Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/8f5a1d-6087-46be-b4b8-21de03a85235/1/jVTQGAqwzwS3ftE5F_bVkugdq9g.roa
File:                     jVTQGAqwzwS3ftE5F_bVkugdq9g.roa (raw, json)
Hash identifier:          eMcIEnf+tcPAyAI3sRtWFcqMPQox2Qzd5j8ygci84QU=
Subject key identifier:   8D:54:D0:18:0A:B0:CF:04:B7:7E:D1:39:17:F6:D5:92:E8:1D:AB:D8
Certificate issuer:       /CN=02c4df5b74d99f9796718435c3afd2220cb56751
Certificate serial:       019192CF9268D178431ECA6AF96F2E90AF7C
Authority key identifier: 02:C4:DF:5B:74:D9:9F:97:96:71:84:35:C3:AF:D2:22:0C:B5:67:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AsTfW3TZn5eWcYQ1w6_SIgy1Z1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/8f5a1d-6087-46be-b4b8-21de03a85235/1/jVTQGAqwzwS3ftE5F_bVkugdq9g.roa
Signing time:             Tue 27 Aug 2024 07:49:22 +0000
ROA not before:           Tue 27 Aug 2024 07:49:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214568
IP address blocks:        194.246.72.0/24 maxlen: 24
                          194.246.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/8f5a1d-6087-46be-b4b8-21de03a85235/1/AsTfW3TZn5eWcYQ1w6_SIgy1Z1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/8f5a1d-6087-46be-b4b8-21de03a85235/1/AsTfW3TZn5eWcYQ1w6_SIgy1Z1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AsTfW3TZn5eWcYQ1w6_SIgy1Z1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:92:cf:92:68:d1:78:43:1e:ca:6a:f9:6f:2e:90:af:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02c4df5b74d99f9796718435c3afd2220cb56751
        Validity
            Not Before: Aug 27 07:49:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d54d0180ab0cf04b77ed13917f6d592e81dabd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4a:23:fa:b0:91:b7:27:c4:47:e2:c5:dd:48:
                    76:b3:d7:d6:1f:ce:17:11:c0:37:97:a4:08:c9:ed:
                    07:34:7c:ba:0c:a1:26:52:9b:65:0f:95:16:12:1e:
                    ef:b5:10:31:b0:66:e4:fd:3e:2b:a5:02:da:87:d9:
                    9a:a2:80:cd:44:2f:44:ed:28:5a:43:1f:e6:6a:91:
                    25:6b:0c:32:6e:a5:dc:a1:6d:93:0f:85:3c:aa:87:
                    9a:97:68:f2:51:22:83:cd:c0:06:99:bc:41:37:14:
                    31:dd:cf:43:37:93:72:2b:ae:87:35:eb:fb:81:e0:
                    2b:90:5c:03:07:81:75:ff:49:c5:7a:6c:f8:70:bd:
                    8e:51:46:3e:df:50:1a:32:c0:03:b8:62:19:d9:40:
                    f6:25:1f:0a:30:d4:8e:b5:80:e5:94:45:91:4f:51:
                    d8:3d:f5:f1:1f:22:6b:62:61:8e:7f:13:1d:5f:9c:
                    4b:48:72:6b:bc:33:37:90:34:37:87:e8:54:20:2a:
                    7e:68:dc:6d:08:80:6e:35:3a:65:ba:ec:c8:71:57:
                    43:75:bf:ea:c4:d0:36:b6:10:fc:c3:89:a0:a7:4b:
                    a4:ca:43:48:e9:21:ce:de:d9:66:43:3a:fb:23:bf:
                    62:73:d1:a0:fc:10:40:5b:b9:69:0b:6b:45:79:aa:
                    71:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:54:D0:18:0A:B0:CF:04:B7:7E:D1:39:17:F6:D5:92:E8:1D:AB:D8
            X509v3 Authority Key Identifier:
                keyid:02:C4:DF:5B:74:D9:9F:97:96:71:84:35:C3:AF:D2:22:0C:B5:67:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AsTfW3TZn5eWcYQ1w6_SIgy1Z1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/8f5a1d-6087-46be-b4b8-21de03a85235/1/jVTQGAqwzwS3ftE5F_bVkugdq9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/8f5a1d-6087-46be-b4b8-21de03a85235/1/AsTfW3TZn5eWcYQ1w6_SIgy1Z1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:34:2b:eb:2f:9f:32:e5:2b:6b:b3:ce:87:fe:16:eb:13:22:
         0b:e1:e7:32:35:34:3a:a3:7b:c5:cc:54:05:38:41:40:e0:37:
         50:12:78:5b:5e:ef:fc:a8:87:4b:47:4f:0f:61:81:c3:eb:0f:
         2a:8e:54:b6:8b:83:73:0d:d2:90:db:07:f2:ac:32:4b:cd:71:
         51:d9:6c:e9:4f:f7:4a:b8:9a:09:56:35:a8:6f:c3:91:f4:7d:
         51:84:a7:aa:c4:34:04:9b:9b:c8:c5:b2:2d:73:ba:ae:bc:2d:
         14:b9:a0:28:ea:88:af:55:60:a0:dd:ef:31:44:8c:8f:7f:50:
         2e:09:02:05:4c:10:a8:42:74:24:57:43:fb:2a:2f:93:cd:a3:
         97:46:c2:3d:9a:d4:0d:d3:aa:a7:17:0d:84:c7:e7:1e:ec:4e:
         86:d7:30:b2:9e:a4:2a:28:81:a7:c8:ac:a1:f9:da:f5:90:e2:
         06:ed:4c:89:75:07:92:bc:6e:e0:cb:9f:e6:d3:77:ef:e2:90:
         f5:c4:07:37:13:f8:30:ed:e5:87:8d:e8:a2:d7:be:fb:1f:64:
         71:25:55:aa:ad:14:8e:46:9c:0f:83:16:20:28:48:ae:91:5d:
         44:f1:2b:a4:44:b6:a1:be:c5:e3:3c:ec:8d:31:6a:9e:d1:2c:
         9c:c0:bd:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGSz5Jo0XhDHspq+W8ukK98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYzRkZjViNzRkOTlmOTc5NjcxODQzNWMzYWZkMjIyMGNi
NTY3NTEwHhcNMjQwODI3MDc0OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDU0ZDAxODBhYjBjZjA0Yjc3ZWQxMzkxN2Y2ZDU5MmU4MWRhYmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0oj+rCRtyfER+LF3Uh2s9fWH84X
EcA3l6QIye0HNHy6DKEmUptlD5UWEh7vtRAxsGbk/T4rpQLah9maooDNRC9E7Sha
Qx/mapElawwybqXcoW2TD4U8qoeal2jyUSKDzcAGmbxBNxQx3c9DN5NyK66HNev7
geArkFwDB4F1/0nFemz4cL2OUUY+31AaMsADuGIZ2UD2JR8KMNSOtYDllEWRT1HY
PfXxHyJrYmGOfxMdX5xLSHJrvDM3kDQ3h+hUICp+aNxtCIBuNTpluuzIcVdDdb/q
xNA2thD8w4mgp0ukykNI6SHO3tlmQzr7I79ic9Gg/BBAW7lpC2tFeapxOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1U0BgKsM8Et37RORf21ZLoHavYMB8GA1UdIwQY
MBaAFALE31t02Z+XlnGENcOv0iIMtWdRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXNUZlczVFpuNWVXY1lRMXc2X1NJZ3kxWjFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS84ZjVhMWQtNjA4Ny00NmJlLWI0Yjgt
MjFkZTAzYTg1MjM1LzEvalZUUUdBcXd6d1MzZnRFNUZfYlZrdWdkcTlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS84ZjVhMWQtNjA4Ny00NmJlLWI0YjgtMjFkZTAzYTg1MjM1
LzEvQXNUZlczVFpuNWVXY1lRMXc2X1NJZ3kxWjFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvZIMA0G
CSqGSIb3DQEBCwUAA4IBAQCFNCvrL58y5Strs86H/hbrEyIL4ecyNTQ6o3vFzFQF
OEFA4DdQEnhbXu/8qIdLR08PYYHD6w8qjlS2i4NzDdKQ2wfyrDJLzXFR2WzpT/dK
uJoJVjWob8OR9H1RhKeqxDQEm5vIxbItc7quvC0UuaAo6oivVWCg3e8xRIyPf1Au
CQIFTBCoQnQkV0P7Ki+TzaOXRsI9mtQN06qnFw2Ex+ce7E6G1zCynqQqKIGnyKyh
+dr1kOIG7UyJdQeSvG7gy5/m03fv4pD1xAc3E/gw7eWHjeii1777H2RxJVWqrRSO
RpwPgxYgKEiukV1E8SukRLahvsXjPOyNMWqe0SycwL1v
-----END CERTIFICATE-----