Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/JgN97LvrYvweRzhD3mKHauiqMWM.roa
File:                     JgN97LvrYvweRzhD3mKHauiqMWM.roa (raw, json)
Hash identifier:          7ZsDjaOhZAMFVEbXe/BbZ5P5N9FEhdzEuhae1xslvsw=
Subject key identifier:   26:03:7D:EC:BB:EB:62:FC:1E:47:38:43:DE:62:87:6A:E8:AA:31:63
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018F09B8FACF018845CC7919AA2645694AA6
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/JgN97LvrYvweRzhD3mKHauiqMWM.roa
Signing time:             Tue 23 Apr 2024 06:51:08 +0000
ROA not before:           Tue 23 Apr 2024 06:51:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8342
IP address blocks:        146.185.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:09:b8:fa:cf:01:88:45:cc:79:19:aa:26:45:69:4a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Apr 23 06:51:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26037decbbeb62fc1e473843de62876ae8aa3163
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f8:64:20:e7:5b:6d:3f:68:95:97:d0:49:94:
                    51:7f:cd:5e:40:24:ef:8f:fe:7e:36:ab:ea:25:bb:
                    14:ab:c6:76:c9:2d:59:42:6f:92:47:4f:f3:fc:61:
                    4b:fb:88:29:ce:f8:c1:09:c7:c4:20:7c:bd:85:35:
                    5d:c7:d1:7d:09:52:97:d9:71:d4:b2:08:95:32:c7:
                    0f:70:46:52:17:a7:37:c7:87:10:2a:db:38:3f:bc:
                    f1:3a:6a:48:4e:f8:57:f3:6a:d8:c3:3b:1b:93:52:
                    7d:5d:a1:59:33:6d:55:75:ff:2d:f4:6e:20:6b:bb:
                    b3:f5:6d:4c:a9:cf:3f:7f:95:12:71:3d:1c:df:d5:
                    ad:9f:89:50:8b:b1:2a:e2:4c:5a:c5:1e:db:d8:75:
                    70:fd:8e:b5:8f:d3:cf:dd:51:32:3c:4a:6f:14:c5:
                    16:bb:15:e3:1c:32:37:c9:6a:9a:5b:7f:02:94:b5:
                    88:af:c4:91:bb:3f:d8:56:f0:67:a1:9e:24:b2:83:
                    64:85:25:31:06:b7:c6:d9:b2:a6:43:62:bb:25:50:
                    d9:92:32:a2:2c:4e:a7:5b:66:b8:d2:20:ac:ca:89:
                    c4:37:c6:c9:1f:e6:7a:a8:c1:a9:ab:36:17:f3:5e:
                    80:10:d3:be:7e:3e:0d:eb:4d:a9:07:e6:3d:cf:d3:
                    65:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:03:7D:EC:BB:EB:62:FC:1E:47:38:43:DE:62:87:6A:E8:AA:31:63
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/JgN97LvrYvweRzhD3mKHauiqMWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.185.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b5:b4:ec:c3:47:f6:3e:a0:ce:c1:e1:42:6e:8c:e5:09:5a:
         63:6e:10:52:c1:6e:73:ea:49:af:f0:ee:8c:73:a1:3e:a1:cb:
         85:c7:67:17:fb:95:c6:38:dc:d9:a3:a5:e2:4e:49:89:01:a6:
         21:9a:fd:65:31:a7:d0:c3:19:5d:d1:20:e4:11:c6:70:a8:58:
         8e:a0:12:cb:c3:14:70:c3:f5:5d:3e:59:fa:a6:f5:0c:f8:ef:
         29:f8:cc:18:7e:44:95:83:2f:9d:d3:f6:ff:32:07:86:26:b9:
         62:8f:92:d4:f6:46:73:fa:93:8d:bb:cd:f4:5e:21:17:81:81:
         0f:3b:93:bd:2d:e8:68:32:03:88:64:d9:1b:ab:d9:b8:ce:9c:
         58:2f:18:b3:ce:6d:65:ac:70:2d:91:6c:2a:2e:b6:ab:55:86:
         8c:7f:95:c0:3c:09:6d:0e:47:ba:13:e8:a8:51:50:81:e0:eb:
         86:42:e8:f1:59:e8:b4:54:40:00:1a:72:ce:d9:75:0b:f0:7c:
         0f:6c:1e:48:bd:4e:f2:88:e4:04:f2:d9:83:a5:4a:7e:2a:b9:
         0d:01:d5:77:0f:74:a4:04:5e:2b:89:b3:86:84:2a:67:1c:1c:
         91:13:06:c6:53:e6:54:4e:80:5a:0e:4d:76:6c:01:69:38:4b:
         0f:fc:70:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8JuPrPAYhFzHkZqiZFaUqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwNDIzMDY1MTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjAzN2RlY2JiZWI2MmZjMWU0NzM4NDNkZTYyODc2YWU4YWEzMTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfhkIOdbbT9olZfQSZRRf81eQCTv
j/5+NqvqJbsUq8Z2yS1ZQm+SR0/z/GFL+4gpzvjBCcfEIHy9hTVdx9F9CVKX2XHU
sgiVMscPcEZSF6c3x4cQKts4P7zxOmpITvhX82rYwzsbk1J9XaFZM21Vdf8t9G4g
a7uz9W1Mqc8/f5UScT0c39Wtn4lQi7Eq4kxaxR7b2HVw/Y61j9PP3VEyPEpvFMUW
uxXjHDI3yWqaW38ClLWIr8SRuz/YVvBnoZ4ksoNkhSUxBrfG2bKmQ2K7JVDZkjKi
LE6nW2a40iCsyonEN8bJH+Z6qMGpqzYX816AENO+fj4N602pB+Y9z9Nl+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYDfey762L8Hkc4Q95ih2roqjFjMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSmdOOTdMdnJZdndlUnpoRDNtS0hhdWlxTVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkrnuMA0G
CSqGSIb3DQEBCwUAA4IBAQB3tbTsw0f2PqDOweFCbozlCVpjbhBSwW5z6kmv8O6M
c6E+ocuFx2cX+5XGONzZo6XiTkmJAaYhmv1lMafQwxld0SDkEcZwqFiOoBLLwxRw
w/VdPln6pvUM+O8p+MwYfkSVgy+d0/b/MgeGJrlij5LU9kZz+pONu830XiEXgYEP
O5O9LehoMgOIZNkbq9m4zpxYLxizzm1lrHAtkWwqLrarVYaMf5XAPAltDke6E+io
UVCB4OuGQujxWei0VEAAGnLO2XUL8HwPbB5IvU7yiOQE8tmDpUp+KrkNAdV3D3Sk
BF4ribOGhCpnHByREwbGU+ZUToBaDk12bAFpOEsP/HBk
-----END CERTIFICATE-----