Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/jV5ladtUPDeFBCCsHqJ9AmUUWdQ.roa
File:                     jV5ladtUPDeFBCCsHqJ9AmUUWdQ.roa (raw, json)
Hash identifier:          xpl9ETeyqtsAxPKHVFkJHgKIa7dXAKaq/KbJdpUXrsI=
Subject key identifier:   8D:5E:65:69:DB:54:3C:37:85:04:20:AC:1E:A2:7D:02:65:14:59:D4
Certificate issuer:       /CN=6f0b366a136f8fcc5df523c8d46f790791c1b3bb
Certificate serial:       018CC26D6D9E8BEFACF32B90D33C463E2A05
Authority key identifier: 6F:0B:36:6A:13:6F:8F:CC:5D:F5:23:C8:D4:6F:79:07:91:C1:B3:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bws2ahNvj8xd9SPI1G95B5HBs7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/jV5ladtUPDeFBCCsHqJ9AmUUWdQ.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59723
IP address blocks:        185.191.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/bws2ahNvj8xd9SPI1G95B5HBs7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/bws2ahNvj8xd9SPI1G95B5HBs7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bws2ahNvj8xd9SPI1G95B5HBs7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6d:9e:8b:ef:ac:f3:2b:90:d3:3c:46:3e:2a:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b366a136f8fcc5df523c8d46f790791c1b3bb
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d5e6569db543c37850420ac1ea27d02651459d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:72:76:fc:d6:c0:db:81:31:e8:57:7e:d8:26:
                    f6:4b:ed:4f:ed:6c:8c:06:f7:cf:c0:b6:47:5c:28:
                    c7:80:17:4f:84:b0:b1:02:0f:cf:a7:95:da:3b:c4:
                    89:4a:af:05:3c:e0:bc:70:16:20:7e:fe:f5:31:e1:
                    ab:9c:92:4e:e8:94:85:31:db:e3:a9:7b:bc:63:a6:
                    9d:d3:a6:4b:1f:40:91:04:6c:ef:12:bc:23:2d:6d:
                    a3:d3:d5:9c:90:de:74:a8:60:cc:9a:ff:d7:30:33:
                    51:62:b7:21:22:98:2a:78:e6:65:59:64:9c:46:e4:
                    a9:72:cf:39:a9:0d:cb:e2:c3:61:db:0e:98:fe:90:
                    b4:6a:a8:d0:3d:4a:b8:72:1d:1f:0b:dc:6f:7d:b6:
                    0a:ad:e3:fb:56:6b:eb:81:20:ed:49:90:9c:bf:ba:
                    df:e2:ea:1b:62:52:7f:24:0f:0f:0f:57:5e:f8:57:
                    b2:ba:5d:8d:e3:a5:d8:f5:ad:9b:68:db:8c:fb:38:
                    bf:c3:ab:41:ce:be:c1:57:2b:a7:86:e9:2c:f6:52:
                    54:98:a6:ca:03:59:ff:99:0c:17:39:87:60:c9:d3:
                    a1:89:7c:87:53:1b:56:44:d4:a4:96:f5:87:b9:72:
                    d1:dc:ff:6b:5d:d2:87:00:6f:42:60:c5:58:92:c3:
                    41:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5E:65:69:DB:54:3C:37:85:04:20:AC:1E:A2:7D:02:65:14:59:D4
            X509v3 Authority Key Identifier:
