Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/jcqHFu5qOxSW-TnLkY1_u5xVSkY.roa
File:                     jcqHFu5qOxSW-TnLkY1_u5xVSkY.roa (raw, json)
Hash identifier:          NgmD4wgtXUd2RoIUVTRN3ydeoBjG7zM9G8+8J0bQPGg=
Subject key identifier:   8D:CA:87:16:EE:6A:3B:14:96:F9:39:CB:91:8D:7F:BB:9C:55:4A:46
Certificate issuer:       /CN=0bc893375ad155b5ffced3cbee2535b8659fe389
Certificate serial:       018CC94E239CBB1010D656ECB04B39A0D504
Authority key identifier: 0B:C8:93:37:5A:D1:55:B5:FF:CE:D3:CB:EE:25:35:B8:65:9F:E3:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C8iTN1rRVbX_ztPL7iU1uGWf44k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/jcqHFu5qOxSW-TnLkY1_u5xVSkY.roa
Signing time:             Tue 02 Jan 2024 08:33:10 +0000
ROA not before:           Tue 02 Jan 2024 08:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197690
IP address blocks:        85.208.180.0/22 maxlen: 22
                          2a09:8b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/C8iTN1rRVbX_ztPL7iU1uGWf44k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/C8iTN1rRVbX_ztPL7iU1uGWf44k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C8iTN1rRVbX_ztPL7iU1uGWf44k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:23:9c:bb:10:10:d6:56:ec:b0:4b:39:a0:d5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bc893375ad155b5ffced3cbee2535b8659fe389
        Validity
            Not Before: Jan  2 08:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dca8716ee6a3b1496f939cb918d7fbb9c554a46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:60:d4:b0:92:80:64:68:78:d1:31:26:56:86:
                    9b:69:79:23:3f:90:d4:00:61:33:8a:1d:87:d9:8e:
                    7f:cd:ad:e1:ad:11:83:75:3d:03:9f:1e:a2:03:c8:
                    9e:e9:74:9f:cf:54:d5:be:fa:c9:a1:9a:42:b7:fe:
                    34:0f:06:b4:1c:bc:e5:99:2e:e7:64:1b:a7:e3:ee:
                    dd:a3:70:39:0f:7e:ce:58:40:06:e5:9f:43:6e:ea:
                    b0:82:01:c4:3e:65:7d:0d:6f:82:aa:85:f2:4a:e0:
                    ee:04:a9:33:29:68:b1:55:ab:ab:59:45:1c:70:54:
                    9f:a4:cf:b6:54:6b:4b:55:97:8f:c6:75:e9:b3:27:
                    37:09:c0:02:ee:4c:c1:fa:2a:90:60:79:33:20:40:
                    e1:2b:02:13:5a:d2:5d:b8:c3:47:fd:31:ea:17:b3:
                    1c:8f:d9:f6:1c:a1:1c:21:26:4d:5e:25:98:7f:78:
                    4c:4c:8b:0e:ed:19:57:ac:98:27:db:8a:7a:67:f8:
                    68:6f:03:f1:6b:5f:3c:c8:0f:d4:3b:49:ca:6a:1e:
                    a1:af:28:5c:63:56:9e:c7:1c:0f:0f:8c:68:09:c8:
                    78:8f:20:06:e5:f7:9e:0f:36:82:1f:b1:e5:5e:7b:
                    80:a6:c3:a8:97:fc:97:a0:c4:58:e2:db:5e:26:bd:
                    36:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:CA:87:16:EE:6A:3B:14:96:F9:39:CB:91:8D:7F:BB:9C:55:4A:46
            X509v3 Authority Key Identifier:
                keyid:0B:C8:93:37:5A:D1:55:B5:FF:CE:D3:CB:EE:25:35:B8:65:9F:E3:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C8iTN1rRVbX_ztPL7iU1uGWf44k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/jcqHFu5qOxSW-TnLkY1_u5xVSkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/C8iTN1rRVbX_ztPL7iU1uGWf44k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.180.0/22
                IPv6:
                  2a09:8b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:0c:7a:88:99:be:96:bc:61:6a:83:5a:5e:45:9f:f3:23:66:
         6d:f2:8e:3c:c2:d5:27:34:7a:a4:8c:8c:12:b4:b6:c4:1b:7e:
         2d:1b:81:d8:94:f8:d9:f1:dc:e0:28:e1:ba:ec:81:cf:8e:37:
         0d:e7:62:f7:3c:4e:4f:8f:22:c4:9f:ed:da:e2:80:ff:01:cc:
         1e:07:04:aa:7f:d7:79:28:62:6c:ce:35:02:20:0b:7d:b4:5e:
         cf:90:f3:93:55:e1:cc:25:a2:4f:50:6f:f1:a0:04:f7:98:19:
         59:47:0e:19:d7:95:22:80:8b:7c:5b:bb:42:c2:bf:9c:f6:ab:
         f7:08:30:bd:89:f4:50:c3:6c:f7:bf:bc:8a:5a:7b:7e:c3:70:
         90:a3:a8:db:9a:e1:0c:c3:b3:a7:d9:0a:18:f1:97:dd:c6:e1:
         ed:e3:aa:b2:24:2c:d2:93:9c:f5:1c:50:28:94:97:2a:37:af:
         06:53:62:30:d9:0a:9a:c9:c5:ad:73:e0:e7:d3:62:6e:18:f9:
         6b:50:e5:90:53:51:73:be:3d:16:01:83:76:62:f8:64:9d:89:
         1a:94:99:9f:6e:58:82:06:90:36:2d:2e:b9:bf:65:d0:74:3e:
         fe:05:a5:0e:59:16:db:95:86:21:7f:6d:92:40:67:81:46:f2:
         3f:61:d4:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTiOcuxAQ1lbssEs5oNUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYzg5MzM3NWFkMTU1YjVmZmNlZDNjYmVlMjUzNWI4NjU5
ZmUzODkwHhcNMjQwMTAyMDgzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGNhODcxNmVlNmEzYjE0OTZmOTM5Y2I5MThkN2ZiYjljNTU0YTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmDUsJKAZGh40TEmVoabaXkjP5DU
AGEzih2H2Y5/za3hrRGDdT0Dnx6iA8ie6XSfz1TVvvrJoZpCt/40Dwa0HLzlmS7n
ZBun4+7do3A5D37OWEAG5Z9DbuqwggHEPmV9DW+CqoXySuDuBKkzKWixVaurWUUc
cFSfpM+2VGtLVZePxnXpsyc3CcAC7kzB+iqQYHkzIEDhKwITWtJduMNH/THqF7Mc
j9n2HKEcISZNXiWYf3hMTIsO7RlXrJgn24p6Z/hobwPxa188yA/UO0nKah6hryhc
Y1aexxwPD4xoCch4jyAG5feeDzaCH7HlXnuApsOol/yXoMRY4tteJr02qwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI3KhxbuajsUlvk5y5GNf7ucVUpGMB8GA1UdIwQY
MBaAFAvIkzda0VW1/87Ty+4lNbhln+OJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzhpVE4xclJWYlhfenRQTDdpVTF1R1dmNDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8zMzY3MDEtZTM2YS00ZGIyLTk3NGUt
MGVkMDc4ZjRiY2FmLzEvamNxSEZ1NXFPeFNXLVRuTGtZMV91NXhWU2tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8zMzY3MDEtZTM2YS00ZGIyLTk3NGUtMGVkMDc4ZjRiY2Fm
LzEvQzhpVE4xclJWYlhfenRQTDdpVTF1R1dmNDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdC0MA0E
AgACMAcDBQMqCYtAMA0GCSqGSIb3DQEBCwUAA4IBAQAgDHqImb6WvGFqg1peRZ/z
I2Zt8o48wtUnNHqkjIwStLbEG34tG4HYlPjZ8dzgKOG67IHPjjcN52L3PE5PjyLE
n+3a4oD/AcweBwSqf9d5KGJszjUCIAt9tF7PkPOTVeHMJaJPUG/xoAT3mBlZRw4Z
15UigIt8W7tCwr+c9qv3CDC9ifRQw2z3v7yKWnt+w3CQo6jbmuEMw7On2QoY8Zfd
xuHt46qyJCzSk5z1HFAolJcqN68GU2Iw2QqaycWtc+Dn02JuGPlrUOWQU1Fzvj0W
AYN2YvhknYkalJmfbliCBpA2LS65v2XQdD7+BaUOWRbblYYhf22SQGeBRvI/YdQq
-----END CERTIFICATE-----