Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/JIrwaCbF1GaIOnsqD38sxLoqUZM.roa
File:                     JIrwaCbF1GaIOnsqD38sxLoqUZM.roa (raw, json)
Hash identifier:          KpOTpPAkot1DA5uY6aJEyvT3lzocZxVZbB1bM1oRZqY=
Subject key identifier:   24:8A:F0:68:26:C5:D4:66:88:3A:7B:2A:0F:7F:2C:C4:BA:2A:51:93
Certificate issuer:       /CN=5806c809b7605f6d5ce127bd2d8b7674350b8b11
Certificate serial:       018E816024676D65EFAAF6DE539E21A0DA7C
Authority key identifier: 58:06:C8:09:B7:60:5F:6D:5C:E1:27:BD:2D:8B:76:74:35:0B:8B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbICbdgX21c4Se9LYt2dDULixE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/JIrwaCbF1GaIOnsqD38sxLoqUZM.roa
Signing time:             Wed 27 Mar 2024 19:25:45 +0000
ROA not before:           Wed 27 Mar 2024 19:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6206
IP address blocks:        185.165.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/WAbICbdgX21c4Se9LYt2dDULixE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/WAbICbdgX21c4Se9LYt2dDULixE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbICbdgX21c4Se9LYt2dDULixE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:81:60:24:67:6d:65:ef:aa:f6:de:53:9e:21:a0:da:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806c809b7605f6d5ce127bd2d8b7674350b8b11
        Validity
            Not Before: Mar 27 19:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=248af06826c5d466883a7b2a0f7f2cc4ba2a5193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:08:23:1a:f5:09:8d:45:57:48:54:5f:1d:9a:
                    96:c6:d4:80:da:71:bc:4c:e1:e5:63:71:86:e1:9d:
                    3b:f2:e3:38:2a:fa:ed:fc:15:f3:18:e1:c1:1e:5d:
                    8a:5b:fd:b8:d7:15:cd:62:1b:17:fb:33:ab:3b:b8:
                    07:a9:54:35:29:f5:74:ad:14:13:2c:cc:1e:15:54:
                    10:9a:e2:44:06:5f:b2:4c:e4:67:ef:be:7d:c2:0d:
                    e4:46:73:67:f9:80:65:b4:35:d2:19:6f:39:fe:01:
                    bc:01:44:99:d6:fd:49:12:59:01:a0:ab:95:c4:61:
                    78:3c:c1:0b:65:08:0e:3e:e2:ad:3b:2f:3d:63:08:
                    e7:69:22:28:e7:3e:8e:1f:b9:37:89:0d:dd:6a:9c:
                    7f:7b:de:97:2e:7d:13:bd:d0:0a:5e:4e:91:e3:fe:
                    b5:b2:f5:0d:8e:e7:84:c0:4b:c3:3d:f4:57:91:19:
                    40:fe:0c:85:9c:bb:5b:e4:3f:69:7a:45:a4:c5:f2:
                    27:73:59:59:d6:e3:87:ae:fb:80:48:5e:97:b1:ee:
                    54:73:63:62:12:69:08:b7:06:45:be:36:35:cb:1c:
                    0c:92:7f:1a:8a:62:46:3b:9a:9c:3c:da:ea:84:88:
                    35:ab:27:19:0f:29:50:88:14:60:23:14:a3:e0:42:
                    23:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8A:F0:68:26:C5:D4:66:88:3A:7B:2A:0F:7F:2C:C4:BA:2A:51:93
            X509v3 Authority Key Identifier:
