Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/JrWJFn4eLBO6KH3UjZcBsRTwAv4.roa
File:                     JrWJFn4eLBO6KH3UjZcBsRTwAv4.roa (raw, json)
Hash identifier:          AHQWQYRiHl0+R/sSDmd2BU0VIGeAhIuPQ38AMocoTR0=
Subject key identifier:   26:B5:89:16:7E:1E:2C:13:BA:28:7D:D4:8D:97:01:B1:14:F0:02:FE
Certificate issuer:       /CN=887a5f0486b18a2448f2358a2746c1abd9fb2e5e
Certificate serial:       018CC56ECDEF194F52FB8EC5B363885178A1
Authority key identifier: 88:7A:5F:04:86:B1:8A:24:48:F2:35:8A:27:46:C1:AB:D9:FB:2E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/JrWJFn4eLBO6KH3UjZcBsRTwAv4.roa
Signing time:             Mon 01 Jan 2024 14:30:22 +0000
ROA not before:           Mon 01 Jan 2024 14:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35393
IP address blocks:        185.88.68.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:cd:ef:19:4f:52:fb:8e:c5:b3:63:88:51:78:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=887a5f0486b18a2448f2358a2746c1abd9fb2e5e
        Validity
            Not Before: Jan  1 14:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26b589167e1e2c13ba287dd48d9701b114f002fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d4:d5:57:b0:bd:9d:55:b4:09:1a:36:fa:11:
                    06:09:e4:36:14:e3:76:ea:3a:af:16:0f:98:0c:1f:
                    dc:6d:b9:83:c2:8a:8f:e5:01:b7:e3:e4:5c:eb:c7:
                    c5:0a:51:d5:cc:9e:1c:d8:c4:a8:51:b0:72:4c:57:
                    d7:e5:7d:78:35:0d:7e:88:1e:08:11:ec:c7:91:2c:
                    a4:c0:a2:cd:5f:da:bf:8f:a7:76:82:48:c8:d8:e7:
                    8f:91:84:c5:1a:dd:2b:92:72:ce:56:41:7f:2a:c8:
                    a0:19:c4:58:a7:15:a5:63:74:ad:9f:e6:56:e5:26:
                    01:cc:7a:62:db:4e:46:2f:69:27:d9:f0:db:de:51:
                    87:79:5e:ab:78:b0:a1:55:86:0c:f3:81:8a:c2:a7:
                    cc:44:b1:4a:3d:12:5c:87:19:e6:39:e5:77:94:ea:
                    47:20:16:d6:e8:0f:d2:42:f3:ac:dd:5d:46:fb:b7:
                    91:b5:b1:75:f5:5c:b7:75:e0:44:80:ee:00:0d:05:
                    8b:9c:28:6a:8b:1d:bf:17:32:4e:23:28:a6:b6:86:
                    0b:04:1d:b1:b4:d7:0d:9f:2e:6b:c9:d2:96:0c:99:
                    f9:37:46:67:d0:f7:fe:fc:ec:c4:7d:73:6a:e3:85:
                    e9:0f:0c:75:a9:43:08:f1:9f:fb:2b:8f:bc:9b:10:
                    a6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B5:89:16:7E:1E:2C:13:BA:28:7D:D4:8D:97:01:B1:14:F0:02:FE
            X509v3 Authority Key Identifier:
                keyid:88:7A:5F:04:86:B1:8A:24:48:F2:35:8A:27:46:C1:AB:D9:FB:2E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/JrWJFn4eLBO6KH3UjZcBsRTwAv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:e1:39:01:98:fb:91:15:50:e7:d7:22:18:bf:05:53:01:ce:
