Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/JwwsV4NCg0YxbBtv0iDhs9tc6WM.roa
File:                     JwwsV4NCg0YxbBtv0iDhs9tc6WM.roa (raw, json)
Hash identifier:          +3FNKUyMPtbkF2xXBpG0dGMwLmbw7FvktH2+q4vmbqg=
Subject key identifier:   27:0C:2C:57:83:42:83:46:31:6C:1B:6F:D2:20:E1:B3:DB:5C:E9:63
Certificate issuer:       /CN=436c7aa3502825a68b3745bb3d6072731fe5872c
Certificate serial:       018D36112CB14EC13B32E36FFDF94D1AB3D4
Authority key identifier: 43:6C:7A:A3:50:28:25:A6:8B:37:45:BB:3D:60:72:73:1F:E5:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2x6o1AoJaaLN0W7PWBycx_lhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/JwwsV4NCg0YxbBtv0iDhs9tc6WM.roa
Signing time:             Tue 23 Jan 2024 11:25:11 +0000
ROA not before:           Tue 23 Jan 2024 11:25:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199657
IP address blocks:        185.167.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/Q2x6o1AoJaaLN0W7PWBycx_lhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/Q2x6o1AoJaaLN0W7PWBycx_lhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2x6o1AoJaaLN0W7PWBycx_lhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:11:2c:b1:4e:c1:3b:32:e3:6f:fd:f9:4d:1a:b3:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=436c7aa3502825a68b3745bb3d6072731fe5872c
        Validity
            Not Before: Jan 23 11:25:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=270c2c5783428346316c1b6fd220e1b3db5ce963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:74:36:a0:e4:84:24:cb:05:af:a8:d4:38:f7:
                    83:b7:97:7d:b7:06:c3:e1:26:fe:eb:4e:84:ba:94:
                    e3:17:ef:d4:76:83:3e:97:eb:2c:d4:64:70:ab:92:
                    ac:9c:07:15:df:6f:83:83:aa:86:4a:b2:6f:78:90:
                    f9:b0:37:0a:f2:4e:59:9a:81:95:8c:1a:c3:77:15:
                    62:02:2a:e0:42:9c:c5:fd:6d:26:ca:86:bc:5f:7a:
                    85:76:3c:74:ae:08:89:ff:d4:2a:41:a3:87:a6:57:
                    48:c4:6e:26:6a:81:ff:73:59:b6:d1:ac:aa:83:5e:
                    e9:6d:34:90:fc:0a:4e:f5:d9:0f:62:de:62:4f:55:
                    83:40:ca:39:0d:01:c7:41:e5:c2:de:ee:62:9f:4f:
                    b3:bd:a5:c9:0f:02:9b:0d:9a:98:94:1c:8a:bd:a8:
                    91:ef:58:03:42:f7:fd:ca:c2:26:93:c2:d2:cb:c7:
                    73:2e:c2:37:d1:f1:54:2d:c0:b5:1b:a0:b4:cb:da:
                    c2:ab:80:fb:54:6f:63:48:4a:38:cc:d8:23:0a:d7:
                    e3:86:dc:5c:13:fc:48:dc:55:32:2f:15:17:7e:f2:
                    21:14:a1:eb:80:66:68:8d:1a:25:d9:48:14:ab:0c:
                    09:6c:df:e3:7b:cf:81:e2:b7:a1:d3:87:37:e2:73:
                    8a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:0C:2C:57:83:42:83:46:31:6C:1B:6F:D2:20:E1:B3:DB:5C:E9:63
            X509v3 Authority Key Identifier:
                keyid:43:6C:7A:A3:50:28:25:A6:8B:37:45:BB:3D:60:72:73:1F:E5:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2x6o1AoJaaLN0W7PWBycx_lhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/JwwsV4NCg0YxbBtv0iDhs9tc6WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/Q2x6o1AoJaaLN0W7PWBycx_lhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:c9:de:af:07:26:01:03:23:69:fb:80:e2:c2:21:b5:41:e5:
         a4:7f:76:86:b1:78:94:7b:b5:3b:9a:9c:0f:bf:a9:ca:54:b5:
         26:c9:d2:5f:a8:d4:2a:84:fa:32:3c:c5:11:35:94:f3:fd:7e:
         4a:55:94:a0:72:71:6e:69:3b:7e:08:18:0c:a1:54:2a:41:f1:
         58:4a:46:cf:75:65:cd:2a:b4:5e:5a:05:b5:10:41:1d:1b:a9:
         5d:7d:42:12:d1:6d:64:7c:7c:45:89:25:bd:fb:24:db:d9:bb:
         c6:c5:2d:a5:9a:f9:32:90:02:d3:93:57:38:dd:85:ab:d4:8b:
         1e:5e:9b:b5:e0:2a:1a:56:3e:0b:ea:e8:7d:13:3d:80:93:01:
         80:2e:25:a3:54:db:a3:36:9a:fa:74:6e:1b:65:83:c7:40:73:
         22:cd:da:97:55:df:be:8d:5a:d5:de:1d:b9:a4:ed:1c:37:b8:
         6d:d0:4b:b3:ad:81:a9:a1:89:2b:d5:e6:d5:a4:39:fd:bf:d3:
         9e:1f:1e:6d:bf:fd:f0:cb:0f:ec:8d:b3:92:cf:84:4c:3d:b6:
         3a:7e:7d:df:50:39:64:30:bf:2b:e2:9b:82:37:0e:84:19:72:
         fa:9b:73:3d:ec:dd:e5:61:ba:49:ad:d5:1a:8e:bc:36:fc:c6:
         00:24:74:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY02ESyxTsE7MuNv/flNGrPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNmM3YWEzNTAyODI1YTY4YjM3NDViYjNkNjA3MjczMWZl
NTg3MmMwHhcNMjQwMTIzMTEyNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzBjMmM1NzgzNDI4MzQ2MzE2YzFiNmZkMjIwZTFiM2RiNWNlOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunQ2oOSEJMsFr6jUOPeDt5d9twbD
4Sb+606EupTjF+/UdoM+l+ss1GRwq5KsnAcV32+Dg6qGSrJveJD5sDcK8k5ZmoGV
jBrDdxViAirgQpzF/W0myoa8X3qFdjx0rgiJ/9QqQaOHpldIxG4maoH/c1m20ayq
g17pbTSQ/ApO9dkPYt5iT1WDQMo5DQHHQeXC3u5in0+zvaXJDwKbDZqYlByKvaiR
71gDQvf9ysImk8LSy8dzLsI30fFULcC1G6C0y9rCq4D7VG9jSEo4zNgjCtfjhtxc
E/xI3FUyLxUXfvIhFKHrgGZojRol2UgUqwwJbN/je8+B4reh04c34nOKCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcMLFeDQoNGMWwbb9Ig4bPbXOljMB8GA1UdIwQY
MBaAFENseqNQKCWmizdFuz1gcnMf5YcsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJ4Nm8xQW9KYWFMTjBXN1BXQnljeF9saHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80OGE2MjAtZDBiNy00YmI3LTg0OGQt
ZDZiZmNjYWEyMDM0LzEvSnd3c1Y0TkNnMFl4YkJ0djBpRGhzOXRjNldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80OGE2MjAtZDBiNy00YmI3LTg0OGQtZDZiZmNjYWEyMDM0
LzEvUTJ4Nm8xQW9KYWFMTjBXN1BXQnljeF9saHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuafQMA0G
CSqGSIb3DQEBCwUAA4IBAQAayd6vByYBAyNp+4DiwiG1QeWkf3aGsXiUe7U7mpwP
v6nKVLUmydJfqNQqhPoyPMURNZTz/X5KVZSgcnFuaTt+CBgMoVQqQfFYSkbPdWXN
KrReWgW1EEEdG6ldfUIS0W1kfHxFiSW9+yTb2bvGxS2lmvkykALTk1c43YWr1Ise
Xpu14CoaVj4L6uh9Ez2AkwGALiWjVNujNpr6dG4bZYPHQHMizdqXVd++jVrV3h25
pO0cN7ht0EuzrYGpoYkr1ebVpDn9v9OeHx5tv/3wyw/sjbOSz4RMPbY6fn3fUDlk
ML8r4puCNw6EGXL6m3M97N3lYbpJrdUajrw2/MYAJHSp
-----END CERTIFICATE-----