Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/J2v-RlmqqNHRjoAsonJY67Lrfls.roa
File:                     J2v-RlmqqNHRjoAsonJY67Lrfls.roa (raw, json)
Hash identifier:          c/mnsa3atjp8jD9Prgdmrs8d3Qlevk7QTwiw7eRvlHs=
Subject key identifier:   27:6B:FE:46:59:AA:A8:D1:D1:8E:80:2C:A2:72:58:EB:B2:EB:7E:5B
Certificate issuer:       /CN=7ba7fda6a692236c223f74d63ea7bb9fef2f1274
Certificate serial:       018CC7265DB8AB3DFCDEFBA8E6F7D84245E5
Authority key identifier: 7B:A7:FD:A6:A6:92:23:6C:22:3F:74:D6:3E:A7:BB:9F:EF:2F:12:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/J2v-RlmqqNHRjoAsonJY67Lrfls.roa
Signing time:             Mon 01 Jan 2024 22:30:29 +0000
ROA not before:           Mon 01 Jan 2024 22:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206173
IP address blocks:        185.145.246.0/24 maxlen: 24
                          2a10:1e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:5d:b8:ab:3d:fc:de:fb:a8:e6:f7:d8:42:45:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba7fda6a692236c223f74d63ea7bb9fef2f1274
        Validity
            Not Before: Jan  1 22:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=276bfe4659aaa8d1d18e802ca27258ebb2eb7e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d2:e4:be:0e:06:d6:54:2c:37:cc:91:1d:9d:
                    e7:30:3d:81:be:78:5b:ad:89:d0:00:34:c2:f2:f6:
                    88:33:ac:6d:ba:07:1e:a4:5d:66:7f:44:07:16:a6:
                    cf:8e:bf:c2:c7:5e:dd:1e:4f:36:4f:3c:15:b8:83:
                    ff:7c:1d:5d:01:0c:79:95:a5:25:8b:b3:22:c3:e5:
                    88:f8:f3:dc:f3:fb:02:f9:22:c1:94:d8:ce:64:85:
                    59:d4:fa:0f:7a:41:0f:e2:2c:5c:1a:a2:c4:f5:e2:
                    e5:98:a2:b5:98:ab:d3:81:bf:21:1b:20:96:57:00:
                    fc:ab:8d:f5:0c:cf:d0:df:13:d1:ae:21:d6:03:b7:
                    e1:01:e6:33:a8:e7:b1:1f:ce:c6:96:2e:e6:19:ae:
                    23:6d:bc:b5:37:45:f7:7a:80:e6:0c:82:d2:c3:21:
                    34:dd:60:06:b6:2f:55:88:30:3e:c5:b4:67:e0:37:
                    29:b3:e6:5c:66:69:f5:e2:f0:03:0a:36:7e:b2:7c:
                    6c:ae:fe:9b:14:01:d5:fc:20:f7:a5:aa:f9:a1:5f:
                    27:fe:8b:8a:4f:2e:40:dd:e7:5a:e2:83:30:a6:a3:
                    1b:d7:3a:64:f5:48:0c:7a:ba:13:bd:df:24:28:e5:
                    94:c0:53:73:16:0d:84:d5:58:a4:17:ec:e3:0f:6c:
                    b0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6B:FE:46:59:AA:A8:D1:D1:8E:80:2C:A2:72:58:EB:B2:EB:7E:5B
            X509v3 Authority Key Identifier:
                keyid:7B:A7:FD:A6:A6:92:23:6C:22:3F:74:D6:3E:A7:BB:9F:EF:2F:12:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/J2v-RlmqqNHRjoAsonJY67Lrfls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.246.0/24
