Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/jjNcBXsoNVqnucHRwCzSbI1BCMM.roa
File:                     jjNcBXsoNVqnucHRwCzSbI1BCMM.roa (raw, json)
Hash identifier:          5jfmQjw9mIFuN5pJ8PuZ3/yoYO6IiQ08fG4QpnJZUIk=
Subject key identifier:   8E:33:5C:05:7B:28:35:5A:A7:B9:C1:D1:C0:2C:D2:6C:8D:41:08:C3
Certificate issuer:       /CN=f85d004446182d51fd38f7f75fe2a5c8608bc86d
Certificate serial:       019420D62D7C60FA2C24573733114B44AAFE
Authority key identifier: F8:5D:00:44:46:18:2D:51:FD:38:F7:F7:5F:E2:A5:C8:60:8B:C8:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-F0AREYYLVH9OPf3X-KlyGCLyG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/jjNcBXsoNVqnucHRwCzSbI1BCMM.roa
Signing time:             Wed 01 Jan 2025 07:48:14 +0000
ROA not before:           Wed 01 Jan 2025 07:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47692
IP address blocks:        185.12.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/1-F0AREYYLVH9OPf3X-KlyGCLyG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/1-F0AREYYLVH9OPf3X-KlyGCLyG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-F0AREYYLVH9OPf3X-KlyGCLyG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2d:7c:60:fa:2c:24:57:37:33:11:4b:44:aa:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f85d004446182d51fd38f7f75fe2a5c8608bc86d
        Validity
            Not Before: Jan  1 07:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e335c057b28355aa7b9c1d1c02cd26c8d4108c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8d:fa:2c:c8:7d:4b:4c:7e:d8:bb:c7:7e:32:
                    f3:8f:47:a9:f7:2f:0b:bd:82:5c:c5:3f:ab:31:f3:
                    e0:08:f9:9c:ff:d7:c1:29:84:2c:7a:2c:1f:ac:c1:
                    0f:a0:b7:6f:1c:73:8f:69:ad:89:54:20:90:b4:bf:
                    2a:6f:ba:cc:13:1f:e9:53:35:2f:60:f4:5a:eb:d0:
                    41:31:b5:4b:c2:41:d9:a6:56:7a:94:03:f9:64:c1:
                    8b:08:01:7c:ce:43:fc:95:52:00:43:b7:2a:fc:b8:
                    3c:a7:2b:79:3b:21:2d:f2:58:d5:88:8d:a9:d9:59:
                    4c:e7:89:05:8f:f7:b9:08:01:3d:bd:d2:91:25:77:
                    b6:1d:1a:35:18:70:5f:6c:10:f1:b9:62:77:17:55:
                    56:a2:a1:f6:bd:79:8b:6c:85:a1:4d:b7:b9:26:aa:
                    11:d2:54:66:d3:65:51:61:1c:21:40:e8:74:41:d9:
                    37:43:95:90:0c:6d:0f:63:b5:0c:85:bc:9b:13:ad:
                    8d:6a:92:76:90:9b:a0:c8:af:50:0c:24:e5:0f:36:
                    20:55:3a:4e:2c:f9:a6:ac:42:2a:e2:1b:17:b6:b6:
                    5d:f4:a8:6d:1a:04:8e:08:f7:a8:bb:69:d1:47:89:
                    7c:17:ff:23:a0:3f:0a:27:bf:3a:42:6d:cf:ad:7a:
                    a4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:33:5C:05:7B:28:35:5A:A7:B9:C1:D1:C0:2C:D2:6C:8D:41:08:C3
            X509v3 Authority Key Identifier:
