Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/e7edd1-c79f-4890-a175-12e6a6edd124/1/jGIXM9OvZPg4_H8x9xlj6Xwnc30.roa
File:                     jGIXM9OvZPg4_H8x9xlj6Xwnc30.roa (raw, json)
Hash identifier:          2yPCKngpPBoUCNd6k1xLY7ag2PF6f8QskKD0Sx0ZxGA=
Subject key identifier:   8C:62:17:33:D3:AF:64:F8:38:FC:7F:31:F7:19:63:E9:7C:27:73:7D
Certificate issuer:       /CN=3c8fe2b19bd3eb7f70a4eedab616b53250011520
Certificate serial:       0192D8D8741E4EFC80CE6ABCB99580DEDC59
Authority key identifier: 3C:8F:E2:B1:9B:D3:EB:7F:70:A4:EE:DA:B6:16:B5:32:50:01:15:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PI_isZvT639wpO7atha1MlABFSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/e7edd1-c79f-4890-a175-12e6a6edd124/1/jGIXM9OvZPg4_H8x9xlj6Xwnc30.roa
Signing time:             Tue 29 Oct 2024 15:15:17 +0000
ROA not before:           Tue 29 Oct 2024 15:15:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41050
IP address blocks:        185.254.120.0/24 maxlen: 24
                          2a10:bb40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/e7edd1-c79f-4890-a175-12e6a6edd124/1/PI_isZvT639wpO7atha1MlABFSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/e7edd1-c79f-4890-a175-12e6a6edd124/1/PI_isZvT639wpO7atha1MlABFSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PI_isZvT639wpO7atha1MlABFSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:d8:74:1e:4e:fc:80:ce:6a:bc:b9:95:80:de:dc:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c8fe2b19bd3eb7f70a4eedab616b53250011520
        Validity
            Not Before: Oct 29 15:15:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c621733d3af64f838fc7f31f71963e97c27737d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fe:a9:21:69:f1:31:59:e0:b9:21:09:8c:75:
                    6b:32:3a:f4:b2:80:79:f6:84:99:64:c2:31:33:31:
                    31:bc:da:e6:ad:11:66:c8:33:f0:6f:0a:c5:56:c9:
                    32:e2:2a:d4:e7:4a:da:ac:50:83:7c:83:77:f4:5a:
                    00:82:6b:cf:e7:aa:0e:82:62:93:65:b3:5a:01:c1:
                    55:af:e2:be:e4:8d:03:51:bd:a6:7a:61:96:d5:0c:
                    33:2d:19:e3:90:a4:23:5d:36:27:bd:c1:b4:e8:c2:
                    db:01:15:58:41:b5:30:0d:44:4e:9d:60:45:26:62:
                    25:94:07:2f:51:06:f9:1b:41:10:b2:21:05:f4:9a:
                    f5:f0:c4:39:b0:9f:91:2c:2d:57:f6:93:27:ba:54:
                    05:e4:99:49:6b:5f:ca:ac:42:da:df:33:0e:e6:3e:
                    9e:09:5d:9b:6a:b9:95:52:55:89:21:11:d4:1c:06:
                    09:98:32:70:af:45:60:c6:79:3d:f9:dd:73:7a:f3:
                    7a:dc:41:fb:55:36:ab:11:f9:6d:99:ed:a5:0b:c1:
                    07:fa:2d:67:85:a2:e2:b7:90:6f:11:98:7c:fe:7f:
                    9b:c1:d3:df:76:32:a5:4c:d5:24:87:5f:93:f2:d5:
                    46:af:20:bb:ab:67:a5:77:6c:c7:6d:e0:32:6e:fe:
                    7a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:62:17:33:D3:AF:64:F8:38:FC:7F:31:F7:19:63:E9:7C:27:73:7D
            X509v3 Authority Key Identifier:
                keyid:3C:8F:E2:B1:9B:D3:EB:7F:70:A4:EE:DA:B6:16:B5:32:50:01:15:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PI_isZvT639wpO7atha1MlABFSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/e7edd1-c79f-4890-a175-12e6a6edd124/1/jGIXM9OvZPg4_H8x9xlj6Xwnc30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/e7edd1-c79f-4890-a175-12e6a6edd124/1/PI_isZvT639wpO7atha1MlABFSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.120.0/24
                IPv6:
                  2a10:bb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:5d:06:19:4d:12:c9:88:96:12:70:4e:5b:26:a5:3e:6e:98:
         83:c6:dc:5b:8e:ea:1b:f9:fb:a2:a6:39:fe:39:9a:84:44:82:
         65:16:41:3e:17:cc:d0:a5:d8:7e:41:72:12:0c:15:c9:09:20:
         d2:b1:da:58:7c:14:48:00:7c:09:00:f1:f2:cf:5b:fe:5d:49:
         4b:57:b5:a3:82:49:2e:5b:6b:b5:0e:99:63:8f:7e:ff:22:1a:
         b8:64:91:61:6b:35:4b:6f:a9:36:fb:c9:e0:6a:ce:9f:6d:05:
         b4:3c:3f:5d:83:cb:49:01:22:74:54:c9:b8:26:50:83:5e:f7:
         62:7c:fe:e4:81:37:fe:f6:87:51:09:56:2b:4d:31:21:2f:84:
         cc:b7:b6:3b:b5:b8:68:b7:7a:72:db:2c:b9:82:9e:a1:05:76:
         08:a3:85:80:66:eb:72:51:3c:86:ce:b4:dc:43:de:2f:0e:c4:
         6a:f7:f7:85:38:c4:f5:1a:11:fc:d5:a3:e3:48:69:c6:0c:d0:
         84:a7:49:0d:50:3e:8e:55:5d:bf:a1:44:0b:50:89:10:25:3a:
         7c:a0:21:b4:ae:1e:91:94:3f:9a:3c:fa:19:2a:44:75:62:8a:
         3f:bc:50:fd:c5:05:20:36:ff:e5:6f:7d:0d:b1:d0:fb:8a:d1:
         b0:ec:0d:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZLY2HQeTvyAzmq8uZWA3txZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjOGZlMmIxOWJkM2ViN2Y3MGE0ZWVkYWI2MTZiNTMyNTAw
MTE1MjAwHhcNMjQxMDI5MTUxNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzYyMTczM2QzYWY2NGY4MzhmYzdmMzFmNzE5NjNlOTdjMjc3MzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP6pIWnxMVnguSEJjHVrMjr0soB5
9oSZZMIxMzExvNrmrRFmyDPwbwrFVsky4irU50rarFCDfIN39FoAgmvP56oOgmKT
ZbNaAcFVr+K+5I0DUb2memGW1QwzLRnjkKQjXTYnvcG06MLbARVYQbUwDUROnWBF
JmIllAcvUQb5G0EQsiEF9Jr18MQ5sJ+RLC1X9pMnulQF5JlJa1/KrELa3zMO5j6e
CV2barmVUlWJIRHUHAYJmDJwr0Vgxnk9+d1zevN63EH7VTarEfltme2lC8EH+i1n
haLit5BvEZh8/n+bwdPfdjKlTNUkh1+T8tVGryC7q2eld2zHbeAybv56mQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIxiFzPTr2T4OPx/MfcZY+l8J3N9MB8GA1UdIwQY
MBaAFDyP4rGb0+t/cKTu2rYWtTJQARUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElfaXNadlQ2Mzl3cE83YXRoYTFNbEFCRlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lN2VkZDEtYzc5Zi00ODkwLWExNzUt
MTJlNmE2ZWRkMTI0LzEvakdJWE05T3ZaUGc0X0g4eDl4bGo2WHduYzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lN2VkZDEtYzc5Zi00ODkwLWExNzUtMTJlNmE2ZWRkMTI0
LzEvUElfaXNadlQ2Mzl3cE83YXRoYTFNbEFCRlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf54MA0E
AgACMAcDBQMqELtAMA0GCSqGSIb3DQEBCwUAA4IBAQA9XQYZTRLJiJYScE5bJqU+
bpiDxtxbjuob+fuipjn+OZqERIJlFkE+F8zQpdh+QXISDBXJCSDSsdpYfBRIAHwJ
APHyz1v+XUlLV7WjgkkuW2u1Dpljj37/Ihq4ZJFhazVLb6k2+8ngas6fbQW0PD9d
g8tJASJ0VMm4JlCDXvdifP7kgTf+9odRCVYrTTEhL4TMt7Y7tbhot3py2yy5gp6h
BXYIo4WAZutyUTyGzrTcQ94vDsRq9/eFOMT1GhH81aPjSGnGDNCEp0kNUD6OVV2/
oUQLUIkQJTp8oCG0rh6RlD+aPPoZKkR1Yoo/vFD9xQUgNv/lb30NsdD7itGw7A13
-----END CERTIFICATE-----