Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/J_7CisBsxFvukTyjGuLf0zwovHY.roa
File:                     J_7CisBsxFvukTyjGuLf0zwovHY.roa (raw, json)
Hash identifier:          5XDDjezIMsB0jeSCTXALeP4P2lmNj02vG9o5qGJ6BGs=
Subject key identifier:   27:FE:C2:8A:C0:6C:C4:5B:EE:91:3C:A3:1A:E2:DF:D3:3C:28:BC:76
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018F3FA34A1A10FB5214E5EDB6D7662F09E6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/J_7CisBsxFvukTyjGuLf0zwovHY.roa
Signing time:             Fri 03 May 2024 18:06:56 +0000
ROA not before:           Fri 03 May 2024 18:06:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     286
IP address blocks:        45.150.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3f:a3:4a:1a:10:fb:52:14:e5:ed:b6:d7:66:2f:09:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: May  3 18:06:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27fec28ac06cc45bee913ca31ae2dfd33c28bc76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:87:47:09:88:06:23:14:b6:1f:ab:8d:8b:35:
                    38:26:cd:d6:e1:5e:f3:ab:1f:e0:3e:74:7e:cf:1d:
                    cf:23:9b:76:c6:0f:6c:15:97:90:65:8c:cb:3e:45:
                    c2:05:9d:4f:03:9d:2c:eb:71:0c:ec:a1:e1:65:45:
                    85:28:bc:4c:3a:2c:f0:82:ad:de:c7:bc:a4:41:2e:
                    31:98:8b:04:3c:05:80:fd:f5:56:ea:12:70:88:71:
                    96:d5:c8:e3:15:a8:5f:2d:10:fd:60:77:30:c2:65:
                    25:d3:0e:37:f1:d2:5f:60:31:df:05:67:21:97:66:
                    19:08:5a:19:81:e7:58:15:3f:69:5b:3d:61:ef:92:
                    78:19:76:5c:84:03:5f:42:20:91:2f:83:3f:d1:00:
                    b2:01:e2:4f:e0:dc:4c:d1:84:44:33:67:49:b6:9c:
                    15:6b:91:d1:d8:9e:58:1f:32:a4:2b:5d:58:19:59:
                    b9:67:73:68:73:b1:30:e4:39:c7:47:ab:e7:51:52:
                    d7:18:d1:ba:48:01:34:49:91:8e:83:6b:8c:cc:87:
                    7a:aa:f8:4b:48:da:f2:37:09:af:78:a3:fc:12:4b:
                    f7:f4:ee:df:9e:af:14:e8:8e:9f:33:d8:1a:3b:05:
                    ec:e8:b5:f1:d1:a1:63:34:d7:c1:7b:e3:d4:8e:d3:
                    9e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:FE:C2:8A:C0:6C:C4:5B:EE:91:3C:A3:1A:E2:DF:D3:3C:28:BC:76
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/J_7CisBsxFvukTyjGuLf0zwovHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:97:c5:d2:92:af:42:ab:73:94:9f:4c:a9:bc:ba:99:34:30:
         01:f3:7d:c8:9f:3c:c0:6e:b0:a0:b8:84:a2:ee:68:bc:c1:0a:
         ed:70:cc:a7:3d:7c:d5:35:0d:e2:5d:45:57:bd:b3:25:d5:22:
         b3:07:8e:e0:d8:fe:ba:ee:dc:06:5d:e4:6d:8f:f6:43:2b:3c:
         29:21:f2:05:5e:6d:8f:12:1f:5e:e8:6d:86:82:b2:fb:5d:26:
         16:8f:0f:75:63:1a:9e:07:bb:8a:18:22:f8:54:96:38:55:45:
         9b:4f:a4:ed:19:4a:1e:d2:0f:3e:b8:90:f6:49:10:5d:9a:5b:
         b8:f3:89:c8:1e:25:c0:26:94:dc:1a:bd:c5:c6:97:e1:4d:8c:
         82:1d:5c:2c:43:c8:7e:b3:e3:e6:8b:5b:f0:8b:bc:cf:2b:04:
         9f:05:d0:8c:a0:e6:19:fb:b4:18:0a:db:2f:4e:ba:a4:ed:ef:
         84:7b:c1:82:1f:4a:4e:45:59:c2:73:d3:22:8a:e5:d0:51:ff:
         f4:0f:24:c4:ce:c4:d0:f7:5d:c4:8a:7f:61:f2:66:d1:b3:e5:
         5f:1c:a0:cc:49:d6:56:0e:c8:9a:10:f8:e7:76:8f:13:49:dc:
         da:4f:77:db:36:06:1f:de:2b:87:e6:c0:b7:ff:11:9d:f5:d7:
         f0:29:c5:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8/o0oaEPtSFOXtttdmLwnmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNTAzMTgwNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2ZlYzI4YWMwNmNjNDViZWU5MTNjYTMxYWUyZGZkMzNjMjhiYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YdHCYgGIxS2H6uNizU4Js3W4V7z
qx/gPnR+zx3PI5t2xg9sFZeQZYzLPkXCBZ1PA50s63EM7KHhZUWFKLxMOizwgq3e
x7ykQS4xmIsEPAWA/fVW6hJwiHGW1cjjFahfLRD9YHcwwmUl0w438dJfYDHfBWch
l2YZCFoZgedYFT9pWz1h75J4GXZchANfQiCRL4M/0QCyAeJP4NxM0YREM2dJtpwV
a5HR2J5YHzKkK11YGVm5Z3Noc7Ew5DnHR6vnUVLXGNG6SAE0SZGOg2uMzId6qvhL
SNryNwmveKP8Ekv39O7fnq8U6I6fM9gaOwXs6LXx0aFjNNfBe+PUjtOexwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf+worAbMRb7pE8oxri39M8KLx2MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvSl83Q2lzQnN4RnZ1a1R5akd1TGYwendvdkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZYsMA0G
CSqGSIb3DQEBCwUAA4IBAQBfl8XSkq9Cq3OUn0ypvLqZNDAB833InzzAbrCguISi
7mi8wQrtcMynPXzVNQ3iXUVXvbMl1SKzB47g2P667twGXeRtj/ZDKzwpIfIFXm2P
Eh9e6G2GgrL7XSYWjw91YxqeB7uKGCL4VJY4VUWbT6TtGUoe0g8+uJD2SRBdmlu4
84nIHiXAJpTcGr3FxpfhTYyCHVwsQ8h+s+Pmi1vwi7zPKwSfBdCMoOYZ+7QYCtsv
Trqk7e+Ee8GCH0pORVnCc9MiiuXQUf/0DyTEzsTQ913Ein9h8mbRs+VfHKDMSdZW
DsiaEPjndo8TSdzaT3fbNgYf3iuH5sC3/xGd9dfwKcUq
-----END CERTIFICATE-----