Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/b8jmEnaSmfq_jlql26UCwv4_Eo8.roa
File:                     b8jmEnaSmfq_jlql26UCwv4_Eo8.roa (raw, json)
Hash identifier:          C7UtUVIKZVqILv8aogmt+1yVkiZ2Nr+nzPday5zWfKI=
Subject key identifier:   6F:C8:E6:12:76:92:99:FA:BF:8E:5A:A5:DB:A5:02:C2:FE:3F:12:8F
Certificate issuer:       /CN=5f7da568ad027b9e249c13e223d322769881a29f
Certificate serial:       018CC493217720B84A6DC419F63E75BE04B9
Authority key identifier: 5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/b8jmEnaSmfq_jlql26UCwv4_Eo8.roa
Signing time:             Mon 01 Jan 2024 10:30:25 +0000
ROA not before:           Mon 01 Jan 2024 10:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42945
IP address blocks:        185.192.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:21:77:20:b8:4a:6d:c4:19:f6:3e:75:be:04:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f7da568ad027b9e249c13e223d322769881a29f
        Validity
            Not Before: Jan  1 10:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fc8e612769299fabf8e5aa5dba502c2fe3f128f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a5:67:1c:53:71:39:0b:58:21:e5:ea:5f:e9:
                    0f:86:01:0d:53:d3:82:c8:dd:23:c9:10:82:0d:d3:
                    1a:7e:1e:b4:5e:4d:79:7f:82:a1:e3:2f:0a:26:94:
                    4e:77:57:66:46:7e:ae:ea:5c:a4:db:35:41:5a:3b:
                    8d:f5:68:d3:bd:aa:cb:63:1b:08:08:26:5b:32:f0:
                    f4:9a:2e:91:89:34:14:06:e0:dd:09:7b:82:c4:d3:
                    7e:80:d5:d2:ca:50:ae:59:aa:f8:ca:9e:0b:2d:4b:
                    8b:d5:2a:66:3e:cd:1f:89:c4:0a:34:f9:85:92:fc:
                    01:e5:16:9f:6f:bd:78:6f:87:30:ea:7c:62:92:8d:
                    0a:10:b5:80:1c:b9:9e:41:7a:d7:40:a1:f5:bb:d4:
                    ef:2b:3e:77:4e:1b:e6:53:28:ef:9c:54:29:f4:2c:
                    bd:87:cc:06:ae:0a:12:eb:25:2f:0c:7d:db:85:f0:
                    44:a4:a5:51:6d:c7:ca:6f:36:2a:5d:f4:1b:de:df:
                    a4:f0:da:dd:cf:e6:be:f5:ac:6f:47:0c:21:f7:9e:
                    d8:7d:9d:ba:af:19:af:39:6d:8f:b3:9b:cb:ec:48:
                    f3:3a:8d:41:38:4e:48:6b:8b:79:94:89:a6:1e:a2:
                    1b:36:4f:3a:b0:87:09:86:20:a9:c9:50:d5:76:ab:
                    97:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C8:E6:12:76:92:99:FA:BF:8E:5A:A5:DB:A5:02:C2:FE:3F:12:8F
            X509v3 Authority Key Identifier:
                keyid:5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/b8jmEnaSmfq_jlql26UCwv4_Eo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:44:48:c9:cc:84:25:ba:69:45:ee:c9:59:c4:39:1e:bd:3a:
         16:2a:0e:01:70:3f:0b:6b:ea:79:08:2d:f4:53:3e:26:bf:40:
         90:f2:53:12:12:8f:c0:ca:81:a3:9b:97:91:56:03:2c:fb:d1:
         df:3f:f8:d4:c7:c6:eb:e6:f9:5d:6c:47:79:bd:ce:e2:74:84:
         97:88:02:37:99:f0:9a:de:91:71:22:0e:f4:2e:f8:1f:41:8c:
         06:37:4b:ed:de:d4:4e:c9:56:78:82:15:d9:0b:54:69:7d:2a:
         da:f2:df:d7:e8:42:b8:d9:d7:02:da:9d:44:0f:40:f2:f7:3f:
         cd:56:fb:0e:d5:43:e6:25:fa:2f:e7:23:49:54:c8:5f:63:18:
         51:27:3e:13:3f:0b:f7:8a:01:45:2e:c8:8d:2c:50:4d:a3:ce:
         61:3f:42:29:6b:4a:ea:cb:84:12:80:18:d7:bd:52:80:09:0a:
         6b:7a:bb:1f:4a:f6:ad:17:52:62:3f:5d:53:a2:a4:fd:07:82:
         cb:a7:60:fd:8a:bc:e9:34:41:68:93:ce:14:6d:52:62:3b:4a:
         86:e1:16:71:cf:8f:3a:c6:db:9f:0b:53:7d:48:48:4e:03:90:
         d7:1b:a6:ae:cd:70:65:a5:cf:6a:98:dd:e1:af:9f:16:21:2e:
         7f:3e:2e:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkyF3ILhKbcQZ9j51vgS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2RhNTY4YWQwMjdiOWUyNDljMTNlMjIzZDMyMjc2OTg4
MWEyOWYwHhcNMjQwMTAxMTAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmM4ZTYxMjc2OTI5OWZhYmY4ZTVhYTVkYmE1MDJjMmZlM2YxMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaVnHFNxOQtYIeXqX+kPhgENU9OC
yN0jyRCCDdMafh60Xk15f4Kh4y8KJpROd1dmRn6u6lyk2zVBWjuN9WjTvarLYxsI
CCZbMvD0mi6RiTQUBuDdCXuCxNN+gNXSylCuWar4yp4LLUuL1SpmPs0ficQKNPmF
kvwB5Rafb714b4cw6nxiko0KELWAHLmeQXrXQKH1u9TvKz53ThvmUyjvnFQp9Cy9
h8wGrgoS6yUvDH3bhfBEpKVRbcfKbzYqXfQb3t+k8Nrdz+a+9axvRwwh957YfZ26
rxmvOW2Ps5vL7EjzOo1BOE5Ia4t5lImmHqIbNk86sIcJhiCpyVDVdquXPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/I5hJ2kpn6v45apdulAsL+PxKPMB8GA1UdIwQY
MBaAFF99pWitAnueJJwT4iPTInaYgaKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUt
Mzc1NzUzOWMyYWM5LzEvYjhqbUVuYVNtZnFfamxxbDI2VUN3djRfRW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUtMzc1NzUzOWMyYWM5
LzEvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucBkMA0G
CSqGSIb3DQEBCwUAA4IBAQCSREjJzIQlumlF7slZxDkevToWKg4BcD8La+p5CC30
Uz4mv0CQ8lMSEo/AyoGjm5eRVgMs+9HfP/jUx8br5vldbEd5vc7idISXiAI3mfCa
3pFxIg70LvgfQYwGN0vt3tROyVZ4ghXZC1RpfSra8t/X6EK42dcC2p1ED0Dy9z/N
VvsO1UPmJfov5yNJVMhfYxhRJz4TPwv3igFFLsiNLFBNo85hP0Ipa0rqy4QSgBjX
vVKACQprersfSvatF1JiP11ToqT9B4LLp2D9irzpNEFok84UbVJiO0qG4RZxz486
xtufC1N9SEhOA5DXG6auzXBlpc9qmN3hr58WIS5/Pi5Z
-----END CERTIFICATE-----