Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2fcecd-1b6c-4ae9-9d36-6d3812aa5eb5/1/j3oTdRMuVWk57ppbSw1n_8E1R3k.roa
File:                     j3oTdRMuVWk57ppbSw1n_8E1R3k.roa (raw, json)
Hash identifier:          Q+9/787M+ddVG+aIoitvOl3SXjHtz+PdL9D214k6FKs=
Subject key identifier:   8F:7A:13:75:13:2E:55:69:39:EE:9A:5B:4B:0D:67:FF:C1:35:47:79
Certificate issuer:       /CN=0239a40bef930438d53cd07f07ff9153e2fb9be8
Certificate serial:       018CC50048599829DD1BAC7ED710CB20D944
Authority key identifier: 02:39:A4:0B:EF:93:04:38:D5:3C:D0:7F:07:FF:91:53:E2:FB:9B:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjmkC--TBDjVPNB_B_-RU-L7m-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2fcecd-1b6c-4ae9-9d36-6d3812aa5eb5/1/j3oTdRMuVWk57ppbSw1n_8E1R3k.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1449
IP address blocks:        185.97.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2fcecd-1b6c-4ae9-9d36-6d3812aa5eb5/1/AjmkC--TBDjVPNB_B_-RU-L7m-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2fcecd-1b6c-4ae9-9d36-6d3812aa5eb5/1/AjmkC--TBDjVPNB_B_-RU-L7m-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AjmkC--TBDjVPNB_B_-RU-L7m-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:48:59:98:29:dd:1b:ac:7e:d7:10:cb:20:d9:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0239a40bef930438d53cd07f07ff9153e2fb9be8
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f7a1375132e556939ee9a5b4b0d67ffc1354779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:dd:5f:6b:85:95:ab:72:4d:75:bd:f0:d0:e9:
                    aa:70:6e:5c:8d:98:51:f6:57:18:6e:8b:08:0a:dd:
                    9b:d3:c2:86:2a:bf:6a:f9:46:94:4f:d6:fa:8f:46:
                    6a:1a:2a:d6:a8:08:72:c4:70:2e:59:b8:42:b5:76:
                    92:36:8e:3c:cb:06:e1:7d:5d:1e:93:4d:4b:94:dc:
                    4f:83:35:96:2e:08:5a:d5:79:b1:90:c2:36:56:19:
                    a0:b9:29:97:48:7c:b1:01:35:b3:10:27:cf:c4:15:
                    5c:6a:80:ed:cc:d5:3d:b0:77:3f:cf:f0:c3:61:ce:
                    26:dc:e5:a8:ea:42:17:ac:cd:0b:d9:78:60:6a:8c:
                    3f:f3:5b:8e:13:20:17:2e:5b:70:30:07:a2:28:62:
                    af:b4:20:0e:82:75:f2:31:4a:18:bc:9f:0f:37:a1:
                    f8:3d:85:27:a8:a9:b2:fc:98:d2:d3:46:1e:99:05:
                    7f:ae:a7:24:dd:62:3e:68:b4:ab:25:17:7f:9d:65:
                    e0:ae:9c:80:fc:34:80:2a:0a:2b:70:c8:6e:b8:47:
                    27:22:b0:10:14:90:82:2a:d8:b4:a1:65:af:7d:ea:
                    a1:8f:ef:34:50:fb:32:27:2c:46:b8:aa:48:0f:8b:
                    50:a5:bd:91:b6:37:3e:2e:68:76:ca:99:32:9b:b1:
                    1c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7A:13:75:13:2E:55:69:39:EE:9A:5B:4B:0D:67:FF:C1:35:47:79
            X509v3 Authority Key Identifier:
