Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/8738b9-2d0a-4ef6-afad-1ae506ea1760/1/Jvh8LJ6-crAmSSGHbF76HnQ8ckA.roa
File:                     Jvh8LJ6-crAmSSGHbF76HnQ8ckA.roa (raw, json)
Hash identifier:          xBzHxL0oPrHMNhUclCuAc5KWEywe3q4PYCKOdY3Wp/o=
Subject key identifier:   26:F8:7C:2C:9E:BE:72:B0:26:49:21:87:6C:5E:FA:1E:74:3C:72:40
Certificate issuer:       /CN=d8e9e40ff9fbb6280da36e972f20d312500c185c
Certificate serial:       018CC4925533DF4903346B8AA22C9896C9ED
Authority key identifier: D8:E9:E4:0F:F9:FB:B6:28:0D:A3:6E:97:2F:20:D3:12:50:0C:18:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2OnkD_n7tigNo26XLyDTElAMGFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/8738b9-2d0a-4ef6-afad-1ae506ea1760/1/Jvh8LJ6-crAmSSGHbF76HnQ8ckA.roa
Signing time:             Mon 01 Jan 2024 10:29:33 +0000
ROA not before:           Mon 01 Jan 2024 10:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212367
IP address blocks:        194.8.58.0/24 maxlen: 24
                          2a0b:cfc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/8738b9-2d0a-4ef6-afad-1ae506ea1760/1/2OnkD_n7tigNo26XLyDTElAMGFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/8738b9-2d0a-4ef6-afad-1ae506ea1760/1/2OnkD_n7tigNo26XLyDTElAMGFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2OnkD_n7tigNo26XLyDTElAMGFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:55:33:df:49:03:34:6b:8a:a2:2c:98:96:c9:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8e9e40ff9fbb6280da36e972f20d312500c185c
        Validity
            Not Before: Jan  1 10:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26f87c2c9ebe72b0264921876c5efa1e743c7240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6a:91:82:fb:c1:a4:3b:db:df:4e:4e:38:6a:
                    b8:5f:6a:51:29:ca:bb:ad:58:35:cb:8e:a8:02:47:
                    0c:5c:f5:ee:fb:b4:ce:b0:af:13:02:cd:ab:b0:8a:
                    50:8c:b4:4c:0f:a9:bd:06:5c:6d:5c:0a:8d:29:fe:
                    7e:ed:ff:a5:e4:9f:04:a9:28:af:b1:a7:f3:b2:bc:
                    6e:52:2e:0e:8d:44:9e:2d:75:85:9a:c1:24:d7:4e:
                    04:dd:2b:00:08:1f:a8:99:fa:bf:5a:f3:b7:4c:d3:
                    d1:cb:6d:30:6b:98:e7:0d:8d:70:5c:fb:e7:7d:b0:
                    c3:d2:f2:f6:37:26:a6:9e:18:fc:90:8c:21:fa:1f:
                    0e:92:27:d1:bc:2d:38:18:8d:60:5f:97:cd:f6:ba:
                    45:e4:48:dc:6d:99:52:f6:63:99:b6:9f:88:07:18:
                    9e:47:c5:75:9d:ce:e6:ff:b4:89:15:a6:da:9f:3c:
                    08:f7:4a:32:8d:fd:17:77:66:35:78:b9:55:e1:ae:
                    35:53:0e:ac:f5:58:84:6f:19:a7:f9:8a:19:c1:51:
                    81:59:d3:e4:89:62:09:23:f1:ff:bc:ac:57:c8:0b:
                    fc:52:2a:10:c8:6f:55:87:3a:ef:3e:09:d8:37:57:
                    90:17:9a:76:0c:de:87:fb:a7:44:66:75:16:6b:dc:
                    d3:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:F8:7C:2C:9E:BE:72:B0:26:49:21:87:6C:5E:FA:1E:74:3C:72:40
            X509v3 Authority Key Identifier:
