Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/900f41-a2df-4d33-a96d-20f2dcfc853f/1/Jclb9IqPYP9q9iR1RRxqGP9EA8k.roa
File:                     Jclb9IqPYP9q9iR1RRxqGP9EA8k.roa (raw, json)
Hash identifier:          1FsoQmZjMpo1ItTO6H2OoLtjrzUxXJnJvyFBkRBH43k=
Subject key identifier:   25:C9:5B:F4:8A:8F:60:FF:6A:F6:24:75:45:1C:6A:18:FF:44:03:C9
Certificate issuer:       /CN=e40fe224116a9f19d33727fdeb7acf82341ba603
Certificate serial:       018CC94E6CF8ADA16072872F76867D7E653F
Authority key identifier: E4:0F:E2:24:11:6A:9F:19:D3:37:27:FD:EB:7A:CF:82:34:1B:A6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5A_iJBFqnxnTNyf963rPgjQbpgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/900f41-a2df-4d33-a96d-20f2dcfc853f/1/Jclb9IqPYP9q9iR1RRxqGP9EA8k.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206764
IP address blocks:        195.85.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/900f41-a2df-4d33-a96d-20f2dcfc853f/1/5A_iJBFqnxnTNyf963rPgjQbpgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/900f41-a2df-4d33-a96d-20f2dcfc853f/1/5A_iJBFqnxnTNyf963rPgjQbpgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5A_iJBFqnxnTNyf963rPgjQbpgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6c:f8:ad:a1:60:72:87:2f:76:86:7d:7e:65:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e40fe224116a9f19d33727fdeb7acf82341ba603
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25c95bf48a8f60ff6af62475451c6a18ff4403c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:64:9e:d5:be:48:61:05:a6:ec:99:5b:7a:f1:
                    65:d6:a2:a2:72:7e:17:cc:6b:f6:48:3d:be:df:83:
                    08:fd:50:96:02:c0:96:49:f4:ab:51:1c:c3:e0:2b:
                    76:b2:71:00:3c:bd:00:82:5e:36:2f:51:f8:75:e5:
                    65:8d:68:41:9b:14:5d:e2:0f:12:09:07:10:02:f7:
                    36:24:68:63:42:5f:68:f6:0b:1e:52:39:1b:0c:86:
                    1d:6a:aa:c0:f2:9d:1e:ef:b6:e0:d3:6d:40:12:1f:
                    1f:37:03:58:bb:a7:dc:3c:83:8d:c0:67:1e:8c:fc:
                    98:13:5e:3c:da:99:b0:23:01:eb:bf:79:50:a1:d2:
                    c0:08:36:ce:e1:89:16:c0:a3:e7:ec:be:a8:ca:e0:
                    a7:b5:41:2e:40:89:c3:30:ad:55:7d:e1:73:f9:5d:
                    10:fa:f0:63:ed:09:bd:c9:8c:8c:4a:2c:17:9f:44:
                    46:08:fc:5f:f1:12:6c:65:b9:e2:6c:3c:8c:b9:20:
                    5d:18:a9:31:c8:84:aa:44:ae:c1:30:18:13:74:bf:
                    98:04:2f:83:99:5a:b9:1c:e3:e2:7a:9c:5a:65:4b:
                    e9:b6:6a:4d:74:b8:bf:e3:8e:5d:cc:f7:0c:72:c4:
                    ff:87:8e:74:61:86:e2:19:6a:9a:0b:42:fd:52:07:
                    de:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:C9:5B:F4:8A:8F:60:FF:6A:F6:24:75:45:1C:6A:18:FF:44:03:C9
            X509v3 Authority Key Identifier:
