Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e2991a-db0f-4c3f-bc08-1b3e3595101b/1/jt9iSpnG3ws3CxErZycJzflCrck.roa
File:                     jt9iSpnG3ws3CxErZycJzflCrck.roa (raw, json)
Hash identifier:          UdyxBF9n/30NQiEPxzajJOG5r9UtJHTYIeYeV5dpr/g=
Subject key identifier:   8E:DF:62:4A:99:C6:DF:0B:37:0B:11:2B:67:27:09:CD:F9:42:AD:C9
Certificate issuer:       /CN=025a8122c247d3efbbd2f6a814a5f687454188df
Certificate serial:       018CC26D046D21C1915B3CDC2B70E1DD5DCE
Authority key identifier: 02:5A:81:22:C2:47:D3:EF:BB:D2:F6:A8:14:A5:F6:87:45:41:88:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AlqBIsJH0--70vaoFKX2h0VBiN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e2991a-db0f-4c3f-bc08-1b3e3595101b/1/jt9iSpnG3ws3CxErZycJzflCrck.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61380
IP address blocks:        185.8.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e2991a-db0f-4c3f-bc08-1b3e3595101b/1/AlqBIsJH0--70vaoFKX2h0VBiN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e2991a-db0f-4c3f-bc08-1b3e3595101b/1/AlqBIsJH0--70vaoFKX2h0VBiN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AlqBIsJH0--70vaoFKX2h0VBiN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 19:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:04:6d:21:c1:91:5b:3c:dc:2b:70:e1:dd:5d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=025a8122c247d3efbbd2f6a814a5f687454188df
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8edf624a99c6df0b370b112b672709cdf942adc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:e9:d1:4e:45:f7:05:25:3a:0a:32:02:9e:08:
                    99:ed:6a:86:82:7d:ba:2d:4d:c5:d9:90:c2:fd:79:
                    1f:a2:ab:a1:97:a5:18:84:13:b3:4c:16:ce:37:a1:
                    fb:ff:f6:72:9b:91:80:14:bc:ca:7d:5d:f4:e0:55:
                    0b:c1:a0:c2:02:d5:5c:e3:2e:40:9b:50:80:c0:b1:
                    8e:65:58:51:e2:b6:ff:9a:61:75:09:b0:f5:82:46:
                    af:a4:00:82:9c:4c:75:d9:90:5d:16:01:72:19:57:
                    ef:2a:2a:e4:09:f1:bb:d3:d8:53:37:76:c3:e8:cc:
                    61:3c:e1:40:c2:c4:ca:2b:34:2a:b6:6f:39:2b:6a:
                    ac:00:21:dc:d8:51:db:42:d4:13:5a:4f:cf:fd:b3:
                    71:a3:a3:c7:52:dd:d6:38:9e:4b:d2:e1:21:c6:0c:
                    81:70:c3:db:09:17:74:49:54:c4:a3:98:dc:34:f7:
                    3a:1b:94:53:a7:ac:62:f2:4c:90:b5:4c:84:39:57:
                    d2:b5:cb:28:c7:ea:45:09:e3:7b:e8:af:ac:d1:6e:
                    fb:03:d0:15:b6:8f:ec:e4:6e:06:ba:7e:3b:7d:46:
                    f7:12:8c:6c:79:c4:a8:31:4d:97:55:6b:c0:b0:59:
                    a7:c9:3f:3e:77:05:77:7c:24:ac:f3:fc:2b:49:fe:
                    3f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:DF:62:4A:99:C6:DF:0B:37:0B:11:2B:67:27:09:CD:F9:42:AD:C9
            X509v3 Authority Key Identifier:
