Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/jCpouARSG3K90Gx0MVfn-0eAqqU.roa
File:                     jCpouARSG3K90Gx0MVfn-0eAqqU.roa (raw, json)
Hash identifier:          6XVaCB3Ek+yrjEQBe0YBiUl6RBU3gZCvJzalv8uzZNQ=
Subject key identifier:   8C:2A:68:B8:04:52:1B:72:BD:D0:6C:74:31:57:E7:FB:47:80:AA:A5
Certificate issuer:       /CN=4354a419225d5d79f4a1ae1520a3b1a56d45268c
Certificate serial:       018CC94DA0C85E29633B852B6157F183605E
Authority key identifier: 43:54:A4:19:22:5D:5D:79:F4:A1:AE:15:20:A3:B1:A5:6D:45:26:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/jCpouARSG3K90Gx0MVfn-0eAqqU.roa
Signing time:             Tue 02 Jan 2024 08:32:36 +0000
ROA not before:           Tue 02 Jan 2024 08:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62119
IP address blocks:        185.137.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a0:c8:5e:29:63:3b:85:2b:61:57:f1:83:60:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4354a419225d5d79f4a1ae1520a3b1a56d45268c
        Validity
            Not Before: Jan  2 08:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c2a68b804521b72bdd06c743157e7fb4780aaa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:81:18:f1:8b:b9:4f:85:d6:ae:89:f6:a8:9f:
                    22:e4:c7:52:5a:31:4d:dc:6f:b0:e4:d0:35:e7:b8:
                    35:c5:5b:62:5f:5b:f9:ac:f0:b5:b4:ab:8a:0b:cf:
                    9d:d6:e0:c8:25:15:65:a8:e4:22:e8:49:ec:00:11:
                    6b:90:df:74:06:1f:01:2a:b7:61:ed:bf:70:f8:f9:
                    9e:69:c2:ec:4f:55:e4:fb:af:90:2d:1e:2e:0f:e8:
                    14:fb:b9:84:8b:b9:77:8d:42:ee:ce:d3:23:32:f4:
                    50:f9:1e:7a:b9:27:fe:b5:74:06:36:87:1d:4d:e3:
                    32:02:55:c4:f0:48:a5:b8:72:41:f6:15:2d:92:9a:
                    13:70:0f:b1:29:b4:80:dc:e2:92:7d:84:a6:d2:ee:
                    11:6c:43:b8:32:12:1b:48:53:e0:95:06:a8:56:90:
                    14:be:a0:6e:b1:cf:dd:2d:98:fa:fe:ef:22:b0:d0:
                    21:e2:20:3d:f7:3e:77:7a:ff:57:e2:c8:b7:ef:e6:
                    8b:66:08:60:fc:23:45:92:7f:2b:fd:7c:bf:e2:ca:
                    80:78:ce:bb:b3:51:f7:99:4c:6e:f4:c7:59:80:7b:
                    24:69:e1:cf:e4:71:62:d9:f6:27:a6:4d:aa:a4:27:
                    06:19:e7:21:20:a5:fa:90:5e:1e:25:e2:10:f8:b8:
                    92:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:2A:68:B8:04:52:1B:72:BD:D0:6C:74:31:57:E7:FB:47:80:AA:A5
            X509v3 Authority Key Identifier:
                keyid:43:54:A4:19:22:5D:5D:79:F4:A1:AE:15:20:A3:B1:A5:6D:45:26:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/jCpouARSG3K90Gx0MVfn-0eAqqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:68:87:74:d1:26:70:ba:66:e5:00:fb:6a:26:58:50:6d:5e:
