Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/JhS-5Arcdh226Qr3yYli3gT0IRc.roa
File:                     JhS-5Arcdh226Qr3yYli3gT0IRc.roa (raw, json)
Hash identifier:          feaKvhO00TX3aHsoTg0egJQuDEnsoAFKnYbQ7FAPnPw=
Subject key identifier:   26:14:BE:E4:0A:DC:76:1D:B6:E9:0A:F7:C9:89:62:DE:04:F4:21:17
Certificate issuer:       /CN=dbe0ca7c1e0e8a1c7ad02d0bb828b41188ae5243
Certificate serial:       018CC500F06B5A2F8A5231CD444644272C69
Authority key identifier: DB:E0:CA:7C:1E:0E:8A:1C:7A:D0:2D:0B:B8:28:B4:11:88:AE:52:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-DKfB4Oihx60C0LuCi0EYiuUkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/JhS-5Arcdh226Qr3yYli3gT0IRc.roa
Signing time:             Mon 01 Jan 2024 12:30:22 +0000
ROA not before:           Mon 01 Jan 2024 12:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34026
IP address blocks:        80.93.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/2-DKfB4Oihx60C0LuCi0EYiuUkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/2-DKfB4Oihx60C0LuCi0EYiuUkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-DKfB4Oihx60C0LuCi0EYiuUkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f0:6b:5a:2f:8a:52:31:cd:44:46:44:27:2c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe0ca7c1e0e8a1c7ad02d0bb828b41188ae5243
        Validity
            Not Before: Jan  1 12:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2614bee40adc761db6e90af7c98962de04f42117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b6:d2:66:e5:2e:62:30:b6:4a:13:e7:45:b8:
                    e3:3b:d7:ef:72:62:c5:eb:e6:99:08:3e:7f:d0:72:
                    b6:e1:28:d3:07:7b:f1:d5:e6:72:52:91:f7:42:1b:
                    c8:28:6c:90:54:9e:7f:92:27:5b:61:ed:0f:e9:88:
                    8c:5b:b5:a1:fe:95:a2:f8:c1:fe:c1:bb:0e:7f:ca:
                    ff:5b:ed:3c:d2:4c:27:f9:71:3d:84:86:e4:ab:e7:
                    1b:3b:7a:83:ab:d8:be:55:de:36:f1:34:26:d6:c1:
                    1b:0b:6e:74:96:f1:b5:d8:77:4f:e9:1b:7f:4e:f0:
                    7f:84:a9:94:3a:7d:e4:76:97:e5:9b:3d:c8:1c:54:
                    3f:72:24:de:45:f3:3b:8b:c9:6d:04:76:85:cd:5b:
                    89:4b:b1:7b:5b:1e:47:bd:12:fa:ca:4a:c3:30:e4:
                    39:42:99:bd:2e:73:88:0d:73:12:02:e2:b4:b5:dc:
                    ad:70:74:4c:c3:06:29:e0:79:5b:00:37:e6:77:1a:
                    5e:74:a0:4f:73:10:1b:88:85:dc:1a:96:33:22:8a:
                    11:4c:1d:bc:ff:d8:0f:3c:bc:8b:9d:d2:bf:4e:1d:
                    e4:0a:62:bd:a5:ca:40:6b:15:19:a5:27:80:a3:8f:
                    65:3e:ed:18:d1:72:10:d7:28:1d:1b:60:52:72:c9:
                    87:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:14:BE:E4:0A:DC:76:1D:B6:E9:0A:F7:C9:89:62:DE:04:F4:21:17
            X509v3 Authority Key Identifier:
                keyid:DB:E0:CA:7C:1E:0E:8A:1C:7A:D0:2D:0B:B8:28:B4:11:88:AE:52:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-DKfB4Oihx60C0LuCi0EYiuUkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/JhS-5Arcdh226Qr3yYli3gT0IRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/2-DKfB4Oihx60C0LuCi0EYiuUkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:47:5c:5c:2f:f8:8b:13:8e:5d:8c:15:d0:68:c6:e5:4a:f5:
         31:94:06:c3:49:cd:ea:cb:89:c6:08:49:de:77:4e:de:bc:d8:
         95:1a:56:a0:be:d2:a6:b7:ed:5f:b1:51:3b:4c:86:07:4b:aa:
         f6:40:4c:95:ca:f5:59:96:4a:8c:fc:06:3c:81:c7:56:14:13:
         62:2a:13:8b:a9:fa:9c:0c:d0:74:05:44:1d:bd:26:4b:5e:f2:
         6e:d2:a1:8d:fb:c1:40:d8:19:ec:b6:da:10:c8:8d:93:12:db:
         a1:ac:ab:5c:fe:0f:b2:d6:ff:f6:d2:9e:e4:f8:e5:b8:36:a0:
         a7:d3:74:12:db:06:7e:2a:cf:ba:d1:17:71:48:78:c1:d7:79:
         42:4f:f6:6b:94:2a:e9:06:d1:a4:27:3d:2f:8e:c1:84:74:b6:
         1b:0f:16:0f:c9:fa:37:02:48:1f:f0:ff:f3:47:db:1c:43:80:
         55:f0:31:64:f7:a8:49:bb:52:23:70:de:0d:79:a4:c5:57:21:
         97:cd:51:35:65:6a:e3:34:b2:38:49:ba:74:94:d8:97:6a:2e:
         73:97:85:22:ae:32:ff:82:24:70:2c:20:0e:b9:6a:86:00:4b:
         ae:4b:2d:70:f5:8d:63:11:f7:d8:d6:69:45:87:0d:6b:00:16:
         e7:7a:0b:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAPBrWi+KUjHNREZEJyxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTBjYTdjMWUwZThhMWM3YWQwMmQwYmI4MjhiNDExODhh
ZTUyNDMwHhcNMjQwMTAxMTIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjE0YmVlNDBhZGM3NjFkYjZlOTBhZjdjOTg5NjJkZTA0ZjQyMTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLbSZuUuYjC2ShPnRbjjO9fvcmLF
6+aZCD5/0HK24SjTB3vx1eZyUpH3QhvIKGyQVJ5/kidbYe0P6YiMW7Wh/pWi+MH+
wbsOf8r/W+080kwn+XE9hIbkq+cbO3qDq9i+Vd428TQm1sEbC250lvG12HdP6Rt/
TvB/hKmUOn3kdpflmz3IHFQ/ciTeRfM7i8ltBHaFzVuJS7F7Wx5HvRL6ykrDMOQ5
Qpm9LnOIDXMSAuK0tdytcHRMwwYp4HlbADfmdxpedKBPcxAbiIXcGpYzIooRTB28
/9gPPLyLndK/Th3kCmK9pcpAaxUZpSeAo49lPu0Y0XIQ1ygdG2BScsmHywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYUvuQK3HYdtukK98mJYt4E9CEXMB8GA1UdIwQY
MBaAFNvgynweDoocetAtC7gotBGIrlJDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1ES2ZCNE9paHg2MEMwTHVDaTBFWWl1VWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mM2M4ZTgtYzViYy00MjExLWE5YWMt
NGY5MTEyZWRlOTY4LzEvSmhTLTVBcmNkaDIyNlFyM3lZbGkzZ1QwSVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mM2M4ZTgtYzViYy00MjExLWE5YWMtNGY5MTEyZWRlOTY4
LzEvMi1ES2ZCNE9paHg2MEMwTHVDaTBFWWl1VWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF2qMA0G
CSqGSIb3DQEBCwUAA4IBAQBDR1xcL/iLE45djBXQaMblSvUxlAbDSc3qy4nGCEne
d07evNiVGlagvtKmt+1fsVE7TIYHS6r2QEyVyvVZlkqM/AY8gcdWFBNiKhOLqfqc
DNB0BUQdvSZLXvJu0qGN+8FA2BnsttoQyI2TEtuhrKtc/g+y1v/20p7k+OW4NqCn
03QS2wZ+Ks+60RdxSHjB13lCT/ZrlCrpBtGkJz0vjsGEdLYbDxYPyfo3Akgf8P/z
R9scQ4BV8DFk96hJu1IjcN4NeaTFVyGXzVE1ZWrjNLI4Sbp0lNiXai5zl4UirjL/
giRwLCAOuWqGAEuuSy1w9Y1jEffY1mlFhw1rABbneguo
-----END CERTIFICATE-----