Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/5J4w1VVWe9y4_cV6dZFYIFrn8h8.roa
File:                     5J4w1VVWe9y4_cV6dZFYIFrn8h8.roa (raw, json)
Hash identifier:          jjZARCq5L6RVltqrQGq1OmsR8W4NNpO3KNJz5cen8go=
Subject key identifier:   E4:9E:30:D5:55:56:7B:DC:B8:FD:C5:7A:75:91:58:20:5A:E7:F2:1F
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E61DAC47B863B2C5B311C967FF99
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/5J4w1VVWe9y4_cV6dZFYIFrn8h8.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208980
IP address blocks:        212.243.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e6:1d:ac:47:b8:63:b2:c5:b3:11:c9:67:ff:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e49e30d555567bdcb8fdc57a759158205ae7f21f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:27:0b:33:e3:fd:96:51:ff:7c:d5:45:69:ac:
                    7b:f6:39:69:ed:b9:f0:fb:df:a2:44:a8:b1:e9:7b:
                    ea:b1:19:04:87:cd:dd:26:d3:27:ee:51:a1:f8:a6:
                    a2:79:c4:ec:5a:ce:91:b9:9b:7a:a2:9b:f0:58:7f:
                    0d:9a:90:44:88:cb:b5:65:e7:96:84:fb:05:96:c9:
                    c3:f8:c2:2c:ae:04:6c:a0:4b:7a:a1:af:f7:77:09:
                    14:83:12:e9:86:35:55:5f:74:00:6c:74:f3:d0:7d:
                    b1:06:a7:0e:43:e1:d4:a5:2b:45:ac:00:44:b1:e3:
                    c0:83:33:18:30:13:03:4f:0c:3b:0f:31:36:a4:c9:
                    83:85:b5:a0:76:11:6b:10:2e:13:10:50:fc:76:f7:
                    af:60:44:d7:aa:8f:7e:35:8a:8a:03:58:81:0d:4f:
                    5a:42:cd:e6:69:83:b3:ee:6c:f7:66:e8:36:f6:3a:
                    2c:e2:fe:34:f7:78:9c:30:bb:d7:79:bf:f0:69:ad:
                    68:c8:86:e2:01:ee:30:42:f0:fa:26:25:30:1f:c9:
                    e0:14:20:0c:da:bb:89:3d:a5:ef:08:7f:b3:28:75:
                    47:65:ad:86:27:80:5d:ca:65:60:c9:67:92:79:c3:
                    42:3b:13:3e:ad:06:8f:73:90:57:29:b0:10:2d:89:
                    81:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:9E:30:D5:55:56:7B:DC:B8:FD:C5:7A:75:91:58:20:5A:E7:F2:1F
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/5J4w1VVWe9y4_cV6dZFYIFrn8h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d7:20:2a:31:e7:cb:1d:94:21:be:69:9b:44:b6:e0:9c:a1:
         65:02:47:b1:15:c1:60:41:d7:95:85:8e:e3:66:07:2b:53:ee:
         c8:96:38:c8:5b:f7:3d:52:ae:9c:6a:de:d9:f4:0a:3d:f5:03:
         ac:42:8c:29:a2:9b:e0:7b:37:e6:d8:26:11:ae:c1:0d:e8:07:
         92:08:0a:7c:ad:32:cf:c3:36:eb:07:4c:46:1f:89:2d:4b:ee:
         c2:98:ba:b8:d6:71:a9:46:67:52:56:13:fd:02:3b:8c:5d:67:
         22:93:af:8c:52:2b:b9:da:98:d6:5e:0a:c3:97:69:c6:06:16:
         45:42:5b:94:8e:9c:3f:d5:dd:4e:c7:6d:e3:85:60:7b:8c:f4:
         dc:83:44:2b:a2:7d:ad:04:7d:b8:b2:61:6c:ca:80:c1:da:e1:
         54:ee:2d:e9:92:36:30:ef:c7:e5:e4:25:0d:63:37:a0:23:14:
         25:6c:16:f1:10:79:04:ad:43:03:d6:20:67:a5:b3:ec:f0:8f:
         14:0a:cd:be:eb:ce:fd:15:dd:9d:1e:4b:06:62:bc:ba:a1:ef:
         d3:d7:80:7d:a8:6b:6e:54:57:f7:31:3e:43:62:5f:43:e6:58:
         48:f0:e9:de:7d:fd:07:22:12:74:24:ec:c3:cb:32:74:75:6e:
         5b:84:b3:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOYdrEe4Y7LFsxHJZ/+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDllMzBkNTU1NTY3YmRjYjhmZGM1N2E3NTkxNTgyMDVhZTdmMjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoycLM+P9llH/fNVFaax79jlp7bnw
+9+iRKix6XvqsRkEh83dJtMn7lGh+KaiecTsWs6RuZt6opvwWH8NmpBEiMu1ZeeW
hPsFlsnD+MIsrgRsoEt6oa/3dwkUgxLphjVVX3QAbHTz0H2xBqcOQ+HUpStFrABE
sePAgzMYMBMDTww7DzE2pMmDhbWgdhFrEC4TEFD8dvevYETXqo9+NYqKA1iBDU9a
Qs3maYOz7mz3Zug29jos4v4093icMLvXeb/waa1oyIbiAe4wQvD6JiUwH8ngFCAM
2ruJPaXvCH+zKHVHZa2GJ4BdymVgyWeSecNCOxM+rQaPc5BXKbAQLYmBzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSeMNVVVnvcuP3FenWRWCBa5/IfMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvNUo0dzFWVldlOXk0X2NWNmRaRllJRnJuOGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PN+MA0G
CSqGSIb3DQEBCwUAA4IBAQCa1yAqMefLHZQhvmmbRLbgnKFlAkexFcFgQdeVhY7j
ZgcrU+7IljjIW/c9Uq6cat7Z9Ao99QOsQowpopvgezfm2CYRrsEN6AeSCAp8rTLP
wzbrB0xGH4ktS+7CmLq41nGpRmdSVhP9AjuMXWcik6+MUiu52pjWXgrDl2nGBhZF
QluUjpw/1d1Ox23jhWB7jPTcg0Qron2tBH24smFsyoDB2uFU7i3pkjYw78fl5CUN
YzegIxQlbBbxEHkErUMD1iBnpbPs8I8UCs2+6879Fd2dHksGYry6oe/T14B9qGtu
VFf3MT5DYl9D5lhI8Oneff0HIhJ0JOzDyzJ0dW5bhLNF
-----END CERTIFICATE-----