Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/Jq660ngDLggUUvB8ohuZ2BMc6sg.roa
File:                     Jq660ngDLggUUvB8ohuZ2BMc6sg.roa (raw, json)
Hash identifier:          F6vG/ZpngaYrWvQ7ojEoITl4HoLgKLDJTEBEJgtzxCw=
Subject key identifier:   26:AE:BA:D2:78:03:2E:08:14:52:F0:7C:A2:1B:99:D8:13:1C:EA:C8
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       018CC4933F76910C4D63ECF6D7CEE70D55CF
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/Jq660ngDLggUUvB8ohuZ2BMc6sg.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204501
IP address blocks:        195.72.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3f:76:91:0c:4d:63:ec:f6:d7:ce:e7:0d:55:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26aebad278032e081452f07ca21b99d8131ceac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4c:db:58:52:cd:cd:69:f5:d0:99:4d:bf:d9:
                    13:63:07:89:c8:a3:ac:40:60:50:61:81:d0:63:86:
                    74:a9:70:e7:2f:d5:9e:8d:30:20:0b:cb:3c:df:ba:
                    40:b7:24:10:a9:03:8c:da:3d:ec:55:da:a3:40:af:
                    4f:b7:95:88:2f:8c:bd:49:e3:cb:5a:e5:3c:63:1e:
                    b6:7e:38:78:a4:66:de:1b:43:f0:63:85:2f:30:5d:
                    ce:c7:22:07:89:d8:15:f2:34:bd:a4:15:d2:dd:56:
                    71:4d:35:34:27:07:a5:8a:47:9b:44:ec:bd:fe:ef:
                    7d:56:0b:62:77:f7:57:42:15:12:ac:ba:77:3c:a9:
                    66:70:c6:f5:29:12:82:de:d3:91:c9:6c:26:06:38:
                    c9:94:3c:e4:93:b4:dd:8a:d0:cd:b2:21:08:63:3c:
                    68:af:3d:7f:83:8c:d8:b4:c8:9b:5f:85:c8:cb:4c:
                    de:ff:77:b0:58:46:b8:3a:36:cb:1d:63:80:c2:b3:
                    cb:14:da:b5:25:b2:62:29:97:b9:90:c9:77:5e:87:
                    1e:a2:0f:21:e5:17:2e:1b:32:4b:e3:6f:5d:8f:21:
                    a9:63:47:ea:38:9d:a5:c3:48:ae:25:f3:5f:c8:77:
                    d4:e2:f9:98:85:c2:81:85:c3:aa:61:81:ac:5c:52:
                    ed:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:AE:BA:D2:78:03:2E:08:14:52:F0:7C:A2:1B:99:D8:13:1C:EA:C8
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/Jq660ngDLggUUvB8ohuZ2BMc6sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.72.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4c:46:d4:c0:37:c5:2e:a8:0d:13:1c:7d:8b:71:d3:8b:75:
         49:33:dd:88:55:00:0b:75:76:7d:7d:27:5d:12:00:e4:b3:26:
         f0:89:dd:f7:a7:db:01:20:8b:f5:0b:93:85:c8:bd:68:ca:b5:
         eb:35:08:3e:51:d4:6d:b7:65:6f:68:00:71:fb:65:12:34:df:
         13:b0:ca:76:14:03:3d:40:91:ed:e9:ee:92:5f:1c:cb:5b:64:
         04:bc:4a:20:3b:28:92:1c:94:2a:1c:d5:10:a8:5e:5f:24:86:
         36:b3:44:9f:dd:2e:04:76:bc:9d:3d:ba:8e:dc:58:21:74:ab:
         e5:f5:67:7b:c0:0c:4c:3a:f5:ee:8f:7c:59:de:3f:ab:4d:a4:
         ad:43:ff:14:dd:d7:87:5c:80:78:0e:94:8e:a2:3e:2a:91:da:
         b1:8c:7d:c9:bd:e8:c6:9d:32:6f:c1:8d:b9:3f:1a:3d:bb:b0:
         67:dc:55:97:39:a0:0b:d1:44:94:72:b3:b4:38:4c:a7:74:34:
         04:3c:dd:3b:ea:95:bc:d1:f8:ab:97:12:53:98:1b:bb:26:6f:
         b2:8a:6e:bd:64:ae:8f:e2:09:3a:9e:0b:b6:c3:9e:08:b9:b3:
         b2:f1:02:01:15:5b:ca:4a:70:e5:60:85:24:a8:f6:11:fe:c1:
         7c:91:3f:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkz92kQxNY+z2187nDVXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmFlYmFkMjc4MDMyZTA4MTQ1MmYwN2NhMjFiOTlkODEzMWNlYWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0zbWFLNzWn10JlNv9kTYweJyKOs
QGBQYYHQY4Z0qXDnL9WejTAgC8s837pAtyQQqQOM2j3sVdqjQK9Pt5WIL4y9SePL
WuU8Yx62fjh4pGbeG0PwY4UvMF3OxyIHidgV8jS9pBXS3VZxTTU0JwelikebROy9
/u99Vgtid/dXQhUSrLp3PKlmcMb1KRKC3tORyWwmBjjJlDzkk7TditDNsiEIYzxo
rz1/g4zYtMibX4XIy0ze/3ewWEa4OjbLHWOAwrPLFNq1JbJiKZe5kMl3Xoceog8h
5RcuGzJL429djyGpY0fqOJ2lw0iuJfNfyHfU4vmYhcKBhcOqYYGsXFLtbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCauutJ4Ay4IFFLwfKIbmdgTHOrIMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvSnE2NjBuZ0RMZ2dVVXZCOG9odVoyQk1jNnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0h2MA0G
CSqGSIb3DQEBCwUAA4IBAQAuTEbUwDfFLqgNExx9i3HTi3VJM92IVQALdXZ9fSdd
EgDksybwid33p9sBIIv1C5OFyL1oyrXrNQg+UdRtt2VvaABx+2USNN8TsMp2FAM9
QJHt6e6SXxzLW2QEvEogOyiSHJQqHNUQqF5fJIY2s0Sf3S4EdrydPbqO3FghdKvl
9Wd7wAxMOvXuj3xZ3j+rTaStQ/8U3deHXIB4DpSOoj4qkdqxjH3JvejGnTJvwY25
Pxo9u7Bn3FWXOaAL0USUcrO0OEyndDQEPN076pW80firlxJTmBu7Jm+yim69ZK6P
4gk6ngu2w54IubOy8QIBFVvKSnDlYIUkqPYR/sF8kT8D
-----END CERTIFICATE-----