                keyid:6F:0B:36:6A:13:6F:8F:CC:5D:F5:23:C8:D4:6F:79:07:91:C1:B3:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bws2ahNvj8xd9SPI1G95B5HBs7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/jV5ladtUPDeFBCCsHqJ9AmUUWdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/bws2ahNvj8xd9SPI1G95B5HBs7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e9:90:0d:41:d9:9b:70:92:40:23:5c:8f:3d:bd:59:c8:b6:11:
         fe:09:7f:bc:5a:f2:4d:3c:68:1a:f3:fc:a2:20:81:00:f1:21:
         7f:b4:13:0a:e6:17:fa:95:a9:4a:a3:29:f9:08:e8:4c:f8:a9:
         81:17:41:97:88:b8:f1:49:14:11:83:95:6f:09:cc:4e:aa:b1:
         f3:79:b1:49:d0:08:ee:a1:ad:52:f0:b6:84:0e:d7:1e:a2:55:
         29:a9:d1:92:84:a4:a2:20:15:1a:ec:03:9b:82:43:59:37:01:
         15:b9:ba:ff:dd:d4:e6:5b:20:cb:b5:76:56:48:9c:0b:83:69:
         2d:dd:d9:f4:5d:26:6f:92:62:35:0d:a0:a0:c2:ed:ef:6e:8b:
         6e:94:0a:88:4b:a8:e7:9b:36:bf:4a:ac:e7:10:ea:1f:cf:7b:
         26:49:7f:2a:04:62:04:af:4a:fd:33:9b:90:48:13:0c:e4:f7:
         bc:4d:b5:26:3f:d2:eb:7f:20:b2:20:03:53:73:a2:51:95:b6:
         3a:f4:54:2c:56:9a:6d:ed:07:6a:7a:97:b5:78:ca:f0:fb:6d:
         19:e1:16:5c:cc:2b:09:12:9c:2e:2c:5c:79:26:f0:dc:ec:0a:
         ef:bd:96:f8:e5:62:24:7e:33:39:9c:37:d9:05:bc:12:54:00:
         76:1f:21:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbW2ei++s8yuQ0zxGPioFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIzNjZhMTM2ZjhmY2M1ZGY1MjNjOGQ0NmY3OTA3OTFj
MWIzYmIwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVlNjU2OWRiNTQzYzM3ODUwNDIwYWMxZWEyN2QwMjY1MTQ1OWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXJ2/NbA24Ex6Fd+2Cb2S+1P7WyM
BvfPwLZHXCjHgBdPhLCxAg/Pp5XaO8SJSq8FPOC8cBYgfv71MeGrnJJO6JSFMdvj
qXu8Y6ad06ZLH0CRBGzvErwjLW2j09WckN50qGDMmv/XMDNRYrchIpgqeOZlWWSc
RuSpcs85qQ3L4sNh2w6Y/pC0aqjQPUq4ch0fC9xvfbYKreP7VmvrgSDtSZCcv7rf
4uobYlJ/JA8PD1de+Feyul2N46XY9a2baNuM+zi/w6tBzr7BVyunhuks9lJUmKbK
A1n/mQwXOYdgydOhiXyHUxtWRNSklvWHuXLR3P9rXdKHAG9CYMVYksNBPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1eZWnbVDw3hQQgrB6ifQJlFFnUMB8GA1UdIwQY
MBaAFG8LNmoTb4/MXfUjyNRveQeRwbO7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzMmFoTnZqOHhkOVNQSTFHOTVCNUhCczdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kMjNkZGUtZTI0Zi00MjU4LWE3Y2Ut
ZWVmNmMyZjQ1MTc2LzEvalY1bGFkdFVQRGVGQkNDc0hxSjlBbVVVV2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kMjNkZGUtZTI0Zi00MjU4LWE3Y2UtZWVmNmMyZjQ1MTc2
LzEvYndzMmFoTnZqOHhkOVNQSTFHOTVCNUhCczdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub9YMA0G
CSqGSIb3DQEBCwUAA4IBAQDpkA1B2ZtwkkAjXI89vVnIthH+CX+8WvJNPGga8/yi
IIEA8SF/tBMK5hf6lalKoyn5COhM+KmBF0GXiLjxSRQRg5VvCcxOqrHzebFJ0Aju
oa1S8LaEDtceolUpqdGShKSiIBUa7AObgkNZNwEVubr/3dTmWyDLtXZWSJwLg2kt
3dn0XSZvkmI1DaCgwu3vbotulAqIS6jnmza/SqznEOofz3smSX8qBGIEr0r9M5uQ
SBMM5Pe8TbUmP9LrfyCyIANTc6JRlbY69FQsVppt7Qdqepe1eMrw+20Z4RZczCsJ
EpwuLFx5JvDc7ArvvZb45WIkfjM5nDfZBbwSVAB2HyG1
-----END CERTIFICATE-----