                keyid:F8:5D:00:44:46:18:2D:51:FD:38:F7:F7:5F:E2:A5:C8:60:8B:C8:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-F0AREYYLVH9OPf3X-KlyGCLyG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/jjNcBXsoNVqnucHRwCzSbI1BCMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/1-F0AREYYLVH9OPf3X-KlyGCLyG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:2f:c6:f8:9c:99:cf:e1:21:4b:92:53:f2:d1:dc:6e:a4:5b:
         b8:6a:c4:a6:62:de:23:e7:53:88:97:10:2f:bf:e4:63:95:60:
         72:be:76:48:67:89:c0:59:ee:a7:2c:62:ce:94:4f:83:ad:06:
         84:02:d9:31:bd:be:21:0e:4e:83:83:46:d3:44:8f:80:4f:cd:
         b5:43:a0:2f:65:91:f5:bc:6c:3e:ae:5e:ce:f9:6b:f4:83:e8:
         bf:d1:ae:10:fd:11:10:e3:ef:7c:d4:c3:87:7b:5b:14:c0:2c:
         5f:b1:fa:05:aa:ca:7f:14:0d:eb:d3:0f:4c:b3:dc:df:43:02:
         92:43:2c:be:af:4f:f3:c5:c5:46:62:0f:aa:26:2a:8c:ab:fc:
         8a:0c:01:d9:a3:88:85:4c:e0:4d:2c:61:ba:14:2a:d8:ea:48:
         f2:79:d0:1f:a8:53:6a:89:73:3d:5e:40:c3:17:5b:78:94:d5:
         95:f3:00:9b:75:31:e9:54:20:ee:cc:c4:81:34:c6:69:db:5b:
         49:f4:2d:9c:34:85:19:86:32:10:7e:22:18:ab:a7:c5:1d:7b:
         50:2f:a7:bb:fb:b7:95:b3:4d:f8:92:ab:45:e2:88:4c:18:ec:
         4d:a6:5c:53:61:c8:4e:af:63:60:23:3c:52:68:e5:d5:a6:d5:
         a6:36:12:8a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQg1i18YPosJFc3MxFLRKr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NWQwMDQ0NDYxODJkNTFmZDM4ZjdmNzVmZTJhNWM4NjA4
YmM4NmQwHhcNMjUwMTAxMDc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTMzNWMwNTdiMjgzNTVhYTdiOWMxZDFjMDJjZDI2YzhkNDEwOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt436LMh9S0x+2LvHfjLzj0ep9y8L
vYJcxT+rMfPgCPmc/9fBKYQseiwfrMEPoLdvHHOPaa2JVCCQtL8qb7rMEx/pUzUv
YPRa69BBMbVLwkHZplZ6lAP5ZMGLCAF8zkP8lVIAQ7cq/Lg8pyt5OyEt8ljViI2p
2VlM54kFj/e5CAE9vdKRJXe2HRo1GHBfbBDxuWJ3F1VWoqH2vXmLbIWhTbe5JqoR
0lRm02VRYRwhQOh0Qdk3Q5WQDG0PY7UMhbybE62NapJ2kJugyK9QDCTlDzYgVTpO
LPmmrEIq4hsXtrZd9KhtGgSOCPeou2nRR4l8F/8joD8KJ786Qm3PrXqkOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI4zXAV7KDVap7nB0cAs0myNQQjDMB8GA1UdIwQY
MBaAFPhdAERGGC1R/Tj391/ipchgi8htMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1GMEFSRVlZTFZIOU9QZjNYLUtseUdDTHlHMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvYzlkYjUyLWFjOTEtNDA2YS05Zjk1
LTA4MGVlMGE5N2Y2YS8xL2pqTmNCWHNvTlZxbnVjSFJ3Q3pTYkkxQkNNTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvYzlkYjUyLWFjOTEtNDA2YS05Zjk1LTA4MGVlMGE5N2Y2
YS8xLzEtRjBBUkVZWUxWSDlPUGYzWC1LbHlHQ0x5RzAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5DLcw
DQYJKoZIhvcNAQELBQADggEBAAIvxvicmc/hIUuSU/LR3G6kW7hqxKZi3iPnU4iX
EC+/5GOVYHK+dkhnicBZ7qcsYs6UT4OtBoQC2TG9viEOToODRtNEj4BPzbVDoC9l
kfW8bD6uXs75a/SD6L/RrhD9ERDj73zUw4d7WxTALF+x+gWqyn8UDevTD0yz3N9D
ApJDLL6vT/PFxUZiD6omKoyr/IoMAdmjiIVM4E0sYboUKtjqSPJ50B+oU2qJcz1e
QMMXW3iU1ZXzAJt1MelUIO7MxIE0xmnbW0n0LZw0hRmGMhB+Ihirp8Ude1Avp7v7
t5WzTfiSq0XiiEwY7E2mXFNhyE6vY2AjPFJo5dWm1aY2Eoo=
-----END CERTIFICATE-----