Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/38486c-9de3-44ef-ab29-58f3f37ccdd9/1/j7qFrFM4EvvpY7CC8WMOOnKfLeg.roa
File:                     j7qFrFM4EvvpY7CC8WMOOnKfLeg.roa (raw, json)
Hash identifier:          tQezG6Wp+kFbdeCShC5RSBQl68Oc+2kcdNSij4ddMSw=
Subject key identifier:   8F:BA:85:AC:53:38:12:FB:E9:63:B0:82:F1:63:0E:3A:72:9F:2D:E8
Certificate issuer:       /CN=a2cd4301b2895f1d98a850e589ce7c063c539f4d
Certificate serial:       018CC801757575AEBA877860E2AA872F4AA7
Authority key identifier: A2:CD:43:01:B2:89:5F:1D:98:A8:50:E5:89:CE:7C:06:3C:53:9F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/os1DAbKJXx2YqFDlic58BjxTn00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/38486c-9de3-44ef-ab29-58f3f37ccdd9/1/j7qFrFM4EvvpY7CC8WMOOnKfLeg.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50636
IP address blocks:        91.194.185.0/24 maxlen: 24
                          91.194.184.0/24 maxlen: 24
                          2001:67c:2940::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/38486c-9de3-44ef-ab29-58f3f37ccdd9/1/os1DAbKJXx2YqFDlic58BjxTn00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/38486c-9de3-44ef-ab29-58f3f37ccdd9/1/os1DAbKJXx2YqFDlic58BjxTn00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/os1DAbKJXx2YqFDlic58BjxTn00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:75:75:75:ae:ba:87:78:60:e2:aa:87:2f:4a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2cd4301b2895f1d98a850e589ce7c063c539f4d
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fba85ac533812fbe963b082f1630e3a729f2de8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d4:dc:77:c8:c9:d9:76:75:5a:91:55:5a:bb:
                    a9:da:72:ef:1a:a8:92:bc:ff:b1:25:ac:47:d2:c1:
                    24:60:fa:9f:63:d5:10:7e:83:26:1b:9b:ca:e3:c9:
                    32:10:f2:ef:1e:06:61:95:f7:0d:7a:1c:79:ee:d3:
                    eb:42:06:61:a1:79:b8:00:b6:8c:be:d3:c8:1d:0d:
                    2f:47:c6:21:da:03:7f:17:c8:b8:ac:a3:77:07:c3:
                    a3:89:6f:3f:87:c5:2f:3c:3f:1a:b1:1c:c8:32:cb:
                    2f:f5:22:87:bd:cd:fb:33:6e:b6:be:86:9e:06:be:
                    a1:5b:31:db:03:9e:1e:48:8a:ab:86:45:4d:ea:a2:
                    7f:9f:fd:58:35:01:58:eb:78:6f:d7:ff:4a:9b:42:
                    c6:c3:c5:e8:b0:c7:6d:b6:2d:5c:ac:28:9c:f1:04:
                    95:ef:66:8a:e9:23:de:8a:14:05:b1:91:55:f0:98:
                    d7:44:af:40:3e:5e:74:24:68:86:4b:e4:8f:e6:6a:
                    53:5c:b6:42:fe:83:05:3f:e7:4f:8f:a1:4d:b9:bb:
                    8f:07:6c:2c:6c:85:b6:2b:d6:d4:06:17:4f:26:b7:
                    5a:00:6f:1f:8f:48:37:ea:1b:93:57:2d:bd:61:d7:
                    1d:91:8e:75:c6:4c:d5:df:b4:a1:96:19:a2:33:3a:
                    c0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:BA:85:AC:53:38:12:FB:E9:63:B0:82:F1:63:0E:3A:72:9F:2D:E8
            X509v3 Authority Key Identifier:
                keyid:A2:CD:43:01:B2:89:5F:1D:98:A8:50:E5:89:CE:7C:06:3C:53:9F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/os1DAbKJXx2YqFDlic58BjxTn00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/38486c-9de3-44ef-ab29-58f3f37ccdd9/1/j7qFrFM4EvvpY7CC8WMOOnKfLeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/38486c-9de3-44ef-ab29-58f3f37ccdd9/1/os1DAbKJXx2YqFDlic58BjxTn00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.184.0/23
                IPv6:
                  2001:67c:2940::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:ff:73:ae:64:15:30:23:25:0e:06:c3:63:9d:2b:b4:30:25:
         0c:62:d4:a6:6f:74:6a:26:f6:ed:3f:eb:ef:38:0b:7c:96:c2:
         3d:24:6f:31:a7:9b:cb:8d:3b:12:5e:71:97:50:a5:10:b0:66:
         ec:40:db:d0:2a:f4:e6:8d:b9:68:6b:cf:c9:20:c7:53:6f:a0:
         f2:d4:9c:35:15:7a:f2:a4:11:38:aa:6e:49:05:d4:57:18:b0:
         5f:65:d8:6e:ad:15:d7:75:cf:7d:5e:53:7a:88:38:39:87:32:
         d1:18:0b:e4:c0:87:c6:fb:07:98:f2:eb:4c:04:5b:21:65:26:
         8d:82:6c:d1:1b:aa:f5:62:e2:5a:fa:07:a4:bd:b0:ab:c4:2a:
         d6:c6:fe:5a:0b:00:52:a6:f2:e7:a5:a9:53:be:a8:f8:b2:de:
         ce:fd:a1:c1:c8:45:4a:22:68:0f:b1:13:45:7b:d1:23:fd:da:
         1a:73:b6:bd:ec:24:d0:42:99:ad:69:06:79:54:73:cf:5f:07:
         d3:06:4d:dc:14:94:de:2e:ca:72:ea:b7:cb:bd:32:ad:47:f5:
         05:1f:b1:c9:1f:df:66:82:e7:a2:31:ff:cc:00:99:a6:b9:33:
         cd:19:71:f1:ba:75:ee:88:11:b0:ff:3b:ff:19:11:4f:5b:2b:
         f9:4d:aa:a2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAXV1da66h3hg4qqHL0qnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyY2Q0MzAxYjI4OTVmMWQ5OGE4NTBlNTg5Y2U3YzA2M2M1
MzlmNGQwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmJhODVhYzUzMzgxMmZiZTk2M2IwODJmMTYzMGUzYTcyOWYyZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNTcd8jJ2XZ1WpFVWrup2nLvGqiS
vP+xJaxH0sEkYPqfY9UQfoMmG5vK48kyEPLvHgZhlfcNehx57tPrQgZhoXm4ALaM
vtPIHQ0vR8Yh2gN/F8i4rKN3B8OjiW8/h8UvPD8asRzIMssv9SKHvc37M262voae
Br6hWzHbA54eSIqrhkVN6qJ/n/1YNQFY63hv1/9Km0LGw8XosMdtti1crCic8QSV
72aK6SPeihQFsZFV8JjXRK9APl50JGiGS+SP5mpTXLZC/oMFP+dPj6FNubuPB2ws
bIW2K9bUBhdPJrdaAG8fj0g36huTVy29YdcdkY51xkzV37ShlhmiMzrA4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI+6haxTOBL76WOwgvFjDjpyny3oMB8GA1UdIwQY
MBaAFKLNQwGyiV8dmKhQ5YnOfAY8U59NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3MxREFiS0pYeDJZcUZEbGljNThCanhUbjAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zODQ4NmMtOWRlMy00NGVmLWFiMjkt
NThmM2YzN2NjZGQ5LzEvajdxRnJGTTRFdnZwWTdDQzhXTU9PbktmTGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zODQ4NmMtOWRlMy00NGVmLWFiMjktNThmM2YzN2NjZGQ5
LzEvb3MxREFiS0pYeDJZcUZEbGljNThCanhUbjAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8K4MA8E
AgACMAkDBwAgAQZ8KUAwDQYJKoZIhvcNAQELBQADggEBAHD/c65kFTAjJQ4Gw2Od
K7QwJQxi1KZvdGom9u0/6+84C3yWwj0kbzGnm8uNOxJecZdQpRCwZuxA29Aq9OaN
uWhrz8kgx1NvoPLUnDUVevKkETiqbkkF1FcYsF9l2G6tFdd1z31eU3qIODmHMtEY
C+TAh8b7B5jy60wEWyFlJo2CbNEbqvVi4lr6B6S9sKvEKtbG/loLAFKm8uelqVO+
qPiy3s79ocHIRUoiaA+xE0V70SP92hpztr3sJNBCma1pBnlUc89fB9MGTdwUlN4u
ynLqt8u9Mq1H9QUfsckf32aC56Ix/8wAmaa5M80ZcfG6de6IEbD/O/8ZEU9bK/lN
qqI=
-----END CERTIFICATE-----