                keyid:02:39:A4:0B:EF:93:04:38:D5:3C:D0:7F:07:FF:91:53:E2:FB:9B:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjmkC--TBDjVPNB_B_-RU-L7m-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2fcecd-1b6c-4ae9-9d36-6d3812aa5eb5/1/j3oTdRMuVWk57ppbSw1n_8E1R3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2fcecd-1b6c-4ae9-9d36-6d3812aa5eb5/1/AjmkC--TBDjVPNB_B_-RU-L7m-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:b7:8e:4c:af:7c:85:a4:b9:a6:37:6e:ae:72:d1:12:c5:19:
         bc:7e:97:9b:02:f4:34:af:41:8a:75:1b:9f:5a:f2:49:de:2c:
         a1:a0:dd:b7:b0:19:5b:09:68:f0:d5:d3:30:f1:0d:fd:0e:c5:
         b9:a5:f7:3c:c5:70:ee:c0:b8:dc:0b:ba:1c:b2:81:65:86:3b:
         cb:5f:32:9b:16:1f:93:2e:ae:32:8a:79:c6:d5:64:fa:ff:85:
         1b:9c:27:4a:62:a1:50:ac:37:f5:14:cf:3e:76:73:c0:b3:5a:
         74:7f:73:8f:e4:64:82:9e:73:cc:aa:14:8d:d3:b4:e5:8a:a6:
         3a:6c:b1:21:b3:18:0f:65:52:2f:e8:79:54:26:6f:21:47:c8:
         19:92:36:55:89:06:36:f0:52:ea:34:44:c5:d6:9c:a9:34:dd:
         d8:a1:aa:16:29:c1:ff:34:1c:08:a2:a0:5d:e9:83:69:64:17:
         e1:ae:e4:84:a5:ac:ac:b2:ca:37:83:92:d3:e9:f1:3c:85:ee:
         1b:f0:91:ea:3f:f3:7c:70:c6:1a:ee:82:36:1b:5c:e5:6a:c5:
         6f:c5:95:e7:48:64:3b:f3:08:c8:18:85:a5:0e:52:db:71:dc:
         ac:b6:b4:dd:37:f7:73:d8:a7:b5:3b:61:16:29:d3:1c:38:25:
         22:fd:f5:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEhZmCndG6x+1xDLINlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMzlhNDBiZWY5MzA0MzhkNTNjZDA3ZjA3ZmY5MTUzZTJm
YjliZTgwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdhMTM3NTEzMmU1NTY5MzllZTlhNWI0YjBkNjdmZmMxMzU0Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd1fa4WVq3JNdb3w0OmqcG5cjZhR
9lcYbosICt2b08KGKr9q+UaUT9b6j0ZqGirWqAhyxHAuWbhCtXaSNo48ywbhfV0e
k01LlNxPgzWWLgha1XmxkMI2VhmguSmXSHyxATWzECfPxBVcaoDtzNU9sHc/z/DD
Yc4m3OWo6kIXrM0L2Xhgaow/81uOEyAXLltwMAeiKGKvtCAOgnXyMUoYvJ8PN6H4
PYUnqKmy/JjS00YemQV/rqck3WI+aLSrJRd/nWXgrpyA/DSAKgorcMhuuEcnIrAQ
FJCCKti0oWWvfeqhj+80UPsyJyxGuKpID4tQpb2Rtjc+Lmh2ypkym7EcvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI96E3UTLlVpOe6aW0sNZ//BNUd5MB8GA1UdIwQY
MBaAFAI5pAvvkwQ41TzQfwf/kVPi+5voMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWpta0MtLVRCRGpWUE5CX0JfLVJVLUw3bS1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yZmNlY2QtMWI2Yy00YWU5LTlkMzYt
NmQzODEyYWE1ZWI1LzEvajNvVGRSTXVWV2s1N3BwYlN3MW5fOEUxUjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yZmNlY2QtMWI2Yy00YWU5LTlkMzYtNmQzODEyYWE1ZWI1
LzEvQWpta0MtLVRCRGpWUE5CX0JfLVJVLUw3bS1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWFQMA0G
CSqGSIb3DQEBCwUAA4IBAQCMt45Mr3yFpLmmN26uctESxRm8fpebAvQ0r0GKdRuf
WvJJ3iyhoN23sBlbCWjw1dMw8Q39DsW5pfc8xXDuwLjcC7ocsoFlhjvLXzKbFh+T
Lq4yinnG1WT6/4UbnCdKYqFQrDf1FM8+dnPAs1p0f3OP5GSCnnPMqhSN07TliqY6
bLEhsxgPZVIv6HlUJm8hR8gZkjZViQY28FLqNETF1pypNN3YoaoWKcH/NBwIoqBd
6YNpZBfhruSEpayssso3g5LT6fE8he4b8JHqP/N8cMYa7oI2G1zlasVvxZXnSGQ7
8wjIGIWlDlLbcdystrTdN/dz2Ke1O2EWKdMcOCUi/fXS
-----END CERTIFICATE-----