Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/jUXeC7atzXPndn3ROFOiYJAjB6g.roa
File:                     jUXeC7atzXPndn3ROFOiYJAjB6g.roa (raw, json)
Hash identifier:          R/fzYmLwbR2KLFEjGdhtsv+VTHk1xKCkVWj7X8Ni1iA=
Subject key identifier:   8D:45:DE:0B:B6:AD:CD:73:E7:76:7D:D1:38:53:A2:60:90:23:07:A8
Certificate issuer:       /CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
Certificate serial:       018D1CF8EC26C510E6EA1466726CEF6B646B
Authority key identifier: 34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/jUXeC7atzXPndn3ROFOiYJAjB6g.roa
Signing time:             Thu 18 Jan 2024 14:28:11 +0000
ROA not before:           Thu 18 Jan 2024 14:28:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.156.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:f8:ec:26:c5:10:e6:ea:14:66:72:6c:ef:6b:64:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
        Validity
            Not Before: Jan 18 14:28:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d45de0bb6adcd73e7767dd13853a260902307a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ff:00:a1:4b:db:cf:f3:3c:14:64:38:ed:23:
                    12:63:ff:e5:b1:f3:31:b9:d9:d2:5e:ea:b9:8b:69:
                    46:c0:4c:b7:fe:35:a2:82:82:8d:1b:d3:55:59:b9:
                    e7:19:7b:c6:cc:76:c4:5c:08:ac:11:5a:20:25:40:
                    5f:6d:af:82:39:5c:a4:4a:6f:ba:af:e3:82:20:99:
                    3b:a1:39:c7:c8:21:e9:7c:b7:b1:ad:de:dc:1d:07:
                    40:c8:e6:aa:70:53:f3:48:61:a7:0c:21:03:77:68:
                    48:13:29:61:9d:9b:95:a8:d5:65:cf:94:a1:30:5a:
                    ec:1f:19:d9:9a:dd:e7:98:4f:9c:2a:6a:6e:25:18:
                    31:68:4a:81:58:c4:9f:89:b0:51:03:be:ee:39:42:
                    71:69:93:aa:0b:04:83:4f:23:52:79:46:22:d9:12:
                    ff:d7:b3:6d:e9:bb:25:6e:5c:ac:9a:55:1b:69:bc:
                    04:ce:7c:56:c0:48:1e:9e:95:ea:f8:03:3b:3b:60:
                    68:7f:bf:cc:e3:99:09:92:eb:b0:ac:7e:55:7a:91:
                    f2:ab:88:19:ef:2e:8b:1b:dc:1b:79:68:cd:ab:eb:
                    15:51:be:97:33:1a:22:93:0b:3e:48:47:8e:c1:41:
                    bb:12:15:5e:07:d2:43:16:71:62:dc:b0:ab:18:a1:
                    ba:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:45:DE:0B:B6:AD:CD:73:E7:76:7D:D1:38:53:A2:60:90:23:07:A8
            X509v3 Authority Key Identifier:
                keyid:34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/jUXeC7atzXPndn3ROFOiYJAjB6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:29:19:72:fe:74:22:c3:e8:10:e9:9f:6b:f6:a8:38:73:2a:
         e1:12:e9:98:32:71:67:94:c2:c9:14:25:d0:21:e9:e3:12:47:
         f8:05:9f:db:96:16:0a:40:f3:c2:10:f7:e6:23:84:c0:fa:3f:
         4f:53:af:df:f3:23:ec:33:d6:7a:df:46:8b:9d:42:7a:f7:12:
         f6:49:b7:25:35:30:e4:38:51:2d:e4:5e:85:31:50:1e:e2:18:
         36:66:4f:49:63:86:e3:8f:90:9b:9f:ba:30:7f:e1:64:5a:56:
         2a:3a:21:5b:3e:6e:96:73:66:c9:34:f9:43:e7:7e:22:16:16:
         ee:71:c5:88:10:7f:42:01:49:41:03:8c:f6:9f:2d:28:96:8f:
         ee:47:fc:4a:d7:62:32:4c:2c:51:e7:ce:77:10:a4:aa:0e:bd:
         e4:88:b9:d1:10:be:59:b8:02:fa:9c:1a:c1:43:21:27:0b:4b:
         b0:a4:21:1c:2e:64:9c:13:b2:41:86:87:3f:ed:8e:91:c5:e2:
         fa:90:b3:cc:f6:1a:ea:59:f0:b0:75:5f:c7:a7:ce:dc:29:5d:
         ae:ab:41:18:8d:46:25:9c:3d:1a:04:4a:be:5c:09:5c:ce:06:
         eb:a3:01:b7:26:67:17:92:57:92:cd:70:3b:84:97:3e:03:cf:
         dc:38:8c:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0c+OwmxRDm6hRmcmzva2RrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZmU2YjlkMGNjMWU3ZjZlMTZiMmE0NmI0MmNhNWUwMWM3
MDAzNDYwHhcNMjQwMTE4MTQyODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDQ1ZGUwYmI2YWRjZDczZTc3NjdkZDEzODUzYTI2MDkwMjMwN2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv8AoUvbz/M8FGQ47SMSY//lsfMx
udnSXuq5i2lGwEy3/jWigoKNG9NVWbnnGXvGzHbEXAisEVogJUBfba+COVykSm+6
r+OCIJk7oTnHyCHpfLexrd7cHQdAyOaqcFPzSGGnDCEDd2hIEylhnZuVqNVlz5Sh
MFrsHxnZmt3nmE+cKmpuJRgxaEqBWMSfibBRA77uOUJxaZOqCwSDTyNSeUYi2RL/
17Nt6bslblysmlUbabwEznxWwEgenpXq+AM7O2Bof7/M45kJkuuwrH5VepHyq4gZ
7y6LG9wbeWjNq+sVUb6XMxoikws+SEeOwUG7EhVeB9JDFnFi3LCrGKG6jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1F3gu2rc1z53Z90ThTomCQIweoMB8GA1UdIwQY
MBaAFDT+a50Mwef24WsqRrQspeAccANGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUt
MTE4YWZlZDdhNWFlLzEvalVYZUM3YXR6WFBuZG4zUk9GT2lZSkFqQjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUtMTE4YWZlZDdhNWFl
LzEvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZwQMA0G
CSqGSIb3DQEBCwUAA4IBAQCYKRly/nQiw+gQ6Z9r9qg4cyrhEumYMnFnlMLJFCXQ
IenjEkf4BZ/blhYKQPPCEPfmI4TA+j9PU6/f8yPsM9Z630aLnUJ69xL2SbclNTDk
OFEt5F6FMVAe4hg2Zk9JY4bjj5Cbn7owf+FkWlYqOiFbPm6Wc2bJNPlD534iFhbu
ccWIEH9CAUlBA4z2ny0olo/uR/xK12IyTCxR5853EKSqDr3kiLnREL5ZuAL6nBrB
QyEnC0uwpCEcLmScE7JBhoc/7Y6RxeL6kLPM9hrqWfCwdV/Hp87cKV2uq0EYjUYl
nD0aBEq+XAlczgbrowG3JmcXkleSzXA7hJc+A8/cOIxv
-----END CERTIFICATE-----