Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/jgsL-JNXkk1yn6-KH57YxQ3sNT4.roa
File:                     jgsL-JNXkk1yn6-KH57YxQ3sNT4.roa (raw, json)
Hash identifier:          KYZEuwALNUosXDw8VKskpBQREoLm3E1X/8f7lMje9/A=
Subject key identifier:   8E:0B:0B:F8:93:57:92:4D:72:9F:AF:8A:1F:9E:D8:C5:0D:EC:35:3E
Certificate issuer:       /CN=3a5ec28e841f29f380a7ce2cb5cd5673700821fd
Certificate serial:       018CC79405D9BF2047AAB3388B827AF5B4D5
Authority key identifier: 3A:5E:C2:8E:84:1F:29:F3:80:A7:CE:2C:B5:CD:56:73:70:08:21:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/jgsL-JNXkk1yn6-KH57YxQ3sNT4.roa
Signing time:             Tue 02 Jan 2024 00:30:15 +0000
ROA not before:           Tue 02 Jan 2024 00:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        185.180.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:05:d9:bf:20:47:aa:b3:38:8b:82:7a:f5:b4:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a5ec28e841f29f380a7ce2cb5cd5673700821fd
        Validity
            Not Before: Jan  2 00:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e0b0bf89357924d729faf8a1f9ed8c50dec353e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ad:5e:60:71:ba:ba:6d:8b:26:95:cf:35:77:
                    91:b4:a5:78:6b:ae:81:fb:d7:56:29:97:5d:64:b5:
                    42:a2:f9:05:95:41:2f:f5:e1:6e:10:a1:14:f1:af:
                    9f:06:61:2a:ba:34:b3:65:e5:6e:bd:9c:9e:f5:07:
                    dc:ac:fb:13:41:e9:29:db:a7:a1:3a:00:88:5c:29:
                    2f:ec:da:f2:9b:8a:fb:50:13:c0:b8:0a:5f:b7:ba:
                    86:f0:44:10:2f:62:b8:6f:37:d7:72:43:98:43:4e:
                    11:fb:f9:fa:35:42:20:9c:4f:c5:6d:d8:7a:a0:e4:
                    bf:18:7e:b9:04:62:ab:af:cd:8e:53:3a:59:ae:40:
                    b1:02:0d:5c:91:ce:23:b2:20:bc:47:f2:81:b1:68:
                    61:88:ae:92:31:db:10:23:ec:71:db:5d:39:12:66:
                    a7:4d:00:9b:d7:f3:c6:65:c5:54:57:b2:c5:31:d4:
                    d7:3a:93:d9:9a:48:dd:82:88:5c:1c:ab:3c:a0:58:
                    1d:8a:76:06:b1:a5:62:9b:e3:8a:33:40:17:9f:02:
                    c2:f5:84:a3:84:d0:11:3a:ee:be:c2:75:bd:5b:78:
                    b8:a6:85:92:50:28:d0:cc:eb:f8:14:0c:29:ba:f5:
                    a9:94:2d:e2:00:cd:2a:d2:39:5d:e4:aa:80:be:b2:
                    75:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0B:0B:F8:93:57:92:4D:72:9F:AF:8A:1F:9E:D8:C5:0D:EC:35:3E
            X509v3 Authority Key Identifier:
                keyid:3A:5E:C2:8E:84:1F:29:F3:80:A7:CE:2C:B5:CD:56:73:70:08:21:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/jgsL-JNXkk1yn6-KH57YxQ3sNT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:bb:d2:52:cf:1e:7e:d8:24:ec:c9:2e:fb:27:ea:96:67:f9:
         8e:53:16:95:15:77:71:ff:13:d7:8f:4c:00:d6:c1:c0:8a:25:
         24:86:e1:c6:80:f1:66:ce:dc:50:53:51:96:1b:8a:95:aa:38:
         32:2d:81:2a:48:c6:3a:0f:b6:91:fe:9b:49:3e:75:60:5f:f0:
         69:5f:ab:2f:03:bf:c2:2a:79:25:89:23:22:04:e0:3e:4f:c8:
         fc:0a:7a:1e:9b:5d:65:fb:46:9f:9e:d7:f6:82:66:2f:23:a1:
         2a:05:01:37:ce:2a:0e:c9:df:d9:ab:5a:6e:ea:3a:12:a6:56:
         66:21:25:15:26:a6:b6:13:f7:da:33:5e:33:ea:b0:3c:0a:62:
         e7:4a:3e:d0:7b:19:c3:d0:cc:43:8d:f0:e3:36:63:4c:99:83:
         70:3f:56:29:6f:bd:63:de:33:09:3b:42:fc:c7:54:12:bb:c0:
         bb:e3:99:2c:91:8f:ae:bf:af:bc:94:59:13:f1:5f:c9:b0:3d:
         df:f0:c9:a0:d9:8d:1f:7d:b1:11:af:af:15:01:49:f8:4a:41:
         fb:87:e7:92:a4:70:30:4a:09:da:1e:0a:6c:3b:9f:ff:64:3e:
         44:0b:65:27:de:e4:39:55:a3:05:60:44:88:84:00:43:7a:c3:
         03:f5:ff:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlAXZvyBHqrM4i4J69bTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNWVjMjhlODQxZjI5ZjM4MGE3Y2UyY2I1Y2Q1NjczNzAw
ODIxZmQwHhcNMjQwMTAyMDAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTBiMGJmODkzNTc5MjRkNzI5ZmFmOGExZjllZDhjNTBkZWMzNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn61eYHG6um2LJpXPNXeRtKV4a66B
+9dWKZddZLVCovkFlUEv9eFuEKEU8a+fBmEqujSzZeVuvZye9QfcrPsTQekp26eh
OgCIXCkv7Nrym4r7UBPAuApft7qG8EQQL2K4bzfXckOYQ04R+/n6NUIgnE/Fbdh6
oOS/GH65BGKrr82OUzpZrkCxAg1ckc4jsiC8R/KBsWhhiK6SMdsQI+xx2105Eman
TQCb1/PGZcVUV7LFMdTXOpPZmkjdgohcHKs8oFgdinYGsaVim+OKM0AXnwLC9YSj
hNAROu6+wnW9W3i4poWSUCjQzOv4FAwpuvWplC3iAM0q0jld5KqAvrJ1kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4LC/iTV5JNcp+vih+e2MUN7DU+MB8GA1UdIwQY
MBaAFDpewo6EHynzgKfOLLXNVnNwCCH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2w3Q2pvUWZLZk9BcDg0c3RjMVdjM0FJSWYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9jMTIwMjAtYTFhMS00MDBlLTkxZjMt
ODM1NTk5MjYwZmY2LzEvamdzTC1KTlhrazF5bjYtS0g1N1l4UTNzTlQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9jMTIwMjAtYTFhMS00MDBlLTkxZjMtODM1NTk5MjYwZmY2
LzEvT2w3Q2pvUWZLZk9BcDg0c3RjMVdjM0FJSWYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubTDMA0G
CSqGSIb3DQEBCwUAA4IBAQAEu9JSzx5+2CTsyS77J+qWZ/mOUxaVFXdx/xPXj0wA
1sHAiiUkhuHGgPFmztxQU1GWG4qVqjgyLYEqSMY6D7aR/ptJPnVgX/BpX6svA7/C
KnkliSMiBOA+T8j8Cnoem11l+0afntf2gmYvI6EqBQE3zioOyd/Zq1pu6joSplZm
ISUVJqa2E/faM14z6rA8CmLnSj7QexnD0MxDjfDjNmNMmYNwP1Ypb71j3jMJO0L8
x1QSu8C745kskY+uv6+8lFkT8V/JsD3f8Mmg2Y0ffbERr68VAUn4SkH7h+eSpHAw
SgnaHgpsO5//ZD5EC2Un3uQ5VaMFYESIhABDesMD9f/6
-----END CERTIFICATE-----