Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/333ea6-584a-4749-83c7-03d7461eb58a/1/jMsh8ePlJDf2uzU4DrmHlsT01no.roa
File:                     jMsh8ePlJDf2uzU4DrmHlsT01no.roa (raw, json)
Hash identifier:          BY0EqE8aaCKmSVPeC2mwDZX7jbMhc0wM20CanfAqZ2o=
Subject key identifier:   8C:CB:21:F1:E3:E5:24:37:F6:BB:35:38:0E:B9:87:96:C4:F4:D6:7A
Certificate issuer:       /CN=75e6e212c63741b85b957c7c97f7c58f5b5e1335
Certificate serial:       018CC2DB1DCAE8108F67815F8C7C4E389C34
Authority key identifier: 75:E6:E2:12:C6:37:41:B8:5B:95:7C:7C:97:F7:C5:8F:5B:5E:13:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/debiEsY3QbhblXx8l_fFj1teEzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/333ea6-584a-4749-83c7-03d7461eb58a/1/jMsh8ePlJDf2uzU4DrmHlsT01no.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35383
IP address blocks:        84.39.120.0/21 maxlen: 21
                          84.39.122.0/24 maxlen: 24
                          84.39.127.0/24 maxlen: 24
                          2a01:7a20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/333ea6-584a-4749-83c7-03d7461eb58a/1/debiEsY3QbhblXx8l_fFj1teEzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/333ea6-584a-4749-83c7-03d7461eb58a/1/debiEsY3QbhblXx8l_fFj1teEzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/debiEsY3QbhblXx8l_fFj1teEzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1d:ca:e8:10:8f:67:81:5f:8c:7c:4e:38:9c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75e6e212c63741b85b957c7c97f7c58f5b5e1335
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ccb21f1e3e52437f6bb35380eb98796c4f4d67a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:61:04:d0:6c:b9:cd:75:6f:1b:25:52:92:e0:
                    a2:ea:67:ab:a8:04:00:de:08:8a:b8:92:a5:fa:eb:
                    65:22:a3:2a:55:6b:15:25:fe:d2:c2:f0:35:29:29:
                    55:9d:86:d9:11:89:5c:52:f1:6d:bb:c8:fb:dd:4a:
                    2a:b0:99:ec:16:cd:37:f4:b6:1e:87:5f:4d:b4:a3:
                    80:63:b1:26:32:e5:af:d5:d6:36:b8:0b:b0:3e:07:
                    11:b3:52:c1:68:44:dd:c2:24:74:85:e3:0f:79:27:
                    f5:8b:8f:34:9b:65:f4:30:4f:86:58:95:63:96:47:
                    28:59:80:a7:d4:a2:d6:b9:6e:df:b2:22:62:0b:db:
                    16:49:c8:2d:22:82:6c:41:a3:6e:ab:ca:52:57:5f:
                    12:8b:07:80:ba:22:38:d1:a4:42:5c:9c:a2:bc:df:
                    f8:ab:f9:95:6a:f9:52:c4:96:04:78:99:63:e3:a1:
                    75:bc:a6:da:ba:41:57:13:09:63:d6:6a:d3:39:aa:
                    31:92:b5:ae:9f:70:57:a2:70:25:3a:f7:34:62:57:
                    8d:23:c6:d0:54:5a:09:69:c8:e4:c4:e1:c6:b4:8f:
                    ef:ea:16:d9:d1:ab:2e:0c:7f:e5:6c:41:f0:1c:f7:
                    cc:7e:86:f2:56:f1:96:bc:6f:95:79:71:2f:cb:dc:
                    66:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:CB:21:F1:E3:E5:24:37:F6:BB:35:38:0E:B9:87:96:C4:F4:D6:7A
            X509v3 Authority Key Identifier:
                keyid:75:E6:E2:12:C6:37:41:B8:5B:95:7C:7C:97:F7:C5:8F:5B:5E:13:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/debiEsY3QbhblXx8l_fFj1teEzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/333ea6-584a-4749-83c7-03d7461eb58a/1/jMsh8ePlJDf2uzU4DrmHlsT01no.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/333ea6-584a-4749-83c7-03d7461eb58a/1/debiEsY3QbhblXx8l_fFj1teEzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.120.0/21
                IPv6:
                  2a01:7a20::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:99:d3:37:0c:96:5d:00:e6:4e:11:bd:2f:92:c0:cd:b3:5a:
         84:2f:aa:35:92:cb:a1:2f:8c:ab:c7:41:92:f9:58:da:ea:d5:
         b0:96:36:2e:5c:b4:dd:3c:5d:a7:4a:e8:95:e4:53:ec:d3:8a:
         cc:1b:e8:5d:0a:9a:c1:49:d5:5f:ad:34:30:82:b7:f1:18:07:
         62:a5:40:ac:3c:54:92:38:1f:f3:64:89:c4:f4:99:3e:4f:ce:
         a6:b4:e6:8d:42:53:20:17:f1:b3:e7:64:c0:c6:1e:f8:01:07:
         22:58:e7:32:87:7c:e2:40:2a:9a:3f:34:1d:b9:78:da:55:b0:
         38:06:4c:eb:eb:f5:02:52:e4:4d:b9:db:9d:8c:2e:68:33:70:
         3c:4b:17:04:95:21:e3:c4:c5:7f:de:1b:41:d5:5d:d8:1b:cf:
         7f:d9:0d:5b:24:06:ca:d7:18:b5:f3:e4:83:fa:78:31:8f:33:
         41:8d:a6:04:f1:eb:b2:3a:6a:1f:bb:1e:8e:65:76:5b:5f:a5:
         30:9b:ec:20:71:44:d7:72:e3:03:6e:01:61:5e:35:7a:d4:a0:
         00:5d:b3:73:10:b7:3d:bf:ba:55:8a:f1:8a:9e:8a:9e:c2:93:
         cc:a4:80:d0:c1:0e:87:03:dd:d6:f2:88:b3:b0:ba:78:b0:d7:
         71:9c:6c:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2x3K6BCPZ4FfjHxOOJw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZTZlMjEyYzYzNzQxYjg1Yjk1N2M3Yzk3ZjdjNThmNWI1
ZTEzMzUwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2NiMjFmMWUzZTUyNDM3ZjZiYjM1MzgwZWI5ODc5NmM0ZjRkNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumEE0Gy5zXVvGyVSkuCi6merqAQA
3giKuJKl+utlIqMqVWsVJf7SwvA1KSlVnYbZEYlcUvFtu8j73UoqsJnsFs039LYe
h19NtKOAY7EmMuWv1dY2uAuwPgcRs1LBaETdwiR0heMPeSf1i480m2X0ME+GWJVj
lkcoWYCn1KLWuW7fsiJiC9sWScgtIoJsQaNuq8pSV18SiweAuiI40aRCXJyivN/4
q/mVavlSxJYEeJlj46F1vKbaukFXEwlj1mrTOaoxkrWun3BXonAlOvc0YleNI8bQ
VFoJacjkxOHGtI/v6hbZ0asuDH/lbEHwHPfMfobyVvGWvG+VeXEvy9xm1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIzLIfHj5SQ39rs1OA65h5bE9NZ6MB8GA1UdIwQY
MBaAFHXm4hLGN0G4W5V8fJf3xY9bXhM1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGViaUVzWTNRYmhibFh4OGxfZkZqMXRlRXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8zMzNlYTYtNTg0YS00NzQ5LTgzYzct
MDNkNzQ2MWViNThhLzEvak1zaDhlUGxKRGYydXpVNERybUhsc1QwMW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8zMzNlYTYtNTg0YS00NzQ5LTgzYzctMDNkNzQ2MWViNThh
LzEvZGViaUVzWTNRYmhibFh4OGxfZkZqMXRlRXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDVCd4MA0E
AgACMAcDBQAqAXogMA0GCSqGSIb3DQEBCwUAA4IBAQCSmdM3DJZdAOZOEb0vksDN
s1qEL6o1ksuhL4yrx0GS+Vja6tWwljYuXLTdPF2nSuiV5FPs04rMG+hdCprBSdVf
rTQwgrfxGAdipUCsPFSSOB/zZInE9Jk+T86mtOaNQlMgF/Gz52TAxh74AQciWOcy
h3ziQCqaPzQduXjaVbA4Bkzr6/UCUuRNududjC5oM3A8SxcElSHjxMV/3htB1V3Y
G89/2Q1bJAbK1xi18+SD+ngxjzNBjaYE8euyOmofux6OZXZbX6Uwm+wgcUTXcuMD
bgFhXjV61KAAXbNzELc9v7pVivGKnoqewpPMpIDQwQ6HA93W8oizsLp4sNdxnGx9
-----END CERTIFICATE-----