Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/jhTu9Zz_ySxaQ55O2d2XERIrar8.roa
File:                     jhTu9Zz_ySxaQ55O2d2XERIrar8.roa (raw, json)
Hash identifier:          vaOZCKITzFxNVKedvfDx6+WcPtJMTloZBg+wdcx+hCs=
Subject key identifier:   8E:14:EE:F5:9C:FF:C9:2C:5A:43:9E:4E:D9:DD:97:11:12:2B:6A:BF
Certificate issuer:       /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial:       018CCA2BCE44BF98ED43092C37766B871D67
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/jhTu9Zz_ySxaQ55O2d2XERIrar8.roa
Signing time:             Tue 02 Jan 2024 12:35:17 +0000
ROA not before:           Tue 02 Jan 2024 12:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61997
IP address blocks:        185.126.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ce:44:bf:98:ed:43:09:2c:37:76:6b:87:1d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
        Validity
            Not Before: Jan  2 12:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e14eef59cffc92c5a439e4ed9dd9711122b6abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5d:e9:74:ce:6a:b5:88:48:03:b7:75:e3:b5:
                    a7:8d:5e:5e:57:67:56:c2:1c:e1:fb:da:fd:96:38:
                    e3:07:b0:dd:5f:e8:a6:1a:28:77:53:d4:94:62:06:
                    00:30:a1:fb:77:12:8d:13:f8:4e:d0:72:f7:4f:91:
                    30:9d:6f:59:a3:e2:9d:a5:ae:97:a1:7d:5c:8d:7f:
                    f9:f7:9b:83:ad:21:a2:51:08:8c:2b:ba:51:31:99:
                    84:fe:1e:2d:67:31:92:8a:48:ff:67:81:e0:9e:94:
                    1e:89:c7:f8:e7:1a:28:89:bb:4c:eb:ee:2b:27:78:
                    43:97:0b:01:0c:cd:4f:62:8e:be:76:9b:4b:81:1c:
                    35:df:de:dc:2c:52:81:93:9f:77:51:9f:76:a2:4b:
                    aa:fd:c3:c5:de:43:60:71:e7:9e:01:67:2f:70:e5:
                    e0:4f:66:81:23:6c:46:0e:1e:56:4e:93:9d:d8:f5:
                    35:93:d2:33:7f:b1:4a:b9:0b:c1:13:16:c2:19:fc:
                    50:05:35:0a:ac:43:d6:61:28:27:46:21:36:bd:f2:
                    c3:64:62:33:8b:6e:7b:ec:0b:56:b3:07:e5:6e:76:
                    06:1e:b8:90:84:6a:d9:4d:f7:1f:a4:d9:4d:1e:3c:
                    61:45:7b:fe:d2:10:ac:42:ae:b7:8a:44:e7:1e:03:
                    66:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:14:EE:F5:9C:FF:C9:2C:5A:43:9E:4E:D9:DD:97:11:12:2B:6A:BF
            X509v3 Authority Key Identifier:
                keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/jhTu9Zz_ySxaQ55O2d2XERIrar8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:47:ef:eb:36:71:5d:1a:2e:61:36:22:38:cb:6e:98:f0:4d:
         d1:c2:0c:42:73:cc:18:5c:0c:d5:54:d4:68:74:ba:8a:ea:0f:
         38:5a:ba:1d:a1:f0:52:0a:c8:35:a3:f2:85:f2:b8:88:bd:ac:
         c7:8c:58:24:31:a4:80:ce:d0:6d:2f:2d:14:ea:b8:71:4f:14:
         ce:d9:ac:c6:60:ad:12:5f:c6:b2:fc:18:c2:36:5c:9b:4c:fe:
         52:a3:25:1f:f6:c7:9f:69:30:7d:d5:cd:11:83:ae:7b:66:fa:
         63:e5:8b:f3:c0:ed:49:cc:2c:70:30:4e:77:b1:69:94:8a:e4:
         a4:b6:c7:ed:e4:e2:86:a3:e3:7c:dd:7a:ce:c5:d1:9b:0a:9b:
         34:c0:15:1b:31:3d:9b:91:58:bc:ea:c3:a7:cd:22:95:b9:7a:
         9f:a2:b2:28:40:42:4a:8f:30:cf:5f:ba:ea:d9:ff:54:be:91:
         cc:a3:ed:1b:a6:9c:fc:d4:5f:83:4d:cb:7f:98:8e:04:9d:53:
         c6:e4:b1:1e:96:25:e1:a6:2a:56:82:a9:2c:a8:4b:03:41:ec:
         cc:af:fa:1c:3d:41:5f:92:ee:bc:e6:6d:66:0e:ce:b4:bf:fa:
         bb:5d:24:c2:40:b1:9e:0c:d6:ed:e5:28:f9:19:c8:ea:7b:2a:
         6c:be:e4:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK85Ev5jtQwksN3Zrhx1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjQwMTAyMTIzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTE0ZWVmNTljZmZjOTJjNWE0MzllNGVkOWRkOTcxMTEyMmI2YWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoF3pdM5qtYhIA7d147WnjV5eV2dW
whzh+9r9ljjjB7DdX+imGih3U9SUYgYAMKH7dxKNE/hO0HL3T5EwnW9Zo+Kdpa6X
oX1cjX/595uDrSGiUQiMK7pRMZmE/h4tZzGSikj/Z4HgnpQeicf45xooibtM6+4r
J3hDlwsBDM1PYo6+dptLgRw1397cLFKBk593UZ92okuq/cPF3kNgceeeAWcvcOXg
T2aBI2xGDh5WTpOd2PU1k9Izf7FKuQvBExbCGfxQBTUKrEPWYSgnRiE2vfLDZGIz
i2577AtWswflbnYGHriQhGrZTfcfpNlNHjxhRXv+0hCsQq63ikTnHgNmawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4U7vWc/8ksWkOeTtndlxESK2q/MB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvamhUdTlael95U3hhUTU1TzJkMlhFUklyYXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX7+MA0G
CSqGSIb3DQEBCwUAA4IBAQAUR+/rNnFdGi5hNiI4y26Y8E3RwgxCc8wYXAzVVNRo
dLqK6g84WrodofBSCsg1o/KF8riIvazHjFgkMaSAztBtLy0U6rhxTxTO2azGYK0S
X8ay/BjCNlybTP5SoyUf9sefaTB91c0Rg657Zvpj5YvzwO1JzCxwME53sWmUiuSk
tsft5OKGo+N83XrOxdGbCps0wBUbMT2bkVi86sOnzSKVuXqforIoQEJKjzDPX7rq
2f9UvpHMo+0bppz81F+DTct/mI4EnVPG5LEeliXhpipWgqksqEsDQezMr/ocPUFf
ku685m1mDs60v/q7XSTCQLGeDNbt5Sj5GcjqeypsvuSE
-----END CERTIFICATE-----