Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/jas_GORNCuhrvBoF01-R8dQ3QJo.roa
File:                     jas_GORNCuhrvBoF01-R8dQ3QJo.roa (raw, json)
Hash identifier:          xCu6mc/y/WROPAB6mvvYnKwYJccMAaG1EhNnGZ4cGPE=
Subject key identifier:   8D:AB:3F:18:E4:4D:0A:E8:6B:BC:1A:05:D3:5F:91:F1:D4:37:40:9A
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       018CD16CF6BFBA2805039D9829B9035B8254
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/jas_GORNCuhrvBoF01-R8dQ3QJo.roa
Signing time:             Wed 03 Jan 2024 22:23:48 +0000
ROA not before:           Wed 03 Jan 2024 22:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47516
IP address blocks:        185.136.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d1:6c:f6:bf:ba:28:05:03:9d:98:29:b9:03:5b:82:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  3 22:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dab3f18e44d0ae86bbc1a05d35f91f1d437409a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b9:62:3d:78:92:15:5c:08:f2:ad:8f:fb:64:
                    d1:97:8a:c3:53:e9:97:43:61:21:d7:3f:29:a5:06:
                    cf:62:55:38:6e:3c:41:95:3f:c6:08:d2:7e:86:25:
                    8a:91:c0:be:80:bd:f9:4f:ff:08:6b:e1:1a:0e:86:
                    22:3a:e4:83:f2:e9:45:1e:f4:ee:fe:53:93:6e:ab:
                    02:20:52:b8:96:44:28:f0:fb:d9:f3:84:72:da:8c:
                    42:8f:32:f0:e8:5e:74:79:bc:7d:a6:10:9c:d6:30:
                    16:25:7c:47:a8:2d:9e:e8:e1:2a:17:8f:18:93:e7:
                    28:c3:6e:00:af:10:d8:8e:ab:ea:80:58:33:f0:81:
                    be:85:4f:98:80:70:13:02:ca:41:f5:95:75:0a:b2:
                    f8:83:7a:24:f4:eb:67:8b:1a:c5:48:8c:4e:f9:cc:
                    e4:4d:3f:3e:bf:85:f7:5c:27:77:66:21:5d:fa:87:
                    56:d1:85:10:d5:e1:5d:44:bd:5f:e8:5f:83:f6:a7:
                    62:41:02:64:bf:53:b0:d6:71:7c:56:50:0a:d7:ad:
                    92:d9:61:bb:ab:7f:41:94:70:3b:a0:e7:df:24:7b:
                    a8:76:3f:7d:82:26:ea:96:b3:29:f1:08:ee:21:1e:
                    d8:64:86:7d:22:5a:4b:ac:82:1a:53:0b:93:f4:f1:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:AB:3F:18:E4:4D:0A:E8:6B:BC:1A:05:D3:5F:91:F1:D4:37:40:9A
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/jas_GORNCuhrvBoF01-R8dQ3QJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b6:0c:22:e7:43:00:c8:a9:ba:6e:0e:9f:30:52:6c:91:0e:
         85:5a:e3:57:ea:24:a4:50:68:bb:a9:78:04:7e:5a:7b:aa:dd:
         b0:ba:a4:b2:ff:ac:3e:df:3d:7e:11:b9:23:df:0a:4d:e2:b7:
         db:39:82:48:e9:9d:cd:24:bb:b0:3e:16:04:87:d7:b8:a8:86:
         3b:ed:ba:72:28:94:09:1d:50:cf:c5:56:3b:99:73:0e:eb:e6:
         12:85:69:68:9a:4c:7a:e6:ea:89:7c:ca:8c:6d:57:f8:b9:df:
         9b:04:9f:17:c1:50:7f:54:25:9d:70:5d:77:c7:12:d6:b2:ad:
         ba:f6:e7:f5:cf:b8:f7:79:55:c8:20:12:39:8b:41:16:64:0c:
         3f:cf:e3:3e:96:de:8b:21:f3:b2:fd:f2:c7:27:98:c3:7a:a2:
         18:33:57:4e:d7:4a:bc:bf:35:68:ca:f3:9f:09:1f:07:98:f1:
         ea:9e:18:c0:30:d6:a8:52:94:31:92:9c:96:5e:73:ef:c0:41:
         20:d1:0b:6f:4c:fb:86:7d:da:83:1f:66:42:4c:ec:a7:0e:85:
         6c:1b:09:8a:8f:ea:5b:91:2b:a8:d1:99:b5:82:97:e0:02:05:
         33:17:e8:27:12:a3:35:08:0f:9c:81:fd:6e:a1:3a:59:88:8a:
         1c:c0:af:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzRbPa/uigFA52YKbkDW4JUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjQwMTAzMjIyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGFiM2YxOGU0NGQwYWU4NmJiYzFhMDVkMzVmOTFmMWQ0Mzc0MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7liPXiSFVwI8q2P+2TRl4rDU+mX
Q2Eh1z8ppQbPYlU4bjxBlT/GCNJ+hiWKkcC+gL35T/8Ia+EaDoYiOuSD8ulFHvTu
/lOTbqsCIFK4lkQo8PvZ84Ry2oxCjzLw6F50ebx9phCc1jAWJXxHqC2e6OEqF48Y
k+cow24ArxDYjqvqgFgz8IG+hU+YgHATAspB9ZV1CrL4g3ok9OtnixrFSIxO+czk
TT8+v4X3XCd3ZiFd+odW0YUQ1eFdRL1f6F+D9qdiQQJkv1Ow1nF8VlAK162S2WG7
q39BlHA7oOffJHuodj99gibqlrMp8QjuIR7YZIZ9IlpLrIIaUwuT9PGJbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2rPxjkTQroa7waBdNfkfHUN0CaMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvamFzX0dPUk5DdWhydkJvRjAxLVI4ZFEzUUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYjOMA0G
CSqGSIb3DQEBCwUAA4IBAQA2tgwi50MAyKm6bg6fMFJskQ6FWuNX6iSkUGi7qXgE
flp7qt2wuqSy/6w+3z1+Ebkj3wpN4rfbOYJI6Z3NJLuwPhYEh9e4qIY77bpyKJQJ
HVDPxVY7mXMO6+YShWlomkx65uqJfMqMbVf4ud+bBJ8XwVB/VCWdcF13xxLWsq26
9uf1z7j3eVXIIBI5i0EWZAw/z+M+lt6LIfOy/fLHJ5jDeqIYM1dO10q8vzVoyvOf
CR8HmPHqnhjAMNaoUpQxkpyWXnPvwEEg0QtvTPuGfdqDH2ZCTOynDoVsGwmKj+pb
kSuo0Zm1gpfgAgUzF+gnEqM1CA+cgf1uoTpZiIocwK8j
-----END CERTIFICATE-----