                keyid:D8:E9:E4:0F:F9:FB:B6:28:0D:A3:6E:97:2F:20:D3:12:50:0C:18:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2OnkD_n7tigNo26XLyDTElAMGFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/8738b9-2d0a-4ef6-afad-1ae506ea1760/1/Jvh8LJ6-crAmSSGHbF76HnQ8ckA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/8738b9-2d0a-4ef6-afad-1ae506ea1760/1/2OnkD_n7tigNo26XLyDTElAMGFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.58.0/24
                IPv6:
                  2a0b:cfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:0c:43:bf:5b:2a:79:cd:97:74:cc:f2:45:eb:91:07:55:37:
         02:34:f0:8f:6b:85:bf:89:1f:3d:fc:ca:cd:17:f1:0b:4b:8e:
         f9:b0:52:9c:4f:81:ea:81:4a:31:f6:53:ae:a4:6d:c9:ca:a7:
         57:f2:5b:57:a1:4b:e7:89:60:57:53:07:32:22:ce:10:74:3d:
         94:17:ef:03:5b:a0:4f:28:31:25:87:28:f2:72:92:86:24:da:
         f6:cc:16:f0:0a:84:63:86:79:f0:18:2a:4e:26:7c:94:86:23:
         7d:3c:c1:0e:04:35:c3:d4:8d:d5:a1:03:92:e9:fb:93:c4:db:
         af:1d:58:75:77:f7:24:8e:eb:b6:96:d4:fe:7b:49:71:b9:db:
         15:f1:62:f9:17:77:cc:ea:20:cf:0f:da:fa:28:bb:71:ca:1e:
         14:c4:74:3b:ae:15:b0:3c:d5:51:6f:27:4b:bc:5d:bb:fc:b1:
         2f:9c:f6:85:0a:95:59:1d:be:60:b8:33:79:c3:6d:f3:d4:68:
         bb:80:06:d9:a7:4d:bb:d2:f7:22:55:7e:78:5d:c1:19:c5:b3:
         aa:a6:aa:04:c7:06:ce:7e:f0:5a:6e:34:fc:17:1c:86:90:c5:
         82:a6:f2:ba:9f:e2:93:58:ef:8d:c8:76:81:2b:79:1d:0c:85:
         7a:e3:87:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEklUz30kDNGuKoiyYlsntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZTllNDBmZjlmYmI2MjgwZGEzNmU5NzJmMjBkMzEyNTAw
YzE4NWMwHhcNMjQwMTAxMTAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmY4N2MyYzllYmU3MmIwMjY0OTIxODc2YzVlZmExZTc0M2M3MjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGqRgvvBpDvb305OOGq4X2pRKcq7
rVg1y46oAkcMXPXu+7TOsK8TAs2rsIpQjLRMD6m9BlxtXAqNKf5+7f+l5J8EqSiv
safzsrxuUi4OjUSeLXWFmsEk104E3SsACB+omfq/WvO3TNPRy20wa5jnDY1wXPvn
fbDD0vL2Nyamnhj8kIwh+h8OkifRvC04GI1gX5fN9rpF5EjcbZlS9mOZtp+IBxie
R8V1nc7m/7SJFabanzwI90oyjf0Xd2Y1eLlV4a41Uw6s9ViEbxmn+YoZwVGBWdPk
iWIJI/H/vKxXyAv8UioQyG9VhzrvPgnYN1eQF5p2DN6H+6dEZnUWa9zT0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCb4fCyevnKwJkkhh2xe+h50PHJAMB8GA1UdIwQY
MBaAFNjp5A/5+7YoDaNuly8g0xJQDBhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk9ua0Rfbjd0aWdObzI2WEx5RFRFbEFNR0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS84NzM4YjktMmQwYS00ZWY2LWFmYWQt
MWFlNTA2ZWExNzYwLzEvSnZoOExKNi1jckFtU1NHSGJGNzZIblE4Y2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS84NzM4YjktMmQwYS00ZWY2LWFmYWQtMWFlNTA2ZWExNzYw
LzEvMk9ua0Rfbjd0aWdObzI2WEx5RFRFbEFNR0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgg6MA0E
AgACMAcDBQMqC8/AMA0GCSqGSIb3DQEBCwUAA4IBAQAjDEO/Wyp5zZd0zPJF65EH
VTcCNPCPa4W/iR89/MrNF/ELS475sFKcT4HqgUox9lOupG3JyqdX8ltXoUvniWBX
UwcyIs4QdD2UF+8DW6BPKDElhyjycpKGJNr2zBbwCoRjhnnwGCpOJnyUhiN9PMEO
BDXD1I3VoQOS6fuTxNuvHVh1d/ckjuu2ltT+e0lxudsV8WL5F3fM6iDPD9r6KLtx
yh4UxHQ7rhWwPNVRbydLvF27/LEvnPaFCpVZHb5guDN5w23z1Gi7gAbZp0270vci
VX54XcEZxbOqpqoExwbOfvBabjT8FxyGkMWCpvK6n+KTWO+NyHaBK3kdDIV644eK
-----END CERTIFICATE-----