Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sjbpTN8GeHfofPoewxtyzEs1vlY.roa
File:                     sjbpTN8GeHfofPoewxtyzEs1vlY.roa (raw, json)
Hash identifier:          J5r8t3nRLGjwBz79MNar7fLxRSWh4xSx5xp5uWlk7Dc=
Subject key identifier:   B2:36:E9:4C:DF:06:78:77:E8:7C:FA:1E:C3:1B:72:CC:4B:35:BE:56
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7956475D8D6EAB0A7859E29EA9D53D6
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sjbpTN8GeHfofPoewxtyzEs1vlY.roa
Signing time:             Tue 02 Jan 2024 00:31:45 +0000
ROA not before:           Tue 02 Jan 2024 00:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62114
IP address blocks:        176.223.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:64:75:d8:d6:ea:b0:a7:85:9e:29:ea:9d:53:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b236e94cdf067877e87cfa1ec31b72cc4b35be56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6a:d3:59:b0:8f:ff:7b:7f:e4:37:56:41:c7:
                    17:52:d9:40:fe:ce:0b:49:cd:bc:65:88:2f:e6:ee:
                    36:5a:12:27:3c:89:5e:3b:a5:b2:99:4d:df:06:ef:
                    89:33:ab:69:96:1a:c4:52:7b:04:1a:70:12:5f:de:
                    82:72:c6:e5:29:3e:95:f1:bf:2e:b3:cb:2c:cf:d2:
                    f4:66:e5:45:10:f4:5e:59:86:ca:50:a9:8c:5a:94:
                    66:07:31:96:b3:50:d3:a4:a6:39:76:c7:53:2c:ad:
                    fb:2f:5d:1d:a0:c1:9a:1a:6b:8d:82:36:e9:32:d2:
                    a1:d4:e5:d7:7e:33:6e:4d:d4:d8:c3:ba:d8:81:4a:
                    ca:e9:ab:c7:ab:66:45:84:ff:22:e4:5c:a6:23:e4:
                    a9:0c:7f:ea:b2:39:3f:fb:67:80:15:42:4b:65:e7:
                    14:c3:c2:60:e6:ef:97:e2:a5:51:4e:09:fd:f8:97:
                    84:1e:63:22:ed:63:87:91:9a:16:41:a7:31:1e:3e:
                    08:a5:ea:85:4c:49:61:b2:69:95:28:cd:25:3e:93:
                    89:1c:4f:98:49:0e:0c:b3:77:2a:d8:53:11:ce:95:
                    51:22:75:52:ec:6e:d3:4d:e3:a5:0c:06:c8:fb:de:
                    46:14:9a:c4:87:f1:1c:c3:91:74:96:7e:a9:e8:a5:
                    6d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:36:E9:4C:DF:06:78:77:E8:7C:FA:1E:C3:1B:72:CC:4B:35:BE:56
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sjbpTN8GeHfofPoewxtyzEs1vlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.223.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:01:aa:c4:2c:76:6a:db:2f:40:bf:bc:ba:74:6a:3c:9c:68:
         f4:1f:39:e1:e1:44:cf:c9:7e:e8:a7:1c:0e:c2:f3:c4:f3:39:
         52:e9:46:c9:35:59:ab:fa:ed:b1:c4:94:fa:7d:57:95:77:1c:
         4b:07:80:1c:19:1b:6e:70:dd:6d:21:43:6c:d0:05:2b:34:c2:
         a8:a6:62:cd:c6:af:ab:d4:c1:a6:dd:fe:e3:93:04:b3:3e:ab:
         20:eb:45:ae:3b:e5:d1:0d:7a:ed:10:06:92:44:26:35:e8:8a:
         83:65:b9:43:a1:d8:4f:26:ef:09:57:16:d0:c6:7c:c2:c3:65:
         9d:65:71:50:36:e1:2c:ff:97:e0:e5:71:d1:0b:ed:98:74:9d:
         4b:d7:6f:2a:51:ec:0f:38:44:5f:00:19:54:ac:b2:a6:28:b1:
         d8:e2:81:43:b9:09:16:c2:84:17:ab:f8:f7:68:4b:12:d0:46:
         6e:f7:93:a5:e1:da:64:07:a4:66:8f:04:26:03:ac:de:04:33:
         55:8c:3f:4e:40:83:2d:79:14:4b:f7:d6:2a:76:8e:ee:74:d7:
         58:0d:71:4b:86:51:c5:2f:47:6d:07:40:83:33:d3:48:92:b3:
         e6:7b:42:6b:19:f6:d1:cd:a8:dc:7b:4c:ed:76:ff:18:df:e2:
         cd:dd:8b:90
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlWR12NbqsKeFninqnVPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjM2ZTk0Y2RmMDY3ODc3ZTg3Y2ZhMWVjMzFiNzJjYzRiMzViZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWrTWbCP/3t/5DdWQccXUtlA/s4L
Sc28ZYgv5u42WhInPIleO6WymU3fBu+JM6tplhrEUnsEGnASX96CcsblKT6V8b8u
s8ssz9L0ZuVFEPReWYbKUKmMWpRmBzGWs1DTpKY5dsdTLK37L10doMGaGmuNgjbp
MtKh1OXXfjNuTdTYw7rYgUrK6avHq2ZFhP8i5FymI+SpDH/qsjk/+2eAFUJLZecU
w8Jg5u+X4qVRTgn9+JeEHmMi7WOHkZoWQacxHj4IpeqFTElhsmmVKM0lPpOJHE+Y
SQ4Ms3cq2FMRzpVRInVS7G7TTeOlDAbI+95GFJrEh/Ecw5F0ln6p6KVtCwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLI26UzfBnh36Hz6HsMbcsxLNb5WMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3NqYnBUTjhHZUhmb2ZQb2V3eHR5ekVzMXZsWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACw30Aw
DQYJKoZIhvcNAQELBQADggEBAJcBqsQsdmrbL0C/vLp0ajycaPQfOeHhRM/Jfuin
HA7C88TzOVLpRsk1Wav67bHElPp9V5V3HEsHgBwZG25w3W0hQ2zQBSs0wqimYs3G
r6vUwabd/uOTBLM+qyDrRa475dENeu0QBpJEJjXoioNluUOh2E8m7wlXFtDGfMLD
ZZ1lcVA24Sz/l+DlcdEL7Zh0nUvXbypR7A84RF8AGVSssqYosdjigUO5CRbChBer
+PdoSxLQRm73k6Xh2mQHpGaPBCYDrN4EM1WMP05Agy15FEv31ip2ju5011gNcUuG
UcUvR20HQIMz00iSs+Z7QmsZ9tHNqNx7TO12/xjf4s3di5A=
-----END CERTIFICATE-----