Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/056235-df36-4870-8746-ae5f4c12de79/1/JhWjSR1-uA08c1go-m0F6oTVkqg.roa
File:                     JhWjSR1-uA08c1go-m0F6oTVkqg.roa (raw, json)
Hash identifier:          iJLs7R5vgR5NFCdJGt4+6DOyQ5KVA2GMJsh+pbP6oRs=
Subject key identifier:   26:15:A3:49:1D:7E:B8:0D:3C:73:58:28:FA:6D:05:EA:84:D5:92:A8
Certificate issuer:       /CN=6d8e0e7e86775b415d3d5780ce4cfec0c859189c
Certificate serial:       018CC6B7A395D0B1492E20484C60CB8FC082
Authority key identifier: 6D:8E:0E:7E:86:77:5B:41:5D:3D:57:80:CE:4C:FE:C0:C8:59:18:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bY4OfoZ3W0FdPVeAzkz-wMhZGJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/056235-df36-4870-8746-ae5f4c12de79/1/JhWjSR1-uA08c1go-m0F6oTVkqg.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212976
IP address blocks:        185.45.255.0/24 maxlen: 24
                          185.45.254.0/24 maxlen: 24
                          185.45.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/056235-df36-4870-8746-ae5f4c12de79/1/bY4OfoZ3W0FdPVeAzkz-wMhZGJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/056235-df36-4870-8746-ae5f4c12de79/1/bY4OfoZ3W0FdPVeAzkz-wMhZGJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bY4OfoZ3W0FdPVeAzkz-wMhZGJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a3:95:d0:b1:49:2e:20:48:4c:60:cb:8f:c0:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d8e0e7e86775b415d3d5780ce4cfec0c859189c
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2615a3491d7eb80d3c735828fa6d05ea84d592a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e2:e1:aa:ba:56:ec:3e:e8:7a:18:4e:d4:a5:
                    a8:9b:a6:24:7d:65:9f:d1:0d:3e:bb:95:f1:e3:f8:
                    6c:fc:36:36:5b:69:98:7d:0a:ce:40:e9:9c:3a:a7:
                    00:8c:dc:c7:32:2f:f7:74:b0:12:17:87:02:d3:ee:
                    c4:95:30:b4:7a:2a:4d:3f:94:5d:69:f7:d3:a7:0d:
                    c4:81:97:5a:09:67:13:34:04:80:69:a6:98:e3:d4:
                    26:19:af:72:78:ac:37:32:51:13:78:f1:15:37:95:
                    47:56:66:7e:de:56:2f:8b:4b:d1:49:c2:ef:86:29:
                    41:c0:98:c1:95:a1:db:b7:46:8a:1a:cd:f1:dc:7e:
                    18:c6:c1:cd:24:e5:e0:36:c0:5f:ab:68:f4:da:24:
                    cb:3b:2b:c7:b2:d0:fa:c6:6c:61:c6:6d:31:c5:a2:
                    b3:95:67:e2:80:fe:3b:ca:da:d7:1e:a4:ee:14:3b:
                    b1:db:7c:1e:e4:a1:d8:f5:c4:67:84:9a:5f:d8:11:
                    3e:42:19:4b:e1:79:59:a5:18:6c:4c:36:76:a5:5a:
                    ef:92:9c:4f:cf:9e:ed:12:25:5e:a9:31:b9:e7:e6:
                    3a:1e:7d:66:49:0a:cb:12:3f:14:f2:05:4f:9f:8c:
                    26:38:d5:be:80:42:c5:2c:5e:ea:0f:ca:aa:70:82:
                    15:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:15:A3:49:1D:7E:B8:0D:3C:73:58:28:FA:6D:05:EA:84:D5:92:A8
            X509v3 Authority Key Identifier:
                keyid:6D:8E:0E:7E:86:77:5B:41:5D:3D:57:80:CE:4C:FE:C0:C8:59:18:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bY4OfoZ3W0FdPVeAzkz-wMhZGJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/056235-df36-4870-8746-ae5f4c12de79/1/JhWjSR1-uA08c1go-m0F6oTVkqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/056235-df36-4870-8746-ae5f4c12de79/1/bY4OfoZ3W0FdPVeAzkz-wMhZGJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:fe:e5:c3:01:58:dd:00:60:81:a8:52:3b:40:51:65:9a:9c:
         b1:6f:a5:2a:cc:d2:1c:57:73:28:7c:ef:69:15:44:ba:68:17:
         f2:f8:57:e2:d0:54:89:5d:7a:f2:71:71:8f:39:cc:43:a9:c9:
         c0:3f:d7:41:46:bf:85:ba:23:f8:09:a3:50:f4:00:2e:38:68:
         f0:4f:52:cb:9d:50:29:a3:f5:d0:30:56:e3:4b:46:89:67:dc:
         4a:2b:bc:68:86:b6:fb:80:56:de:b3:99:cc:49:35:c5:8c:28:
         fd:13:4e:d6:47:01:17:9e:1b:05:84:d2:c9:e0:56:8f:48:98:
         ad:4f:9b:37:f3:d0:31:1d:db:4c:93:44:02:5d:6d:cd:f4:7f:
         fd:23:ba:db:dd:b9:aa:d0:45:3c:8c:40:d6:ad:a6:12:1b:04:
         1c:fb:b7:7e:04:0e:2a:2e:19:aa:96:2a:1a:5b:cc:67:eb:d5:
         8a:16:9a:12:4d:6e:b5:cb:94:ee:bd:2c:a8:d2:e8:e1:e9:81:
         dc:ff:08:1d:54:94:47:a7:a6:d0:f6:ce:bb:14:53:3a:73:2b:
         2d:d7:b4:3c:e5:90:f7:6f:a4:e9:f4:07:10:03:1f:db:1e:a4:
         74:d4:5f:70:bf:11:97:77:ca:36:4e:01:db:08:08:6e:33:65:
         f2:6e:ce:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6OV0LFJLiBITGDLj8CCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkOGUwZTdlODY3NzViNDE1ZDNkNTc4MGNlNGNmZWMwYzg1
OTE4OWMwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjE1YTM0OTFkN2ViODBkM2M3MzU4MjhmYTZkMDVlYTg0ZDU5MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleLhqrpW7D7oehhO1KWom6YkfWWf
0Q0+u5Xx4/hs/DY2W2mYfQrOQOmcOqcAjNzHMi/3dLASF4cC0+7ElTC0eipNP5Rd
affTpw3EgZdaCWcTNASAaaaY49QmGa9yeKw3MlETePEVN5VHVmZ+3lYvi0vRScLv
hilBwJjBlaHbt0aKGs3x3H4YxsHNJOXgNsBfq2j02iTLOyvHstD6xmxhxm0xxaKz
lWfigP47ytrXHqTuFDux23we5KHY9cRnhJpf2BE+QhlL4XlZpRhsTDZ2pVrvkpxP
z57tEiVeqTG55+Y6Hn1mSQrLEj8U8gVPn4wmONW+gELFLF7qD8qqcIIVZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYVo0kdfrgNPHNYKPptBeqE1ZKoMB8GA1UdIwQY
MBaAFG2ODn6Gd1tBXT1XgM5M/sDIWRicMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlk0T2ZvWjNXMEZkUFZlQXprei13TWhaR0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8wNTYyMzUtZGYzNi00ODcwLTg3NDYt
YWU1ZjRjMTJkZTc5LzEvSmhXalNSMS11QTA4YzFnby1tMEY2b1RWa3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8wNTYyMzUtZGYzNi00ODcwLTg3NDYtYWU1ZjRjMTJkZTc5
LzEvYlk0T2ZvWjNXMEZkUFZlQXprei13TWhaR0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuS3+MA0G
CSqGSIb3DQEBCwUAA4IBAQAL/uXDAVjdAGCBqFI7QFFlmpyxb6UqzNIcV3MofO9p
FUS6aBfy+Ffi0FSJXXrycXGPOcxDqcnAP9dBRr+FuiP4CaNQ9AAuOGjwT1LLnVAp
o/XQMFbjS0aJZ9xKK7xohrb7gFbes5nMSTXFjCj9E07WRwEXnhsFhNLJ4FaPSJit
T5s389AxHdtMk0QCXW3N9H/9I7rb3bmq0EU8jEDWraYSGwQc+7d+BA4qLhmqlioa
W8xn69WKFpoSTW61y5TuvSyo0ujh6YHc/wgdVJRHp6bQ9s67FFM6cyst17Q85ZD3
b6Tp9AcQAx/bHqR01F9wvxGXd8o2TgHbCAhuM2Xybs7w
-----END CERTIFICATE-----