                keyid:02:5A:81:22:C2:47:D3:EF:BB:D2:F6:A8:14:A5:F6:87:45:41:88:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AlqBIsJH0--70vaoFKX2h0VBiN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e2991a-db0f-4c3f-bc08-1b3e3595101b/1/jt9iSpnG3ws3CxErZycJzflCrck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e2991a-db0f-4c3f-bc08-1b3e3595101b/1/AlqBIsJH0--70vaoFKX2h0VBiN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:d5:04:68:e5:29:9f:94:90:68:b8:94:46:d8:3e:44:fd:3c:
         a0:01:b1:61:99:56:f8:be:0e:9a:a5:43:93:da:2a:3e:ae:17:
         e6:ec:82:91:bf:b7:cc:37:e8:7c:4b:17:62:6f:00:c0:fd:bc:
         4e:d9:1a:c1:36:84:de:87:b6:84:f4:f3:e5:d4:b3:85:09:74:
         fa:4b:a6:63:7d:e7:c9:bd:28:60:68:ca:0c:e1:cd:86:8e:be:
         24:6d:fb:ca:c6:7b:2c:88:3f:e3:d7:cf:4f:f8:bd:1a:7b:13:
         3b:8d:51:9f:ee:a1:fd:74:4b:39:53:b0:b9:30:c9:19:de:39:
         6b:ac:58:e1:da:a6:58:84:a9:03:85:60:3d:50:0c:2a:3f:30:
         8f:b4:b8:8f:c2:ec:4f:b2:fa:a9:33:4e:7b:b8:15:64:18:83:
         9f:51:fb:fc:b9:28:7e:48:a6:47:4e:7d:6f:7e:60:a6:af:91:
         cb:1f:c8:c2:99:0e:25:a3:81:db:43:ac:f4:7e:1c:c3:8f:91:
         a4:c7:73:4a:77:ee:ce:dc:7a:a4:f8:31:24:b9:dc:4d:59:83:
         ef:24:53:96:39:a9:80:0b:54:f2:7d:68:e2:28:61:94:d2:e7:
         50:3d:b4:4a:26:94:15:72:95:5e:9d:8e:94:5d:d4:c0:44:d0:
         3f:80:79:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQRtIcGRWzzcK3Dh3V3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNWE4MTIyYzI0N2QzZWZiYmQyZjZhODE0YTVmNjg3NDU0
MTg4ZGYwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWRmNjI0YTk5YzZkZjBiMzcwYjExMmI2NzI3MDljZGY5NDJhZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5unRTkX3BSU6CjICngiZ7WqGgn26
LU3F2ZDC/Xkfoquhl6UYhBOzTBbON6H7//Zym5GAFLzKfV304FULwaDCAtVc4y5A
m1CAwLGOZVhR4rb/mmF1CbD1gkavpACCnEx12ZBdFgFyGVfvKirkCfG709hTN3bD
6MxhPOFAwsTKKzQqtm85K2qsACHc2FHbQtQTWk/P/bNxo6PHUt3WOJ5L0uEhxgyB
cMPbCRd0SVTEo5jcNPc6G5RTp6xi8kyQtUyEOVfStcsox+pFCeN76K+s0W77A9AV
to/s5G4Gun47fUb3EoxsecSoMU2XVWvAsFmnyT8+dwV3fCSs8/wrSf4/8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7fYkqZxt8LNwsRK2cnCc35Qq3JMB8GA1UdIwQY
MBaAFAJagSLCR9Pvu9L2qBSl9odFQYjfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWxxQklzSkgwLS03MHZhb0ZLWDJoMFZCaU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lMjk5MWEtZGIwZi00YzNmLWJjMDgt
MWIzZTM1OTUxMDFiLzEvanQ5aVNwbkczd3MzQ3hFclp5Y0p6ZmxDcmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lMjk5MWEtZGIwZi00YzNmLWJjMDgtMWIzZTM1OTUxMDFi
LzEvQWxxQklzSkgwLS03MHZhb0ZLWDJoMFZCaU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQicMA0G
CSqGSIb3DQEBCwUAA4IBAQAM1QRo5SmflJBouJRG2D5E/TygAbFhmVb4vg6apUOT
2io+rhfm7IKRv7fMN+h8SxdibwDA/bxO2RrBNoTeh7aE9PPl1LOFCXT6S6ZjfefJ
vShgaMoM4c2Gjr4kbfvKxnssiD/j189P+L0aexM7jVGf7qH9dEs5U7C5MMkZ3jlr
rFjh2qZYhKkDhWA9UAwqPzCPtLiPwuxPsvqpM057uBVkGIOfUfv8uSh+SKZHTn1v
fmCmr5HLH8jCmQ4lo4HbQ6z0fhzDj5Gkx3NKd+7O3Hqk+DEkudxNWYPvJFOWOamA
C1TyfWjiKGGU0udQPbRKJpQVcpVenY6UXdTARNA/gHmw
-----END CERTIFICATE-----