Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/jcYWzULPoJ1jpearr-vKUz9gRvQ.roa
File:                     jcYWzULPoJ1jpearr-vKUz9gRvQ.roa (raw, json)
Hash identifier:          4hh4Rp+/lWku3L2Rp2so1Rz3RTSFlGoa0TpWswus9CY=
Subject key identifier:   8D:C6:16:CD:42:CF:A0:9D:63:A5:E6:AB:AF:EB:CA:53:3F:60:46:F4
Certificate issuer:       /CN=a81558853febc79d813eb2c0ce5cb736fb73c0df
Certificate serial:       018CC3B6E52E1270D6C778548787CAC23A77
Authority key identifier: A8:15:58:85:3F:EB:C7:9D:81:3E:B2:C0:CE:5C:B7:36:FB:73:C0:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBVYhT_rx52BPrLAzly3NvtzwN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/jcYWzULPoJ1jpearr-vKUz9gRvQ.roa
Signing time:             Mon 01 Jan 2024 06:29:52 +0000
ROA not before:           Mon 01 Jan 2024 06:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50599
IP address blocks:        185.221.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/qBVYhT_rx52BPrLAzly3NvtzwN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/qBVYhT_rx52BPrLAzly3NvtzwN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBVYhT_rx52BPrLAzly3NvtzwN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e5:2e:12:70:d6:c7:78:54:87:87:ca:c2:3a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81558853febc79d813eb2c0ce5cb736fb73c0df
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dc616cd42cfa09d63a5e6abafebca533f6046f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7c:71:4e:07:68:7e:cc:3f:31:29:01:a3:15:
                    6d:b6:28:44:48:ad:67:dc:9a:23:e4:db:ca:40:f1:
                    8e:b3:29:4f:a5:84:b1:4c:07:ac:74:41:83:df:1f:
                    78:20:42:d7:42:9b:21:7c:5b:73:ab:68:59:d4:14:
                    e7:c6:63:4c:6f:0b:0d:c5:1d:d6:c5:8a:5a:d4:be:
                    63:f5:18:66:6e:4b:7a:64:62:d2:50:ca:74:51:bf:
                    20:ea:a6:37:48:f9:8c:90:0a:56:cf:bd:3b:c7:25:
                    7e:7f:eb:7e:30:fd:9e:8d:d1:4c:89:41:d1:e1:a0:
                    b8:89:81:b6:3b:a8:28:6a:7b:a5:04:e8:9a:25:d5:
                    0c:f4:73:dc:24:56:4e:23:10:2c:d3:1e:a0:82:9f:
                    eb:91:ec:51:76:29:57:75:aa:a1:2f:1d:5d:00:30:
                    19:e7:08:f4:46:c5:bc:f6:33:d6:2a:c1:5f:2c:62:
                    da:9e:9a:8a:a9:a1:f3:9c:24:3c:f2:c4:2b:ac:e5:
                    8d:12:a7:6c:30:f0:48:c0:56:39:28:06:42:ef:ef:
                    47:b8:42:0b:43:a4:3e:71:c4:e1:1b:b2:92:60:a9:
                    9c:14:bd:2f:b0:39:b8:10:bb:79:40:39:23:5e:01:
                    c8:d7:49:3b:c6:eb:0c:06:e0:00:5c:88:11:e0:27:
                    f3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:C6:16:CD:42:CF:A0:9D:63:A5:E6:AB:AF:EB:CA:53:3F:60:46:F4
            X509v3 Authority Key Identifier:
                keyid:A8:15:58:85:3F:EB:C7:9D:81:3E:B2:C0:CE:5C:B7:36:FB:73:C0:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBVYhT_rx52BPrLAzly3NvtzwN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/jcYWzULPoJ1jpearr-vKUz9gRvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/qBVYhT_rx52BPrLAzly3NvtzwN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:55:22:14:11:cb:f4:b1:64:03:44:14:26:62:94:a5:d9:79:
         ba:e9:5a:35:66:e8:19:c3:c6:49:71:02:8b:25:cf:aa:73:61:
         cd:46:1f:38:58:90:58:48:62:be:0d:0e:b4:e3:6c:8f:9b:01:
         28:21:1b:ae:73:62:55:53:f4:c5:2e:66:b2:66:5d:70:73:84:
         a3:52:74:44:3c:42:ed:1e:1b:6a:5d:fe:b2:f9:84:55:14:5b:
         45:94:fe:85:05:07:93:93:5f:2f:e7:d3:ac:e2:35:10:9f:d0:
         80:8b:6f:bb:a2:21:8f:a9:73:69:78:86:b4:8d:74:28:13:49:
         6b:f0:7b:df:b3:c1:b6:2f:ca:f6:e9:b8:8a:c4:96:64:f4:60:
         95:52:02:e1:c7:00:b8:08:2d:63:8a:b1:b3:cf:09:26:8c:0e:
         c1:52:2e:23:c4:95:51:19:ef:a5:22:fe:10:2d:03:da:ce:e9:
         c9:88:4a:b4:44:9a:d3:19:26:f0:fa:c2:e6:6e:89:9b:a7:9d:
         0e:35:04:a1:2a:e2:92:f6:61:d2:6d:b8:33:b2:3e:5c:bd:8e:
         cf:69:f4:88:f7:5c:3f:b4:56:62:cb:b1:58:7b:82:d3:55:d2:
         f2:07:5b:38:87:bd:98:7c:ed:f6:bb:b6:83:03:c1:55:3b:21:
         64:61:27:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuUuEnDWx3hUh4fKwjp3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTU1ODg1M2ZlYmM3OWQ4MTNlYjJjMGNlNWNiNzM2ZmI3
M2MwZGYwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGM2MTZjZDQyY2ZhMDlkNjNhNWU2YWJhZmViY2E1MzNmNjA0NmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHxxTgdofsw/MSkBoxVttihESK1n
3Joj5NvKQPGOsylPpYSxTAesdEGD3x94IELXQpshfFtzq2hZ1BTnxmNMbwsNxR3W
xYpa1L5j9Rhmbkt6ZGLSUMp0Ub8g6qY3SPmMkApWz707xyV+f+t+MP2ejdFMiUHR
4aC4iYG2O6goanulBOiaJdUM9HPcJFZOIxAs0x6ggp/rkexRdilXdaqhLx1dADAZ
5wj0RsW89jPWKsFfLGLanpqKqaHznCQ88sQrrOWNEqdsMPBIwFY5KAZC7+9HuEIL
Q6Q+ccThG7KSYKmcFL0vsDm4ELt5QDkjXgHI10k7xusMBuAAXIgR4CfzOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3GFs1Cz6CdY6Xmq6/rylM/YEb0MB8GA1UdIwQY
MBaAFKgVWIU/68edgT6ywM5ctzb7c8DfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJWWWhUX3J4NTJCUHJMQXpseTNOdnR6d044LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS81Y2E0OGItYzk2Ni00ZTYzLTg2OGQt
YTg1YzFiMmVjMWNlLzEvamNZV3pVTFBvSjFqcGVhcnItdktVejlnUnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS81Y2E0OGItYzk2Ni00ZTYzLTg2OGQtYTg1YzFiMmVjMWNl
LzEvcUJWWWhUX3J4NTJCUHJMQXpseTNOdnR6d044LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud1uMA0G
CSqGSIb3DQEBCwUAA4IBAQAUVSIUEcv0sWQDRBQmYpSl2Xm66Vo1ZugZw8ZJcQKL
Jc+qc2HNRh84WJBYSGK+DQ6042yPmwEoIRuuc2JVU/TFLmayZl1wc4SjUnREPELt
HhtqXf6y+YRVFFtFlP6FBQeTk18v59Os4jUQn9CAi2+7oiGPqXNpeIa0jXQoE0lr
8Hvfs8G2L8r26biKxJZk9GCVUgLhxwC4CC1jirGzzwkmjA7BUi4jxJVRGe+lIv4Q
LQPazunJiEq0RJrTGSbw+sLmbombp50ONQShKuKS9mHSbbgzsj5cvY7PafSI91w/
tFZiy7FYe4LTVdLyB1s4h72YfO32u7aDA8FVOyFkYSeU
-----END CERTIFICATE-----