                keyid:58:06:C8:09:B7:60:5F:6D:5C:E1:27:BD:2D:8B:76:74:35:0B:8B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbICbdgX21c4Se9LYt2dDULixE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/JIrwaCbF1GaIOnsqD38sxLoqUZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/WAbICbdgX21c4Se9LYt2dDULixE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:c2:09:01:76:cd:78:b2:4f:4d:63:a6:5f:c9:a0:19:ce:24:
         80:52:eb:50:43:07:09:da:e4:8b:9a:6b:b0:77:02:73:f8:57:
         03:91:42:8e:54:f5:f1:21:cf:ee:7c:a7:fd:ac:83:0d:51:b4:
         ee:53:a2:b0:52:ac:ff:eb:7a:b8:c3:5f:eb:a6:61:cc:c5:07:
         ac:da:68:8d:93:ff:8f:4c:54:b7:c1:34:69:1f:1a:c1:b1:93:
         be:77:1a:c0:82:fc:12:5a:1a:68:84:d2:c6:54:65:71:04:9e:
         88:98:34:0f:70:d9:58:53:18:c9:53:06:24:03:39:98:30:00:
         7b:b8:8d:f5:22:85:17:33:4b:c6:80:5b:e4:bd:73:d1:6f:c6:
         1f:7b:a2:3a:93:11:77:5c:90:a6:e6:2b:f8:dc:2b:ec:f8:63:
         03:65:89:3c:31:ef:a9:e6:ee:8b:b1:e4:ae:55:f7:33:49:ea:
         ce:dc:64:68:85:4c:f6:c8:cf:88:bb:59:18:a8:db:f9:ce:9b:
         86:e4:4a:6a:03:c2:d5:1a:77:30:2f:37:75:1e:8f:0e:98:fc:
         79:a2:6b:b4:22:f0:4e:16:6e:a7:03:0e:24:34:50:83:e5:18:
         e2:db:3b:75:a3:98:94:3c:be:6a:f7:53:48:e4:c0:19:bd:11:
         1b:bc:07:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6BYCRnbWXvqvbeU54hoNp8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZjODA5Yjc2MDVmNmQ1Y2UxMjdiZDJkOGI3Njc0MzUw
YjhiMTEwHhcNMjQwMzI3MTkyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhhZjA2ODI2YzVkNDY2ODgzYTdiMmEwZjdmMmNjNGJhMmE1MTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsggjGvUJjUVXSFRfHZqWxtSA2nG8
TOHlY3GG4Z078uM4Kvrt/BXzGOHBHl2KW/241xXNYhsX+zOrO7gHqVQ1KfV0rRQT
LMweFVQQmuJEBl+yTORn7759wg3kRnNn+YBltDXSGW85/gG8AUSZ1v1JElkBoKuV
xGF4PMELZQgOPuKtOy89YwjnaSIo5z6OH7k3iQ3dapx/e96XLn0TvdAKXk6R4/61
svUNjueEwEvDPfRXkRlA/gyFnLtb5D9pekWkxfInc1lZ1uOHrvuASF6Xse5Uc2Ni
EmkItwZFvjY1yxwMkn8aimJGO5qcPNrqhIg1qycZDylQiBRgIxSj4EIjnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSK8GgmxdRmiDp7Kg9/LMS6KlGTMB8GA1UdIwQY
MBaAFFgGyAm3YF9tXOEnvS2LdnQ1C4sRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiSUNiZGdYMjFjNFNlOUxZdDJkRFVMaXhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xNjhmNGEtMTJiNC00NzM3LThlMjct
YzMwNjY0YWVlYzE0LzEvSklyd2FDYkYxR2FJT25zcUQzOHN4TG9xVVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xNjhmNGEtMTJiNC00NzM3LThlMjctYzMwNjY0YWVlYzE0
LzEvV0FiSUNiZGdYMjFjNFNlOUxZdDJkRFVMaXhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaXtMA0G
CSqGSIb3DQEBCwUAA4IBAQCGwgkBds14sk9NY6ZfyaAZziSAUutQQwcJ2uSLmmuw
dwJz+FcDkUKOVPXxIc/ufKf9rIMNUbTuU6KwUqz/63q4w1/rpmHMxQes2miNk/+P
TFS3wTRpHxrBsZO+dxrAgvwSWhpohNLGVGVxBJ6ImDQPcNlYUxjJUwYkAzmYMAB7
uI31IoUXM0vGgFvkvXPRb8Yfe6I6kxF3XJCm5iv43Cvs+GMDZYk8Me+p5u6LseSu
VfczSerO3GRohUz2yM+Iu1kYqNv5zpuG5EpqA8LVGncwLzd1Ho8OmPx5omu0IvBO
Fm6nAw4kNFCD5Rji2zt1o5iUPL5q91NI5MAZvREbvAfh
-----END CERTIFICATE-----