         87:03:a0:29:9a:95:8a:54:4a:77:27:1a:e2:76:aa:6e:70:11:
         39:66:9d:7e:f7:da:e4:63:85:0d:f5:da:2a:39:43:8f:90:fd:
         15:ee:5f:6c:45:e0:33:21:b0:08:02:12:b4:dc:c2:43:57:e4:
         87:f4:21:e0:28:e5:2b:26:87:6d:95:00:4a:9d:05:b8:15:13:
         66:78:d7:7d:8c:0a:48:8b:45:1c:83:d3:4a:6b:09:f9:24:45:
         dc:bd:fd:cc:af:a9:3a:54:99:05:c1:7b:cc:b6:07:85:15:c7:
         4d:d6:dd:71:c8:28:9c:df:77:29:4d:64:39:dd:5f:d9:ff:08:
         ef:0a:4e:63:9d:45:59:cd:d8:00:16:47:fe:8a:0d:8f:39:86:
         46:00:2d:bd:a2:03:21:37:62:04:46:00:38:e6:b3:db:e7:37:
         ea:2f:b9:76:65:47:6f:8c:55:e0:5a:eb:09:e5:91:81:85:83:
         ab:82:8f:10:81:84:71:cf:45:58:64:0f:f2:b9:0f:96:88:ec:
         11:17:75:aa:00:e1:96:64:73:07:b3:22:e3:a4:f7:c4:4a:75:
         3a:3a:0a:12:71:15:28:82:db:06:0d:60:89:48:0b:ae:79:7b:
         a1:d0:10:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbs3vGU9S+47Fs2OIUXihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4N2E1ZjA0ODZiMThhMjQ0OGYyMzU4YTI3NDZjMWFiZDlm
YjJlNWUwHhcNMjQwMTAxMTQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmI1ODkxNjdlMWUyYzEzYmEyODdkZDQ4ZDk3MDFiMTE0ZjAwMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtTVV7C9nVW0CRo2+hEGCeQ2FON2
6jqvFg+YDB/cbbmDwoqP5QG34+Rc68fFClHVzJ4c2MSoUbByTFfX5X14NQ1+iB4I
EezHkSykwKLNX9q/j6d2gkjI2OePkYTFGt0rknLOVkF/KsigGcRYpxWlY3Stn+ZW
5SYBzHpi205GL2kn2fDb3lGHeV6reLChVYYM84GKwqfMRLFKPRJchxnmOeV3lOpH
IBbW6A/SQvOs3V1G+7eRtbF19Vy3deBEgO4ADQWLnChqix2/FzJOIyimtoYLBB2x
tNcNny5rydKWDJn5N0Zn0Pf+/OzEfXNq44XpDwx1qUMI8Z/7K4+8mxCmRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCa1iRZ+HiwTuih91I2XAbEU8AL+MB8GA1UdIwQY
MBaAFIh6XwSGsYokSPI1iidGwavZ+y5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUhwZkJJYXhpaVJJOGpXS0owYkJxOW43TGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yOGMzZDEtOGE5MC00MDY4LWJiMjct
MzNhYmM1M2MwZTc5LzEvSnJXSkZuNGVMQk82S0gzVWpaY0JzUlR3QXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yOGMzZDEtOGE5MC00MDY4LWJiMjctMzNhYmM1M2MwZTc5
LzEvaUhwZkJJYXhpaVJJOGpXS0owYkJxOW43TGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVhEMA0G
CSqGSIb3DQEBCwUAA4IBAQCP4TkBmPuRFVDn1yIYvwVTAc6HA6ApmpWKVEp3Jxri
dqpucBE5Zp1+99rkY4UN9doqOUOPkP0V7l9sReAzIbAIAhK03MJDV+SH9CHgKOUr
JodtlQBKnQW4FRNmeNd9jApIi0Ucg9NKawn5JEXcvf3Mr6k6VJkFwXvMtgeFFcdN
1t1xyCic33cpTWQ53V/Z/wjvCk5jnUVZzdgAFkf+ig2POYZGAC29ogMhN2IERgA4
5rPb5zfqL7l2ZUdvjFXgWusJ5ZGBhYOrgo8QgYRxz0VYZA/yuQ+WiOwRF3WqAOGW
ZHMHsyLjpPfESnU6OgoScRUogtsGDWCJSAuueXuh0BCf
-----END CERTIFICATE-----