Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/7174ee-3076-496c-b259-9700546b5711/1/jHCjx-TBB5oXKBhOsM_EWQyL88A.roa
File:                     jHCjx-TBB5oXKBhOsM_EWQyL88A.roa (raw, json)
Hash identifier:          rucNPqCxXwLKo5x3absYJUk2L/e2sCkpCPYtoCEmNPo=
Subject key identifier:   8C:70:A3:C7:E4:C1:07:9A:17:28:18:4E:B0:CF:C4:59:0C:8B:F3:C0
Certificate issuer:       /CN=ae83824fdc29ebe4ac286ca01844df86d4d75ec0
Certificate serial:       019427B7E7B714F0567D791C616A56354A38
Authority key identifier: AE:83:82:4F:DC:29:EB:E4:AC:28:6C:A0:18:44:DF:86:D4:D7:5E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/roOCT9wp6-SsKGygGETfhtTXXsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/7174ee-3076-496c-b259-9700546b5711/1/jHCjx-TBB5oXKBhOsM_EWQyL88A.roa
Signing time:             Thu 02 Jan 2025 15:52:31 +0000
ROA not before:           Thu 02 Jan 2025 15:52:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213804
IP address blocks:        144.86.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/7174ee-3076-496c-b259-9700546b5711/1/roOCT9wp6-SsKGygGETfhtTXXsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/7174ee-3076-496c-b259-9700546b5711/1/roOCT9wp6-SsKGygGETfhtTXXsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/roOCT9wp6-SsKGygGETfhtTXXsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b7:e7:b7:14:f0:56:7d:79:1c:61:6a:56:35:4a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae83824fdc29ebe4ac286ca01844df86d4d75ec0
        Validity
            Not Before: Jan  2 15:52:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c70a3c7e4c1079a1728184eb0cfc4590c8bf3c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b5:75:9d:19:d0:02:b4:1c:3c:01:09:25:96:
                    4c:70:e5:5b:0e:89:a2:db:e8:78:21:42:34:9c:98:
                    b4:e8:15:73:14:54:c2:81:1f:52:ed:ba:0f:83:37:
                    1a:5f:e0:c6:b9:f4:9b:1b:ec:69:96:a3:cc:b4:8c:
                    ee:fa:99:11:36:04:d9:bf:f2:6e:e8:52:11:8a:94:
                    f6:eb:46:1b:f9:83:e5:52:ce:0e:d5:9d:88:fc:a7:
                    76:55:2a:1b:d2:02:d5:e5:7e:0c:1b:23:a7:82:95:
                    3a:dd:ee:ec:bc:79:72:9d:1a:70:1b:73:97:f0:13:
                    9f:5d:f3:bd:8d:ee:69:a0:b5:c7:1a:10:ff:7c:ea:
                    5b:66:b8:5e:40:cb:89:0b:69:ba:06:f8:3f:83:46:
                    d8:1e:a6:cc:83:19:22:04:5a:78:a5:6e:0a:57:c4:
                    ca:d1:7f:54:25:4a:a0:8f:83:de:bd:bb:de:ca:ce:
                    9c:e8:b6:57:50:db:63:6c:c2:c2:3c:d3:06:5c:d5:
                    c3:4f:83:8a:5d:b2:26:17:49:0f:f9:e8:7b:3e:a6:
                    10:34:6a:9c:d0:c2:b5:3e:20:83:21:86:68:de:97:
                    ae:b2:a4:78:4c:8c:a6:c8:7a:b3:5c:ed:1b:0e:f6:
                    c0:e4:81:c9:81:04:a3:b6:5f:bc:9e:45:6a:dc:5c:
                    81:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:70:A3:C7:E4:C1:07:9A:17:28:18:4E:B0:CF:C4:59:0C:8B:F3:C0
            X509v3 Authority Key Identifier:
                keyid:AE:83:82:4F:DC:29:EB:E4:AC:28:6C:A0:18:44:DF:86:D4:D7:5E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/roOCT9wp6-SsKGygGETfhtTXXsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/7174ee-3076-496c-b259-9700546b5711/1/jHCjx-TBB5oXKBhOsM_EWQyL88A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/7174ee-3076-496c-b259-9700546b5711/1/roOCT9wp6-SsKGygGETfhtTXXsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.86.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:98:90:2e:4f:4c:ec:88:07:d2:01:ae:18:4d:1b:c3:21:9e:
         d8:dc:c5:e6:3b:0b:1f:5b:a3:73:d0:e0:3b:12:de:6a:63:79:
         ef:a6:9d:c3:be:64:42:a5:11:53:e6:92:a2:f9:cd:a6:54:8f:
         31:6e:02:39:9b:ff:92:96:a5:26:13:0b:57:2f:10:28:04:ea:
         17:dd:a2:92:d9:1a:0c:10:6c:10:56:9f:1c:9e:bd:2f:46:d0:
         d0:65:1b:56:b9:7a:c7:36:82:58:d1:2c:52:f4:e7:02:53:80:
         ab:f8:2a:35:57:3d:28:bc:ab:44:ac:3f:c7:19:2c:9b:0e:92:
         b3:92:25:f3:32:b2:bb:54:60:3d:1d:9b:9b:58:3d:44:10:49:
         7d:49:a1:4a:b4:c9:83:ae:a1:fa:93:3c:61:8a:10:02:e6:3c:
         79:43:3e:74:29:c5:1e:2c:4c:2a:3f:06:d0:2b:fe:c6:ab:4c:
         43:42:6e:f3:f8:20:42:9d:3e:1f:a5:cb:dc:e7:5a:3f:d6:47:
         1a:73:e8:d0:da:14:f3:71:95:56:3c:9b:51:7b:3c:c7:4f:f8:
         51:25:fe:2e:c2:26:3f:bc:aa:cc:7f:3d:80:0a:08:4d:f1:dc:
         c2:47:16:89:60:06:a1:bd:72:ca:b9:b0:01:08:53:91:5f:34:
         2c:af:e9:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnt+e3FPBWfXkcYWpWNUo4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlODM4MjRmZGMyOWViZTRhYzI4NmNhMDE4NDRkZjg2ZDRk
NzVlYzAwHhcNMjUwMTAyMTU1MjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzcwYTNjN2U0YzEwNzlhMTcyODE4NGViMGNmYzQ1OTBjOGJmM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLV1nRnQArQcPAEJJZZMcOVbDomi
2+h4IUI0nJi06BVzFFTCgR9S7boPgzcaX+DGufSbG+xplqPMtIzu+pkRNgTZv/Ju
6FIRipT260Yb+YPlUs4O1Z2I/Kd2VSob0gLV5X4MGyOngpU63e7svHlynRpwG3OX
8BOfXfO9je5poLXHGhD/fOpbZrheQMuJC2m6Bvg/g0bYHqbMgxkiBFp4pW4KV8TK
0X9UJUqgj4Pevbveys6c6LZXUNtjbMLCPNMGXNXDT4OKXbImF0kP+eh7PqYQNGqc
0MK1PiCDIYZo3peusqR4TIymyHqzXO0bDvbA5IHJgQSjtl+8nkVq3FyBYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxwo8fkwQeaFygYTrDPxFkMi/PAMB8GA1UdIwQY
MBaAFK6Dgk/cKevkrChsoBhE34bU117AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm9PQ1Q5d3A2LVNzS0d5Z0dFVGZodFRYWHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC83MTc0ZWUtMzA3Ni00OTZjLWIyNTkt
OTcwMDU0NmI1NzExLzEvakhDangtVEJCNW9YS0JoT3NNX0VXUXlMODhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC83MTc0ZWUtMzA3Ni00OTZjLWIyNTktOTcwMDU0NmI1NzEx
LzEvcm9PQ1Q5d3A2LVNzS0d5Z0dFVGZodFRYWHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkFa8MA0G
CSqGSIb3DQEBCwUAA4IBAQAEmJAuT0zsiAfSAa4YTRvDIZ7Y3MXmOwsfW6Nz0OA7
Et5qY3nvpp3DvmRCpRFT5pKi+c2mVI8xbgI5m/+SlqUmEwtXLxAoBOoX3aKS2RoM
EGwQVp8cnr0vRtDQZRtWuXrHNoJY0SxS9OcCU4Cr+Co1Vz0ovKtErD/HGSybDpKz
kiXzMrK7VGA9HZubWD1EEEl9SaFKtMmDrqH6kzxhihAC5jx5Qz50KcUeLEwqPwbQ
K/7Gq0xDQm7z+CBCnT4fpcvc51o/1kcac+jQ2hTzcZVWPJtRezzHT/hRJf4uwiY/
vKrMfz2ACghN8dzCRxaJYAahvXLKubABCFORXzQsr+mi
-----END CERTIFICATE-----