                keyid:E4:0F:E2:24:11:6A:9F:19:D3:37:27:FD:EB:7A:CF:82:34:1B:A6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5A_iJBFqnxnTNyf963rPgjQbpgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/900f41-a2df-4d33-a96d-20f2dcfc853f/1/Jclb9IqPYP9q9iR1RRxqGP9EA8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/900f41-a2df-4d33-a96d-20f2dcfc853f/1/5A_iJBFqnxnTNyf963rPgjQbpgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:2f:42:66:6f:91:7f:d8:53:7b:fd:89:85:2d:bd:7c:51:ac:
         cd:51:a5:86:81:61:90:27:f9:43:19:f5:56:02:bd:2e:d7:65:
         45:8c:04:a3:34:a1:57:26:32:96:7c:cc:fd:82:80:bc:da:cf:
         4b:9c:9f:88:c7:4e:e5:b3:a9:4b:17:c8:fe:63:5e:3e:58:bd:
         0c:3d:2a:e6:69:79:02:c5:c2:08:31:4e:02:13:2b:ae:b0:57:
         84:76:5a:e3:18:85:d4:1b:97:54:ba:86:ba:25:b5:f4:9b:e7:
         76:a7:cb:d6:5d:66:d1:13:72:4c:de:e1:6d:51:3b:06:85:7b:
         d6:f5:e4:e1:c5:79:72:16:d2:1c:c4:27:58:33:1d:f7:43:b3:
         45:b5:07:1d:d1:36:fd:70:bc:6a:96:7d:9a:e3:d3:54:1c:17:
         d5:83:ed:e1:68:65:c7:36:71:01:3f:1d:a0:26:2c:2c:1d:1b:
         39:2f:de:5b:ae:1b:fa:48:20:6f:08:e6:da:08:c8:2b:de:17:
         9a:e1:97:02:8f:76:ae:09:32:86:4d:34:78:a6:9e:42:ad:2d:
         85:ba:b9:fd:3a:66:64:e7:f3:50:b0:5f:18:e6:0c:9f:66:0f:
         9e:7b:18:0c:aa:34:3a:6c:21:ee:8c:dd:26:4e:22:90:54:2c:
         f1:4a:af:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmz4raFgcocvdoZ9fmU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MGZlMjI0MTE2YTlmMTlkMzM3MjdmZGViN2FjZjgyMzQx
YmE2MDMwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWM5NWJmNDhhOGY2MGZmNmFmNjI0NzU0NTFjNmExOGZmNDQwM2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGSe1b5IYQWm7JlbevFl1qKicn4X
zGv2SD2+34MI/VCWAsCWSfSrURzD4Ct2snEAPL0Agl42L1H4deVljWhBmxRd4g8S
CQcQAvc2JGhjQl9o9gseUjkbDIYdaqrA8p0e77bg021AEh8fNwNYu6fcPIONwGce
jPyYE1482pmwIwHrv3lQodLACDbO4YkWwKPn7L6oyuCntUEuQInDMK1VfeFz+V0Q
+vBj7Qm9yYyMSiwXn0RGCPxf8RJsZbnibDyMuSBdGKkxyISqRK7BMBgTdL+YBC+D
mVq5HOPiepxaZUvptmpNdLi/445dzPcMcsT/h450YYbiGWqaC0L9UgfemwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXJW/SKj2D/avYkdUUcahj/RAPJMB8GA1UdIwQY
MBaAFOQP4iQRap8Z0zcn/et6z4I0G6YDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUFfaUpCRnFueG5UTnlmOTYzclBnalFicGdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC85MDBmNDEtYTJkZi00ZDMzLWE5NmQt
MjBmMmRjZmM4NTNmLzEvSmNsYjlJcVBZUDlxOWlSMVJSeHFHUDlFQThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC85MDBmNDEtYTJkZi00ZDMzLWE5NmQtMjBmMmRjZmM4NTNm
LzEvNUFfaUpCRnFueG5UTnlmOTYzclBnalFicGdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XVMA0G
CSqGSIb3DQEBCwUAA4IBAQCML0Jmb5F/2FN7/YmFLb18UazNUaWGgWGQJ/lDGfVW
Ar0u12VFjASjNKFXJjKWfMz9goC82s9LnJ+Ix07ls6lLF8j+Y14+WL0MPSrmaXkC
xcIIMU4CEyuusFeEdlrjGIXUG5dUuoa6JbX0m+d2p8vWXWbRE3JM3uFtUTsGhXvW
9eThxXlyFtIcxCdYMx33Q7NFtQcd0Tb9cLxqln2a49NUHBfVg+3haGXHNnEBPx2g
JiwsHRs5L95brhv6SCBvCObaCMgr3hea4ZcCj3auCTKGTTR4pp5CrS2Furn9OmZk
5/NQsF8Y5gyfZg+eexgMqjQ6bCHujN0mTiKQVCzxSq+E
-----END CERTIFICATE-----