Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/jJxTZKd8ZsZBCxSo9nJuTu9hpLA.roa
File:                     jJxTZKd8ZsZBCxSo9nJuTu9hpLA.roa (raw, json)
Hash identifier:          fTEGDhlV4dyTW/fAEKVUVzseX2Qb7OZIWXgijIdW81w=
Subject key identifier:   8C:9C:53:64:A7:7C:66:C6:41:0B:14:A8:F6:72:6E:4E:EF:61:A4:B0
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       018CC793EB9802388A18F47EEC4C9BEEF128
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/jJxTZKd8ZsZBCxSo9nJuTu9hpLA.roa
Signing time:             Tue 02 Jan 2024 00:30:09 +0000
ROA not before:           Tue 02 Jan 2024 00:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16418
IP address blocks:        185.8.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:eb:98:02:38:8a:18:f4:7e:ec:4c:9b:ee:f1:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Jan  2 00:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c9c5364a77c66c6410b14a8f6726e4eef61a4b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:da:9f:3e:4d:38:81:8c:45:64:97:52:65:2c:
                    65:ca:15:53:45:06:49:51:6c:1a:27:a8:ab:28:62:
                    8b:88:57:a0:0f:6b:c8:fe:04:ed:ff:c0:f9:9b:57:
                    34:14:2f:2c:bf:87:f8:01:45:69:dc:6e:e8:90:7b:
                    33:1d:37:11:ae:68:e4:65:ab:96:31:d3:5d:b4:47:
                    a0:54:70:21:c5:57:58:d9:c6:fa:04:8d:9a:22:d7:
                    9b:e4:df:48:f5:3c:24:e6:e5:33:0c:87:be:6d:4d:
                    b2:fc:2c:da:af:23:8f:dc:ff:2d:d5:6c:24:05:9f:
                    49:fb:9b:4e:34:05:10:9c:ec:6a:c3:6b:fb:b5:df:
                    23:a2:4d:24:6c:ed:7a:18:ee:f0:17:1d:fa:b9:fd:
                    60:17:e5:5a:33:29:32:47:6d:b2:61:28:0d:e5:bf:
                    56:9a:c9:d3:44:85:d7:6e:c9:89:44:9e:58:57:f8:
                    86:c4:d0:1b:19:13:c1:69:74:f7:1b:d7:1f:dd:3f:
                    b3:ff:1d:ce:ea:c5:1d:17:49:36:0c:2c:db:57:ec:
                    b5:11:26:1b:9d:72:9b:83:0a:d7:61:12:19:4e:6c:
                    02:38:d5:88:c5:09:25:5b:85:1c:03:f4:fa:14:70:
                    95:b5:7c:b0:d3:67:7d:f3:eb:49:5b:02:99:6e:15:
                    3d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:9C:53:64:A7:7C:66:C6:41:0B:14:A8:F6:72:6E:4E:EF:61:A4:B0
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/jJxTZKd8ZsZBCxSo9nJuTu9hpLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:1e:de:2f:b9:b1:f9:f3:a3:9b:9c:a5:46:b0:3b:f1:0d:c9:
         94:ca:5e:8d:a0:cf:b5:3e:20:da:da:c2:05:5e:e1:cb:e8:4e:
         95:e7:97:e7:33:17:85:86:69:bb:f3:d2:aa:5c:d9:46:0c:d0:
         e0:81:35:12:72:d5:43:cd:a9:81:f0:f5:d8:ae:32:09:e7:94:
         17:20:27:10:b0:8b:6b:a3:fe:1e:fd:cc:2e:88:45:15:f6:7e:
         8c:07:4b:9a:db:a2:a0:e8:23:3a:7e:49:30:54:38:3a:0c:da:
         66:aa:47:68:fd:ff:aa:aa:f3:7f:57:12:c5:2a:c1:3f:1a:ae:
         90:a8:2c:b0:e9:df:24:08:fa:57:a5:95:14:88:0d:98:88:b8:
         e9:51:b4:40:04:3a:86:6a:64:a4:ec:ed:86:cb:b8:dd:11:c4:
         b6:1e:9e:8b:12:83:86:83:98:88:8d:5b:07:3c:eb:b6:30:ae:
         22:ec:b9:a0:b2:7b:97:9c:0c:de:48:ea:90:d0:9b:5d:0f:13:
         b4:1b:7c:7e:6d:ed:c3:cc:0b:46:1f:2c:2d:84:58:cd:ea:93:
         1d:19:52:f6:26:de:65:79:97:bd:fa:2f:b6:1f:12:7a:cc:fa:
         c8:05:58:7a:aa:f5:d4:e5:dd:db:11:fe:70:09:7d:ab:fe:9c:
         19:f1:14:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk+uYAjiKGPR+7Eyb7vEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjQwMTAyMDAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzljNTM2NGE3N2M2NmM2NDEwYjE0YThmNjcyNmU0ZWVmNjFhNGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdqfPk04gYxFZJdSZSxlyhVTRQZJ
UWwaJ6irKGKLiFegD2vI/gTt/8D5m1c0FC8sv4f4AUVp3G7okHszHTcRrmjkZauW
MdNdtEegVHAhxVdY2cb6BI2aIteb5N9I9Twk5uUzDIe+bU2y/CzaryOP3P8t1Wwk
BZ9J+5tONAUQnOxqw2v7td8jok0kbO16GO7wFx36uf1gF+VaMykyR22yYSgN5b9W
msnTRIXXbsmJRJ5YV/iGxNAbGRPBaXT3G9cf3T+z/x3O6sUdF0k2DCzbV+y1ESYb
nXKbgwrXYRIZTmwCONWIxQklW4UcA/T6FHCVtXyw02d98+tJWwKZbhU91wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIycU2SnfGbGQQsUqPZybk7vYaSwMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvakp4VFpLZDhac1pCQ3hTbzluSnVUdTlocExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQiGMA0G
CSqGSIb3DQEBCwUAA4IBAQBGHt4vubH586ObnKVGsDvxDcmUyl6NoM+1PiDa2sIF
XuHL6E6V55fnMxeFhmm789KqXNlGDNDggTUSctVDzamB8PXYrjIJ55QXICcQsItr
o/4e/cwuiEUV9n6MB0ua26Kg6CM6fkkwVDg6DNpmqkdo/f+qqvN/VxLFKsE/Gq6Q
qCyw6d8kCPpXpZUUiA2YiLjpUbRABDqGamSk7O2Gy7jdEcS2Hp6LEoOGg5iIjVsH
POu2MK4i7LmgsnuXnAzeSOqQ0JtdDxO0G3x+be3DzAtGHywthFjN6pMdGVL2Jt5l
eZe9+i+2HxJ6zPrIBVh6qvXU5d3bEf5wCX2r/pwZ8RQv
-----END CERTIFICATE-----