         c0:e4:67:6e:ff:10:91:c4:18:ce:df:34:eb:45:36:81:25:66:
         af:5e:6f:42:aa:80:fa:f3:51:8f:a8:ce:7f:fa:ec:b6:48:d8:
         78:7c:b1:86:0e:4e:8a:a5:e7:be:c8:9e:14:60:c5:65:b1:f5:
         f2:0d:44:f2:79:0f:8f:d7:1d:94:50:0b:54:d6:48:4f:04:b9:
         42:40:49:c2:6e:69:2a:a2:e8:57:0e:f1:13:1d:4e:42:d3:7f:
         f0:53:d1:57:e2:d0:84:29:31:6c:2f:03:f3:17:fa:8b:6b:f6:
         ae:10:07:ac:67:95:74:f9:83:1f:a9:69:a5:71:d0:e2:98:fa:
         a0:e6:4e:ce:31:54:34:cb:05:9c:8a:76:af:f0:5d:6c:b8:99:
         81:ec:f3:b9:0d:52:96:bb:20:1a:02:5a:bc:18:28:1b:9b:4d:
         54:3c:36:8b:f6:2e:97:be:ce:e2:d7:c3:22:70:02:8d:80:44:
         7f:45:d8:b8:49:6a:9f:4f:8b:5e:f2:0c:c6:b0:58:3d:6f:a4:
         d2:6b:04:26:c9:74:b8:07:cd:50:84:e7:eb:ba:c5:46:5a:63:
         81:f5:d8:62:36:08:e8:4f:4d:95:fc:66:f8:16:c7:41:16:14:
         45:7c:fd:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTaDIXiljO4UrYVfxg2BeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTRhNDE5MjI1ZDVkNzlmNGExYWUxNTIwYTNiMWE1NmQ0
NTI2OGMwHhcNMjQwMTAyMDgzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzJhNjhiODA0NTIxYjcyYmRkMDZjNzQzMTU3ZTdmYjQ3ODBhYWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYEY8Yu5T4XWron2qJ8i5MdSWjFN
3G+w5NA157g1xVtiX1v5rPC1tKuKC8+d1uDIJRVlqOQi6EnsABFrkN90Bh8BKrdh
7b9w+PmeacLsT1Xk+6+QLR4uD+gU+7mEi7l3jULuztMjMvRQ+R56uSf+tXQGNocd
TeMyAlXE8EiluHJB9hUtkpoTcA+xKbSA3OKSfYSm0u4RbEO4MhIbSFPglQaoVpAU
vqBusc/dLZj6/u8isNAh4iA99z53ev9X4si37+aLZghg/CNFkn8r/Xy/4sqAeM67
s1H3mUxu9MdZgHskaeHP5HFi2fYnpk2qpCcGGechIKX6kF4eJeIQ+LiSFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwqaLgEUhtyvdBsdDFX5/tHgKqlMB8GA1UdIwQY
MBaAFENUpBkiXV159KGuFSCjsaVtRSaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFTa0dTSmRYWG4wb2E0VklLT3hwVzFGSm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wZmRkZjAtOGJiZi00MzUwLWJmZmEt
Njg4ZDUxYTQ0NDQ4LzEvakNwb3VBUlNHM0s5MEd4ME1WZm4tMGVBcXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wZmRkZjAtOGJiZi00MzUwLWJmZmEtNjg4ZDUxYTQ0NDQ4
LzEvUTFTa0dTSmRYWG4wb2E0VklLT3hwVzFGSm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYlgMA0G
CSqGSIb3DQEBCwUAA4IBAQAhaId00SZwumblAPtqJlhQbV7A5Gdu/xCRxBjO3zTr
RTaBJWavXm9CqoD681GPqM5/+uy2SNh4fLGGDk6Kpee+yJ4UYMVlsfXyDUTyeQ+P
1x2UUAtU1khPBLlCQEnCbmkqouhXDvETHU5C03/wU9FX4tCEKTFsLwPzF/qLa/au
EAesZ5V0+YMfqWmlcdDimPqg5k7OMVQ0ywWcinav8F1suJmB7PO5DVKWuyAaAlq8
GCgbm01UPDaL9i6Xvs7i18MicAKNgER/Rdi4SWqfT4te8gzGsFg9b6TSawQmyXS4
B81QhOfrusVGWmOB9dhiNgjoT02V/Gb4FsdBFhRFfP1j
-----END CERTIFICATE-----