Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/jeUKii257YZF57HIrTDkL6RoqJA.roa
File:                     jeUKii257YZF57HIrTDkL6RoqJA.roa (raw, json)
Hash identifier:          RnUdIWpXDSDrAIOEct0tNm6OdQUAnwaGfcv0qKnoT88=
Subject key identifier:   8D:E5:0A:8A:2D:B9:ED:86:45:E7:B1:C8:AD:30:E4:2F:A4:68:A8:90
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC7949ED33AEFB26E5C66391F403CAF7A
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/jeUKii257YZF57HIrTDkL6RoqJA.roa
Signing time:             Tue 02 Jan 2024 00:30:55 +0000
ROA not before:           Tue 02 Jan 2024 00:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28886
IP address blocks:        176.103.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:9e:d3:3a:ef:b2:6e:5c:66:39:1f:40:3c:af:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8de50a8a2db9ed8645e7b1c8ad30e42fa468a890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c7:ad:e7:ee:f3:44:03:de:f6:55:16:35:6f:
                    cb:54:2d:55:ee:8a:cd:71:94:c1:7b:f9:76:a9:58:
                    bb:ea:3d:35:0a:b7:7b:92:b4:02:2c:ce:9d:c0:75:
                    a3:a1:5a:f0:af:cd:1b:08:99:04:41:15:0d:ea:89:
                    cb:ab:ae:33:b9:6a:59:e3:58:9e:73:11:7e:4f:d1:
                    4e:4d:b2:cc:b3:77:98:d3:32:44:60:d9:78:89:42:
                    3d:1c:55:a5:fe:25:39:77:f7:c5:26:c2:57:be:70:
                    0f:e8:18:95:b3:ce:9a:43:37:8e:c8:9d:5d:ad:da:
                    81:25:57:6f:79:03:4e:e6:e8:0d:e9:ab:1d:92:bd:
                    0b:4b:a7:77:15:3c:3f:ba:18:8b:b5:59:59:dd:4a:
                    73:97:5a:95:39:02:d4:e0:18:3b:fa:67:b0:14:99:
                    09:34:b8:f2:9d:1c:59:97:14:6a:7b:f3:ee:ab:45:
                    62:50:bc:f0:23:42:19:60:d4:f6:0c:30:a2:16:ac:
                    3e:11:a8:a5:7a:2b:a0:a0:1b:b3:f9:d3:bc:9e:34:
                    70:91:f4:fc:4c:de:f1:c5:84:9b:8d:45:5e:2c:3f:
                    b5:7d:62:a6:99:df:a6:1e:56:41:66:ab:61:c4:1a:
                    37:a4:3a:6e:b2:d6:e3:32:ec:00:70:12:5b:a1:e8:
                    b5:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E5:0A:8A:2D:B9:ED:86:45:E7:B1:C8:AD:30:E4:2F:A4:68:A8:90
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/jeUKii257YZF57HIrTDkL6RoqJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:fd:ab:60:91:b3:a9:19:ca:33:aa:7d:c0:79:9a:6c:c7:ce:
         ec:6f:24:1e:12:85:fa:22:e6:37:2a:23:e4:fa:e0:eb:1d:c2:
         14:40:8e:ec:1f:64:02:10:31:d8:ca:2d:33:8f:1b:81:58:e1:
         ae:81:a5:52:62:1c:ca:c9:3f:70:fa:81:21:ae:8f:26:5a:50:
         68:df:a2:13:1c:d5:89:26:2b:a8:8b:bc:5f:9d:a3:c8:c2:60:
         9f:72:78:2b:49:b0:c7:7a:af:68:86:2f:33:6d:52:ea:4d:57:
         08:0d:88:ea:83:81:6c:9d:36:d7:71:0b:8c:68:fd:99:c7:1b:
         cb:fa:fe:eb:61:ee:17:e9:c2:90:fa:c5:30:31:a4:42:c4:5d:
         e4:b7:c9:2d:c8:bf:17:93:30:5c:d7:23:88:b7:04:d1:90:bf:
         f9:59:ca:05:bb:5d:29:31:0d:e9:aa:74:df:f1:7f:cb:97:3f:
         70:6e:6a:36:2e:ca:8e:3c:a7:fd:f8:99:83:1c:2f:4f:0c:6e:
         9d:76:13:c9:72:58:22:01:af:dd:d2:67:14:d7:94:cc:18:8f:
         cf:13:e5:a6:24:90:2c:1f:ab:28:3f:7b:2e:db:20:03:a0:d5:
         a9:f8:a5:cf:f2:f7:33:47:b8:b4:47:c4:48:e4:78:02:62:dc:
         6d:3e:12:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlJ7TOu+yblxmOR9APK96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGU1MGE4YTJkYjllZDg2NDVlN2IxYzhhZDMwZTQyZmE0NjhhODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMet5+7zRAPe9lUWNW/LVC1V7orN
cZTBe/l2qVi76j01Crd7krQCLM6dwHWjoVrwr80bCJkEQRUN6onLq64zuWpZ41ie
cxF+T9FOTbLMs3eY0zJEYNl4iUI9HFWl/iU5d/fFJsJXvnAP6BiVs86aQzeOyJ1d
rdqBJVdveQNO5ugN6asdkr0LS6d3FTw/uhiLtVlZ3Upzl1qVOQLU4Bg7+mewFJkJ
NLjynRxZlxRqe/Puq0ViULzwI0IZYNT2DDCiFqw+EaileiugoBuz+dO8njRwkfT8
TN7xxYSbjUVeLD+1fWKmmd+mHlZBZqthxBo3pDpustbjMuwAcBJboei1MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3lCootue2GReexyK0w5C+kaKiQMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvamVVS2lpMjU3WVpGNTdISXJURGtMNlJvcUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGe4MA0G
CSqGSIb3DQEBCwUAA4IBAQBV/atgkbOpGcozqn3AeZpsx87sbyQeEoX6IuY3KiPk
+uDrHcIUQI7sH2QCEDHYyi0zjxuBWOGugaVSYhzKyT9w+oEhro8mWlBo36ITHNWJ
Jiuoi7xfnaPIwmCfcngrSbDHeq9ohi8zbVLqTVcIDYjqg4FsnTbXcQuMaP2ZxxvL
+v7rYe4X6cKQ+sUwMaRCxF3kt8ktyL8XkzBc1yOItwTRkL/5WcoFu10pMQ3pqnTf
8X/Llz9wbmo2LsqOPKf9+JmDHC9PDG6ddhPJclgiAa/d0mcU15TMGI/PE+WmJJAs
H6soP3su2yADoNWp+KXP8vczR7i0R8RI5HgCYtxtPhKA
-----END CERTIFICATE-----