Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/m-JU1RwWRB1DBTjnz5LefUtNwDs.roa
File:                     m-JU1RwWRB1DBTjnz5LefUtNwDs.roa (raw, json)
Hash identifier:          xC78iJcSOnwPXs2FZ5+Ow/TaIy2jUipp4r08S9BprUI=
Subject key identifier:   9B:E2:54:D5:1C:16:44:1D:43:05:38:E7:CF:92:DE:7D:4B:4D:C0:3B
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       018CC8DF0AC831A5904F03AEE9BD130A52CE
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/m-JU1RwWRB1DBTjnz5LefUtNwDs.roa
Signing time:             Tue 02 Jan 2024 06:31:49 +0000
ROA not before:           Tue 02 Jan 2024 06:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.203.0/24 maxlen: 24
                          2001:7f8:10f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:0a:c8:31:a5:90:4f:03:ae:e9:bd:13:0a:52:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Jan  2 06:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9be254d51c16441d430538e7cf92de7d4b4dc03b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:db:5a:93:a0:58:af:35:ff:77:34:f8:be:9f:
                    7e:b5:e4:3e:1d:42:2a:1e:d3:8c:24:4a:7f:b4:5f:
                    45:f7:47:c5:f9:10:45:46:86:5e:cc:71:01:78:58:
                    cd:29:98:17:06:51:1d:f1:70:00:77:27:d7:84:2f:
                    f2:a1:0a:05:b8:e7:a2:ac:85:87:a9:71:71:15:ea:
                    fb:b8:f8:66:39:2a:35:69:5d:60:57:83:74:e9:b8:
                    5a:02:eb:ed:c4:0d:cf:96:c6:ac:76:1d:84:98:5d:
                    b7:be:55:6b:03:d1:48:02:44:07:a1:d4:15:f5:a5:
                    99:0a:ce:a7:03:ba:8d:74:80:41:91:3d:66:39:9b:
                    a8:4c:de:47:9e:0f:0a:df:50:0a:20:55:43:74:41:
                    cd:d1:4d:52:a7:8c:2d:81:9c:ad:fa:06:19:4c:1a:
                    dd:d6:dd:42:9f:4a:7d:ea:89:49:54:c7:23:9d:40:
                    58:48:53:ee:3c:29:d9:28:b1:c0:1c:3f:05:2a:78:
                    8a:05:0d:88:46:15:22:c4:5a:42:5a:a6:5d:36:18:
                    12:7b:63:31:0b:68:5a:4a:86:3c:dc:e7:18:01:38:
                    61:32:fd:96:66:c8:ee:dc:8c:05:6b:89:1b:d7:11:
                    c7:1a:5c:92:b4:6f:fb:41:f6:03:66:36:fc:09:99:
                    a9:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:E2:54:D5:1C:16:44:1D:43:05:38:E7:CF:92:DE:7D:4B:4D:C0:3B
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/m-JU1RwWRB1DBTjnz5LefUtNwDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.203.0/24
                IPv6:
                  2001:7f8:10f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:67:db:3d:92:31:7a:84:51:d1:c2:2f:f2:4e:6e:31:82:45:
         0c:fd:f8:63:2a:21:b7:36:8a:26:73:c0:ff:81:77:98:65:10:
         b4:06:97:c3:05:b3:a0:4e:2c:2b:6a:8e:59:7c:88:b5:84:07:
         6d:cd:a9:2b:f9:4e:19:71:e6:d5:18:ff:9b:29:63:c0:26:d8:
         03:bc:19:8e:bd:c7:e4:5f:1d:47:49:fd:a0:28:e8:89:60:3e:
         e9:f5:bb:2b:2e:4d:b0:c7:51:64:0f:99:86:97:b2:bb:fa:6a:
         24:14:0a:b8:99:4d:ca:c2:7c:62:b1:6e:b7:1c:ae:67:cc:83:
         40:3f:c8:c5:78:b1:3d:bd:02:f6:30:97:39:76:c3:03:ad:ba:
         94:28:ef:b1:d0:5f:25:4a:8b:b5:10:a3:5d:21:88:c0:b4:d4:
         92:81:fa:ae:bd:fe:24:85:8c:e5:23:43:39:f8:0f:a6:88:01:
         42:c8:d1:50:79:dc:8b:d2:dd:db:21:5a:f3:c6:0a:ac:56:fb:
         00:32:d4:67:4f:f6:9b:c6:a5:1c:b2:71:b2:34:ba:61:a1:bf:
         17:32:b9:e7:b3:2e:d1:c5:7b:22:34:a8:30:b8:f4:d2:32:fd:
         cf:ab:fc:6f:da:16:c6:c1:5a:44:75:69:cb:7c:25:02:3f:ca:
         b4:6e:fd:e7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3wrIMaWQTwOu6b0TClLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjQwMTAyMDYzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmUyNTRkNTFjMTY0NDFkNDMwNTM4ZTdjZjkyZGU3ZDRiNGRjMDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9tak6BYrzX/dzT4vp9+teQ+HUIq
HtOMJEp/tF9F90fF+RBFRoZezHEBeFjNKZgXBlEd8XAAdyfXhC/yoQoFuOeirIWH
qXFxFer7uPhmOSo1aV1gV4N06bhaAuvtxA3Plsasdh2EmF23vlVrA9FIAkQHodQV
9aWZCs6nA7qNdIBBkT1mOZuoTN5Hng8K31AKIFVDdEHN0U1Sp4wtgZyt+gYZTBrd
1t1Cn0p96olJVMcjnUBYSFPuPCnZKLHAHD8FKniKBQ2IRhUixFpCWqZdNhgSe2Mx
C2haSoY83OcYAThhMv2WZsju3IwFa4kb1xHHGlyStG/7QfYDZjb8CZmpYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJviVNUcFkQdQwU458+S3n1LTcA7MB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvbS1KVTFSd1dSQjFEQlRqbno1TGVmVXROd0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQHLMA8E
AgACMAkDBwAgAQf4AQ8wDQYJKoZIhvcNAQELBQADggEBABpn2z2SMXqEUdHCL/JO
bjGCRQz9+GMqIbc2iiZzwP+Bd5hlELQGl8MFs6BOLCtqjll8iLWEB23NqSv5Thlx
5tUY/5spY8Am2AO8GY69x+RfHUdJ/aAo6IlgPun1uysuTbDHUWQPmYaXsrv6aiQU
CriZTcrCfGKxbrccrmfMg0A/yMV4sT29AvYwlzl2wwOtupQo77HQXyVKi7UQo10h
iMC01JKB+q69/iSFjOUjQzn4D6aIAULI0VB53IvS3dshWvPGCqxW+wAy1GdP9pvG
pRyycbI0umGhvxcyueezLtHFeyI0qDC49NIy/c+r/G/aFsbBWkR1act8JQI/yrRu
/ec=
-----END CERTIFICATE-----