3:df:80:75:ad:e8:
                    5b:f9:05:ca:81:3c:ae:43:ef:70:14:26:39:48:af:
                    8c:47:bf:ce:55:b3:3d:69:31:cc:20:02:f6:ec:b2:
                    38:13:74:31:cf:91:8a:c5:05:f0:e1:5e:92:5d:33:
                    e8:8f:29:6d:52:62:4f:e0:20:bf:6c:a0:a6:c2:e0:
                    ad:dc:97:b5:d9:10:e6:32:b7:b0:eb:22:2f:6c:97:
                    55:8c:9e:32:33:66:8f:20:e1:96:fc:10:5b:84:6e:
                    29:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:9F:0D:23:F3:84:F2:FF:43:A8:81:A9:32:51:19:A0:1D:64:59:30
            X509v3 Authority Key Identifier:
                keyid:64:E7:55:32:92:AF:59:54:26:EE:1D:7D:C9:19:A2:10:48:94:75:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZOdVMpKvWVQm7h19yRmiEEiUdSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/_J8NI_OE8v9DqIGpMlEZoB1kWTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/ZOdVMpKvWVQm7h19yRmiEEiUdSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.250.0/23
                  185.223.0.0/22
                IPv6:
                  2a0d:2800::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:6d:75:6f:2c:da:2f:8c:83:d2:28:01:fa:9a:1c:ad:93:af:
         e1:30:d9:37:3c:c4:e3:cc:64:8d:8d:a8:e6:89:d9:c8:c0:32:
         a4:c7:58:9f:6f:88:b9:d2:c1:3b:82:52:4d:95:54:23:be:7b:
         be:7b:7f:7a:0e:df:b9:01:11:8b:14:79:6f:85:e5:bf:80:40:
         2a:c2:7e:98:8c:a3:76:fd:b9:af:0c:d5:02:5c:fc:59:d6:dc:
         61:52:2d:9c:06:c7:55:a8:9b:ce:2c:f3:51:91:16:e0:b1:de:
         a4:1a:45:29:ec:9e:fb:5c:46:cb:fc:6b:eb:8c:69:33:d6:8d:
         40:f0:5f:ec:0b:d5:d4:f8:be:ff:10:27:95:f7:8a:3d:02:77:
         ba:ac:de:8c:c4:dc:f8:ba:27:62:6c:00:ba:4e:8a:ec:0f:28:
         74:65:6b:ff:f6:c5:98:0f:db:5a:77:5b:0e:3b:30:8c:21:98:
         f3:89:5d:1f:ce:21:f2:bb:32:5b:9f:68:9f:77:c1:c7:34:17:
         3c:80:73:6e:c4:06:06:86:b7:48:ff:a0:91:0e:2a:f5:9f:53:
         ac:98:07:00:a2:5e:53:26:82:dc:9b:87:ae:60:47:d1:eb:39:
         f7:f4:d4:97:15:70:d4:6a:27:f8:64:35:4f:1f:db:4a:03:6e:
         ba:c6:31:c6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDts7JDXRYbx9AGsPnxUw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZTc1NTMyOTJhZjU5NTQyNmVlMWQ3ZGM5MTlhMjEwNDg5
NDc1MmIwHhcNMjQwMTAxMDYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzlmMGQyM2YzODRmMmZmNDNhODgxYTkzMjUxMTlhMDFkNjQ1OTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiCY2a1NWDWzZBn9M5zyC2HZLhyI
mJysJfHt9qPT5xQ4e20fHibVck/NMJUKBdw2j88qjfp0JTV0gk9Aw5YTkaS4CyEu
elxoz1SPDVJfwvhu7jAt9d6cu/c4g5099EJEqompPdLY6CxadA6RkYvtyilvhrfT
73mpcuXQBcXqFIPSZ2oehAzHKUmjH30zK+IXtOAYCeAL148mm2jD5WTj34B1rehb
+QXKgTyuQ+9wFCY5SK+MR7/OVbM9aTHMIAL27LI4E3Qxz5GKxQXw4V6SXTPojylt
UmJP4CC/bKCmwuCt3Je12RDmMrew6yIvbJdVjJ4yM2aPIOGW/BBbhG4pswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPyfDSPzhPL/Q6iBqTJRGaAdZFkwMB8GA1UdIwQY
MBaAFGTnVTKSr1lUJu4dfckZohBIlHUrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk9kVk1wS3ZXVlFtN2gxOXlSbWlFRWlVZFNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lNjZhNTctNjVlZi00NjQ0LThmNTAt
YzE0ZmFmNDNiZTE0LzEvX0o4TklfT0U4djlEcUlHcE1sRVpvQjFrV1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lNjZhNTctNjVlZi00NjQ0LThmNTAtYzE0ZmFmNDNiZTE0
LzEvWk9kVk1wS3ZXVlFtN2gxOXlSbWlFRWlVZFNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBjeL6AwQC
ud8AMA0EAgACMAcDBQMqDSgAMA0GCSqGSIb3DQEBCwUAA4IBAQBYbXVvLNovjIPS
KAH6mhytk6/hMNk3PMTjzGSNjajmidnIwDKkx1ifb4i50sE7glJNlVQjvnu+e396
Dt+5ARGLFHlvheW/gEAqwn6YjKN2/bmvDNUCXPxZ1txhUi2cBsdVqJvOLPNRkRbg
sd6kGkUp7J77XEbL/GvrjGkz1o1A8F/sC9XU+L7/ECeV94o9Ane6rN6MxNz4uidi
bAC6TorsDyh0ZWv/9sWYD9tad1sOOzCMIZjziV0fziHyuzJbn2ifd8HHNBc8gHNu
xAYGhrdI/6CRDir1n1OsmAcAol5TJoLcm4euYEfR6zn39NSXFXDUaif4ZDVPH9tK
A266xjHG
-----END CERTIFICATE-----