                IPv6:
                  2a10:1e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:62:c9:1c:99:96:cc:43:43:b2:68:e2:cd:a5:06:58:4c:b1:
         4f:b8:d1:17:17:e3:87:4a:65:17:7c:39:76:47:0e:2f:47:02:
         f4:2c:f8:4d:34:b9:f0:88:a8:7e:7f:5c:c0:ee:16:31:1f:6c:
         b5:10:3d:ae:8c:86:6a:24:d7:49:43:d6:db:0c:2f:c7:aa:cc:
         6e:b2:63:b3:a1:28:cf:92:1d:58:bf:84:f9:c4:b3:bb:99:3c:
         e3:b9:3a:56:52:83:36:55:3a:c2:ab:0d:55:58:4d:bb:e1:31:
         56:5f:b6:19:29:8f:28:1a:25:f6:64:d8:6b:90:8f:56:54:70:
         f7:2e:01:47:4f:11:93:73:62:3d:f5:8f:7b:14:ba:23:b8:f0:
         8d:fc:ff:c3:2c:b7:0b:5d:77:60:d2:36:ee:85:65:da:95:38:
         a6:28:ce:00:1a:d3:66:cd:6f:c6:ea:02:6f:33:13:0f:8b:50:
         5d:b8:ef:dd:45:1f:db:d6:79:e5:b4:45:d0:10:f0:ab:4c:33:
         f2:e6:66:03:7a:77:27:cc:b3:e1:28:d1:89:a3:00:0c:88:b5:
         73:e1:e5:2f:ac:46:9f:ec:5e:88:46:39:79:cb:42:46:6c:d7:
         fa:09:ad:c4:d7:c4:36:a9:3f:bf:5f:fa:b3:20:44:09:7e:6a:
         9c:35:6d:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJl24qz383vuo5vfYQkXlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTdmZGE2YTY5MjIzNmMyMjNmNzRkNjNlYTdiYjlmZWYy
ZjEyNzQwHhcNMjQwMTAxMjIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzZiZmU0NjU5YWFhOGQxZDE4ZTgwMmNhMjcyNThlYmIyZWI3ZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNLkvg4G1lQsN8yRHZ3nMD2Bvnhb
rYnQADTC8vaIM6xtugcepF1mf0QHFqbPjr/Cx17dHk82TzwVuIP/fB1dAQx5laUl
i7Miw+WI+PPc8/sC+SLBlNjOZIVZ1PoPekEP4ixcGqLE9eLlmKK1mKvTgb8hGyCW
VwD8q431DM/Q3xPRriHWA7fhAeYzqOexH87Gli7mGa4jbby1N0X3eoDmDILSwyE0
3WAGti9ViDA+xbRn4Dcps+ZcZmn14vADCjZ+snxsrv6bFAHV/CD3par5oV8n/ouK
Ty5A3eda4oMwpqMb1zpk9UgMeroTvd8kKOWUwFNzFg2E1VikF+zjD2ywzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCdr/kZZqqjR0Y6ALKJyWOuy635bMB8GA1UdIwQY
MBaAFHun/aamkiNsIj901j6nu5/vLxJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZmOXBxYVNJMndpUDNUV1BxZTduLTh2RW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9hZTljZWYtZTkzNy00ZjgwLTk5Nzgt
ZGI0YWQyNWQ5OWE4LzEvSjJ2LVJsbXFxTkhSam9Bc29uSlk2N0xyZmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9hZTljZWYtZTkzNy00ZjgwLTk5NzgtZGI0YWQyNWQ5OWE4
LzEvZTZmOXBxYVNJMndpUDNUV1BxZTduLTh2RW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZH2MA0E
AgACMAcDBQMqEB5AMA0GCSqGSIb3DQEBCwUAA4IBAQAlYskcmZbMQ0OyaOLNpQZY
TLFPuNEXF+OHSmUXfDl2Rw4vRwL0LPhNNLnwiKh+f1zA7hYxH2y1ED2ujIZqJNdJ
Q9bbDC/HqsxusmOzoSjPkh1Yv4T5xLO7mTzjuTpWUoM2VTrCqw1VWE274TFWX7YZ
KY8oGiX2ZNhrkI9WVHD3LgFHTxGTc2I99Y97FLojuPCN/P/DLLcLXXdg0jbuhWXa
lTimKM4AGtNmzW/G6gJvMxMPi1BduO/dRR/b1nnltEXQEPCrTDPy5mYDencnzLPh
KNGJowAMiLVz4eUvrEaf7F6IRjl5y0JGbNf6Ca3E18Q2qT+/X/qzIEQJfmqcNW2+
-----END CERTIFICATE-----