Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/jFAwSqBzRuBudxT3F7vkiEfGmpU.roa
File:                     jFAwSqBzRuBudxT3F7vkiEfGmpU.roa (raw, json)
Hash identifier:          xIVnf7C/C+r5vHb1QikPMamW8zRNPxkkLXdmAh1hiYU=
Subject key identifier:   8C:50:30:4A:A0:73:46:E0:6E:77:14:F7:17:BB:E4:88:47:C6:9A:95
Certificate issuer:       /CN=65415a1763fe005b0139b014c6e575d5f9b2a504
Certificate serial:       018CC2DAB5F7C2F71CCD7604C78FE6BFE662
Authority key identifier: 65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/jFAwSqBzRuBudxT3F7vkiEfGmpU.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24577
IP address blocks:        176.120.120.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b5:f7:c2:f7:1c:cd:76:04:c7:8f:e6:bf:e6:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65415a1763fe005b0139b014c6e575d5f9b2a504
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c50304aa07346e06e7714f717bbe48847c69a95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:51:8f:e2:24:4d:99:4e:14:fb:95:62:61:91:
                    1e:ed:97:14:df:79:bb:1a:6c:75:47:f7:1d:43:61:
                    52:71:85:42:15:a1:13:68:22:82:81:58:3f:87:0d:
                    9d:a5:2f:e6:e4:92:fc:ed:4d:7d:41:35:9f:0a:15:
                    2d:07:54:fe:cb:33:62:ce:e3:e2:b4:f4:95:5c:92:
                    82:aa:10:b0:b7:4d:fb:47:e1:fc:e0:bf:a2:37:83:
                    66:66:e2:ef:38:cc:f4:fb:d3:74:cc:19:3b:39:2f:
                    3c:11:f7:34:c2:53:80:54:ca:57:69:dc:55:4c:e6:
                    11:34:8d:2a:85:07:0a:cc:a1:31:40:73:7b:29:5e:
                    f6:33:67:f1:b9:08:03:c2:28:08:88:94:44:5a:e0:
                    db:69:2c:7a:de:5a:c0:b5:fa:84:81:eb:45:01:eb:
                    16:44:1c:a9:fd:f8:f5:c2:83:02:74:8a:50:e2:95:
                    de:0d:6f:42:ba:40:0d:cb:cf:ed:0c:ba:67:e2:fe:
                    f6:bb:cf:74:9a:e2:9e:af:26:50:36:28:9c:e3:40:
                    b6:8d:2e:48:0c:a8:cc:de:d5:6f:e9:42:b2:36:75:
                    81:8a:c6:76:d1:e6:c5:3b:52:34:6e:1d:52:f6:02:
                    d2:49:c4:b4:9f:6b:a1:31:58:bc:03:46:db:29:45:
                    6a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:50:30:4A:A0:73:46:E0:6E:77:14:F7:17:BB:E4:88:47:C6:9A:95
            X509v3 Authority Key Identifier:
                keyid:65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/jFAwSqBzRuBudxT3F7vkiEfGmpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:03:6b:29:f4:58:9d:71:cb:c3:b1:b3:c4:b9:7d:e6:08:91:
         09:a5:42:af:11:c7:ca:b0:4a:e5:60:8c:a1:a6:d8:fe:e2:fb:
         1e:ba:4c:6e:e0:5d:b1:e6:96:6c:4a:71:83:c3:c5:54:6b:9f:
         a4:32:42:87:11:00:27:92:53:32:b6:1c:af:ae:df:ec:62:d2:
         fb:e6:96:6e:7c:35:d6:fb:c1:46:ff:10:dd:05:d7:a6:00:aa:
         87:8d:54:0f:ff:b8:67:42:cc:85:a5:63:29:e1:45:a8:e0:45:
         b9:b0:d3:6e:f3:9f:50:63:c4:44:f4:25:f7:e2:b3:52:a9:6a:
         11:7f:cd:18:af:1a:1d:80:48:37:40:08:e2:d7:f3:a0:b1:d4:
         b0:6d:c8:8e:0a:e8:9b:f8:cd:34:85:ca:38:4a:81:1b:10:5d:
         35:74:7c:2e:fe:7e:73:3a:0e:9d:1b:00:1b:72:74:78:6e:47:
         a3:3b:69:68:33:0e:6d:cc:6d:e1:51:43:ab:2e:3a:78:aa:a8:
         62:21:24:fe:29:85:ab:7c:27:df:b1:e0:8b:0f:f0:20:9b:64:
         7c:db:28:cf:b6:89:49:9a:48:18:8e:1f:99:d6:e4:93:4c:d8:
         bb:5f:4a:fa:09:f2:20:07:f1:5f:79:29:c9:27:fb:7f:d0:e6:
         cb:a6:78:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rX3wvcczXYEx4/mv+ZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NDE1YTE3NjNmZTAwNWIwMTM5YjAxNGM2ZTU3NWQ1Zjli
MmE1MDQwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzUwMzA0YWEwNzM0NmUwNmU3NzE0ZjcxN2JiZTQ4ODQ3YzY5YTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglGP4iRNmU4U+5ViYZEe7ZcU33m7
Gmx1R/cdQ2FScYVCFaETaCKCgVg/hw2dpS/m5JL87U19QTWfChUtB1T+yzNizuPi
tPSVXJKCqhCwt037R+H84L+iN4NmZuLvOMz0+9N0zBk7OS88Efc0wlOAVMpXadxV
TOYRNI0qhQcKzKExQHN7KV72M2fxuQgDwigIiJREWuDbaSx63lrAtfqEgetFAesW
RByp/fj1woMCdIpQ4pXeDW9CukANy8/tDLpn4v72u890muKeryZQNiic40C2jS5I
DKjM3tVv6UKyNnWBisZ20ebFO1I0bh1S9gLSScS0n2uhMVi8A0bbKUVqMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxQMEqgc0bgbncU9xe75IhHxpqVMB8GA1UdIwQY
MBaAFGVBWhdj/gBbATmwFMblddX5sqUEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlVGYUYyUC1BRnNCT2JBVXh1VjExZm15cFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8zYWVjNzEtY2ExNy00ZWM1LTg3YTct
ZWU3YTIwNTY5YjgzLzEvakZBd1NxQnpSdUJ1ZHhUM0Y3dmtpRWZHbXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8zYWVjNzEtY2ExNy00ZWM1LTg3YTctZWU3YTIwNTY5Yjgz
LzEvWlVGYUYyUC1BRnNCT2JBVXh1VjExZm15cFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsHh4MA0G
CSqGSIb3DQEBCwUAA4IBAQBnA2sp9FidccvDsbPEuX3mCJEJpUKvEcfKsErlYIyh
ptj+4vseukxu4F2x5pZsSnGDw8VUa5+kMkKHEQAnklMythyvrt/sYtL75pZufDXW
+8FG/xDdBdemAKqHjVQP/7hnQsyFpWMp4UWo4EW5sNNu859QY8RE9CX34rNSqWoR
f80YrxodgEg3QAji1/OgsdSwbciOCuib+M00hco4SoEbEF01dHwu/n5zOg6dGwAb
cnR4bkejO2loMw5tzG3hUUOrLjp4qqhiIST+KYWrfCffseCLD/Agm2R82yjPtolJ
mkgYjh+Z1uSTTNi7X0r6CfIgB/FfeSnJJ/t/0ObLpnhF
-----END CERTIFICATE-----