Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/Jkz7_womzsUHpNMZpbbQ3TQJMUg.roa
File:                     Jkz7_womzsUHpNMZpbbQ3TQJMUg.roa (raw, json)
Hash identifier:          0YSUiWK3XX07poDbJXnVV51NaA2MtMEQ4O9/mMZtxhw=
Subject key identifier:   26:4C:FB:FF:0A:26:CE:C5:07:A4:D3:19:A5:B6:D0:DD:34:09:31:48
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       018CC86F73EE2F730A86B3937C03E14EDA40
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/Jkz7_womzsUHpNMZpbbQ3TQJMUg.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198178
IP address blocks:        94.228.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:73:ee:2f:73:0a:86:b3:93:7c:03:e1:4e:da:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=264cfbff0a26cec507a4d319a5b6d0dd34093148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cd:e6:3b:c8:96:93:08:d0:6e:f3:a2:a5:1b:
                    b3:63:57:a2:7a:cb:e8:e2:de:01:7d:44:9a:3b:94:
                    5b:e5:3f:1c:da:59:69:77:66:e5:3e:20:30:b2:87:
                    19:d1:e5:05:1e:03:d6:69:2b:2d:83:8d:85:b7:e7:
                    66:23:0d:bc:82:22:dc:ae:54:60:f8:3d:bc:30:56:
                    e8:37:64:a8:dc:e3:6c:03:04:36:79:f8:f9:b2:2f:
                    c9:1a:3c:0b:49:d4:b7:9e:78:91:2b:42:72:7d:82:
                    f0:03:67:37:5a:52:9d:78:5b:23:03:c4:92:63:df:
                    89:51:ff:e0:5d:c0:21:bc:28:09:d4:bd:69:14:0d:
                    c6:ed:14:ce:92:60:7c:94:b3:f7:56:9e:b7:59:4c:
                    68:0e:e7:40:25:c6:54:71:07:04:ca:e4:e8:ad:09:
                    99:81:f0:20:ce:9a:91:e6:70:c6:e3:ed:2c:76:3d:
                    e9:d1:de:23:01:6f:a1:6f:34:de:bb:13:ed:70:17:
                    39:d1:22:97:0b:63:5e:5a:16:3b:b7:be:3d:22:98:
                    29:3c:d4:73:a1:d1:b1:ba:5c:9b:25:7e:8e:b1:df:
                    c4:5a:c6:ca:65:c9:07:1d:c4:f7:f1:3c:58:a5:fc:
                    d0:03:6b:18:c1:72:92:11:b1:01:38:67:64:e5:fd:
                    c5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:4C:FB:FF:0A:26:CE:C5:07:A4:D3:19:A5:B6:D0:DD:34:09:31:48
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/Jkz7_womzsUHpNMZpbbQ3TQJMUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:b9:8a:4e:e0:e7:1a:0f:95:53:96:81:15:0c:e8:e4:82:d1:
         8e:c2:2e:93:31:9e:fb:01:0f:7d:ae:85:9b:7c:89:bb:bf:7a:
         08:47:20:00:bf:06:2f:e4:e5:2f:a5:b3:f3:23:9c:a0:c5:d5:
         f3:6f:61:b1:6c:d6:09:82:c4:98:60:15:4a:35:58:79:ec:8d:
         d9:0f:c4:e9:c7:7a:47:79:52:82:c2:dd:61:f0:72:e4:db:00:
         af:ff:5d:1a:20:3f:f1:80:a2:79:cf:d9:97:0f:77:2e:c5:fd:
         f2:45:b0:8e:62:6a:5c:e0:ff:61:64:3b:82:94:a5:3c:40:99:
         4f:aa:85:0e:fc:db:6a:64:a7:63:a4:03:f3:d1:e2:55:9a:cd:
         20:31:ba:81:0a:5c:3d:8b:71:7d:df:e8:ea:c0:db:98:3c:be:
         4c:63:b8:88:92:28:06:f7:a3:c6:f6:a1:01:76:16:9c:b5:b7:
         52:d0:3b:f8:64:6a:c6:68:12:b7:86:33:e1:18:93:6d:dd:f8:
         28:f7:27:12:fd:90:24:93:53:0b:76:c0:79:81:4f:68:8f:51:
         35:e8:6a:7a:28:1a:14:a8:3a:0a:77:a1:ae:13:be:04:51:03:
         2c:45:d7:db:d6:dd:ac:88:be:a3:04:e2:cb:a5:ab:4c:a4:1f:
         bc:93:20:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3PuL3MKhrOTfAPhTtpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjRjZmJmZjBhMjZjZWM1MDdhNGQzMTlhNWI2ZDBkZDM0MDkzMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo83mO8iWkwjQbvOipRuzY1eiesvo
4t4BfUSaO5Rb5T8c2llpd2blPiAwsocZ0eUFHgPWaSstg42Ft+dmIw28giLcrlRg
+D28MFboN2So3ONsAwQ2efj5si/JGjwLSdS3nniRK0JyfYLwA2c3WlKdeFsjA8SS
Y9+JUf/gXcAhvCgJ1L1pFA3G7RTOkmB8lLP3Vp63WUxoDudAJcZUcQcEyuTorQmZ
gfAgzpqR5nDG4+0sdj3p0d4jAW+hbzTeuxPtcBc50SKXC2NeWhY7t749IpgpPNRz
odGxulybJX6Osd/EWsbKZckHHcT38TxYpfzQA2sYwXKSEbEBOGdk5f3FTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZM+/8KJs7FB6TTGaW20N00CTFIMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvSmt6N193b216c1VIcE5NWnBiYlEzVFFKTVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuShMA0G
CSqGSIb3DQEBCwUAA4IBAQBBuYpO4OcaD5VTloEVDOjkgtGOwi6TMZ77AQ99roWb
fIm7v3oIRyAAvwYv5OUvpbPzI5ygxdXzb2GxbNYJgsSYYBVKNVh57I3ZD8Tpx3pH
eVKCwt1h8HLk2wCv/10aID/xgKJ5z9mXD3cuxf3yRbCOYmpc4P9hZDuClKU8QJlP
qoUO/NtqZKdjpAPz0eJVms0gMbqBClw9i3F93+jqwNuYPL5MY7iIkigG96PG9qEB
dhactbdS0Dv4ZGrGaBK3hjPhGJNt3fgo9ycS/ZAkk1MLdsB5gU9oj1E16Gp6KBoU
qDoKd6GuE74EUQMsRdfb1t2siL6jBOLLpatMpB+8kyA3
-----END CERTIFICATE-----