Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/jX2JlTW3XchnQbt8IttFMh24sAQ.roa
File:                     jX2JlTW3XchnQbt8IttFMh24sAQ.roa (raw, json)
Hash identifier:          75xNEjMhGOrrMY8PEWTGcgkAeyIY1rdxcVhmBgq3NS8=
Subject key identifier:   8D:7D:89:95:35:B7:5D:C8:67:41:BB:7C:22:DB:45:32:1D:B8:B0:04
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E069F75A0A1DBF185013AD7339116
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/jX2JlTW3XchnQbt8IttFMh24sAQ.roa
Signing time:             Tue 02 Jan 2024 08:33:03 +0000
ROA not before:           Tue 02 Jan 2024 08:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        85.204.78.0/24 maxlen: 24
                          93.113.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:06:9f:75:a0:a1:db:f1:85:01:3a:d7:33:91:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d7d899535b75dc86741bb7c22db45321db8b004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ee:ec:6a:43:73:2b:32:ff:ce:30:f4:cf:f7:
                    36:68:75:9e:73:7c:c2:45:d4:cf:a9:01:b0:e5:b3:
                    1f:86:92:54:fd:c5:f1:5d:2e:db:76:fc:bc:7c:a7:
                    ad:a4:ae:8f:84:0c:13:f9:e7:85:3b:04:ea:f8:46:
                    68:69:d9:90:c2:ea:54:af:7c:d3:55:00:ca:03:61:
                    07:7a:0f:14:16:b1:e4:aa:aa:4b:01:3b:b4:21:2d:
                    d8:29:73:67:4c:bc:28:5c:9d:85:39:13:c7:d8:6b:
                    59:51:bb:4f:e3:d0:f1:f3:40:77:aa:91:34:b1:2b:
                    bb:3a:ab:c7:a0:b8:ee:8f:a4:08:d7:1b:be:78:66:
                    66:3c:39:4b:e8:b3:9d:24:08:10:d1:f6:2a:44:8a:
                    a9:11:53:10:68:d6:1d:47:df:de:e9:ac:87:d2:c5:
                    0c:49:a5:32:47:cd:66:dd:76:cc:80:64:70:23:df:
                    28:6a:b2:54:5c:0d:aa:6e:68:cc:0d:f2:38:2e:02:
                    56:7c:28:63:45:3f:93:d8:eb:8f:5b:95:0e:c7:74:
                    b1:e8:fb:fb:40:92:c3:b4:e9:a8:4e:ba:21:2b:cd:
                    19:91:d0:ab:93:88:65:c7:f8:f2:81:ed:31:11:ea:
                    4f:35:47:19:b9:9c:c3:1b:c3:e3:70:d1:bd:5c:8d:
                    b3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:7D:89:95:35:B7:5D:C8:67:41:BB:7C:22:DB:45:32:1D:B8:B0:04
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/jX2JlTW3XchnQbt8IttFMh24sAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.78.0/24
                  93.113.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:b4:34:36:6c:ca:ee:f8:09:3d:b7:99:13:c3:90:25:1b:11:
         9c:33:dd:bc:45:c1:ac:b3:02:5c:89:c2:4a:8a:7c:46:8d:d8:
         fc:08:1c:4f:60:ab:83:12:9c:b1:84:d9:64:9b:de:b2:f7:bd:
         62:5e:6f:ae:ac:24:ae:60:52:3e:21:a4:d2:2e:98:4a:aa:f3:
         99:73:93:de:c1:85:9a:b3:8c:f3:fe:ae:64:e9:f7:24:dc:c8:
         8d:59:74:09:d9:35:63:9c:10:09:d1:ae:22:f1:ee:f7:c2:b9:
         a1:1c:b8:4c:e3:76:aa:74:55:07:66:77:7f:f3:a4:28:f7:a9:
         14:97:f9:13:7f:17:de:c2:66:68:82:4b:c0:07:54:50:f8:39:
         ee:df:ca:45:b7:be:c5:2c:07:e4:18:6a:6a:1a:51:30:22:72:
         06:0b:c1:f2:12:f4:d8:66:cd:6c:4c:f7:76:93:8a:26:d5:58:
         37:e4:2e:a3:fd:29:7e:0f:af:2f:4c:91:2a:e9:94:7e:b1:4a:
         9e:7f:38:8f:36:19:2d:6f:24:4e:f8:e5:53:14:f3:68:20:ad:
         4e:f6:92:55:37:48:00:b3:24:af:2e:55:5a:fa:70:1c:8a:12:
         ac:d5:c5:82:72:93:a4:50:ce:aa:3d:d3:1a:34:f5:77:0f:02:
         c3:65:78:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTgafdaCh2/GFATrXM5EWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDdkODk5NTM1Yjc1ZGM4Njc0MWJiN2MyMmRiNDUzMjFkYjhiMDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqe7sakNzKzL/zjD0z/c2aHWec3zC
RdTPqQGw5bMfhpJU/cXxXS7bdvy8fKetpK6PhAwT+eeFOwTq+EZoadmQwupUr3zT
VQDKA2EHeg8UFrHkqqpLATu0IS3YKXNnTLwoXJ2FORPH2GtZUbtP49Dx80B3qpE0
sSu7OqvHoLjuj6QI1xu+eGZmPDlL6LOdJAgQ0fYqRIqpEVMQaNYdR9/e6ayH0sUM
SaUyR81m3XbMgGRwI98oarJUXA2qbmjMDfI4LgJWfChjRT+T2OuPW5UOx3Sx6Pv7
QJLDtOmoTrohK80ZkdCrk4hlx/jyge0xEepPNUcZuZzDG8PjcNG9XI2zPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI19iZU1t13IZ0G7fCLbRTIduLAEMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvalgySmxUVzNYY2huUWJ0OEl0dEZNaDI0c0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcxOAwQA
XXHKMA0GCSqGSIb3DQEBCwUAA4IBAQDPtDQ2bMru+Ak9t5kTw5AlGxGcM928RcGs
swJcicJKinxGjdj8CBxPYKuDEpyxhNlkm96y971iXm+urCSuYFI+IaTSLphKqvOZ
c5PewYWas4zz/q5k6fck3MiNWXQJ2TVjnBAJ0a4i8e73wrmhHLhM43aqdFUHZnd/
86Qo96kUl/kTfxfewmZogkvAB1RQ+Dnu38pFt77FLAfkGGpqGlEwInIGC8HyEvTY
Zs1sTPd2k4om1Vg35C6j/Sl+D68vTJEq6ZR+sUqefziPNhktbyRO+OVTFPNoIK1O
9pJVN0gAsySvLlVa+nAcihKs1cWCcpOkUM6qPdMaNPV3DwLDZXhm
-----END CERTIFICATE-----