Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/b49f81-8536-4a67-899f-d5e63856d55d/1/jC1ofMM0gPycrjAqQKlNiRd-E2U.roa
File:                     jC1ofMM0gPycrjAqQKlNiRd-E2U.roa (raw, json)
Hash identifier:          bC14eTTOzRXZwNn9ZwVXjH+9hlyfiooV3TbZbn1RvJw=
Subject key identifier:   8C:2D:68:7C:C3:34:80:FC:9C:AE:30:2A:40:A9:4D:89:17:7E:13:65
Certificate issuer:       /CN=c285a1474e38627e301a551be34efa4582a5cf39
Certificate serial:       018CC5003033C80A49AD1B01677F233AE0C3
Authority key identifier: C2:85:A1:47:4E:38:62:7E:30:1A:55:1B:E3:4E:FA:45:82:A5:CF:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/woWhR044Yn4wGlUb4076RYKlzzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/b49f81-8536-4a67-899f-d5e63856d55d/1/jC1ofMM0gPycrjAqQKlNiRd-E2U.roa
Signing time:             Mon 01 Jan 2024 12:29:32 +0000
ROA not before:           Mon 01 Jan 2024 12:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201419
IP address blocks:        185.62.162.0/23 maxlen: 23
                          81.173.43.0/24 maxlen: 24
                          2a03:522::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/b49f81-8536-4a67-899f-d5e63856d55d/1/woWhR044Yn4wGlUb4076RYKlzzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/b49f81-8536-4a67-899f-d5e63856d55d/1/woWhR044Yn4wGlUb4076RYKlzzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/woWhR044Yn4wGlUb4076RYKlzzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:30:33:c8:0a:49:ad:1b:01:67:7f:23:3a:e0:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c285a1474e38627e301a551be34efa4582a5cf39
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c2d687cc33480fc9cae302a40a94d89177e1365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:20:82:56:47:76:fd:0b:40:f9:fd:4b:16:07:
                    49:d1:4a:71:1d:0f:2e:ff:7e:ae:41:14:16:a1:32:
                    ea:7c:99:68:d9:45:74:6b:59:a6:89:f8:17:d7:db:
                    c3:13:c6:20:8e:c4:0c:73:3d:14:a1:61:c6:81:5a:
                    ca:ae:41:e2:76:d3:cd:26:bb:bd:2f:97:9e:2f:d7:
                    84:7b:55:c6:93:bd:d9:a7:3d:d8:94:ff:39:1d:a7:
                    94:9e:46:7d:59:50:d1:7d:79:9f:6b:3c:e3:69:0d:
                    09:92:c1:1d:ae:8f:32:b4:1f:48:3a:92:c3:3b:c7:
                    69:11:d9:ee:30:41:7b:12:24:32:f2:dc:b1:f3:89:
                    f0:05:a6:2e:2c:24:b5:42:1e:31:42:9c:3d:0a:6a:
                    03:9f:82:8b:0d:ef:01:99:c5:fd:ef:3c:48:52:18:
                    b6:ab:e9:42:94:17:a1:3a:d7:5d:cb:71:05:5c:a2:
                    d0:4a:e0:2f:d6:a8:bb:37:88:5c:fc:75:cb:f1:5e:
                    7b:77:05:d4:fb:c3:c4:73:27:5f:a4:59:3c:4c:fa:
                    76:9e:8d:8f:75:fd:fe:50:c4:3c:b3:76:53:4f:82:
                    04:20:9f:f2:e7:d2:8a:f3:96:39:66:92:dc:1b:1d:
                    d0:8a:0e:f3:0e:03:99:45:1c:d8:93:dd:3c:68:21:
                    a4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:2D:68:7C:C3:34:80:FC:9C:AE:30:2A:40:A9:4D:89:17:7E:13:65
            X509v3 Authority Key Identifier:
                keyid:C2:85:A1:47:4E:38:62:7E:30:1A:55:1B:E3:4E:FA:45:82:A5:CF:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/woWhR044Yn4wGlUb4076RYKlzzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/b49f81-8536-4a67-899f-d5e63856d55d/1/jC1ofMM0gPycrjAqQKlNiRd-E2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/b49f81-8536-4a67-899f-d5e63856d55d/1/woWhR044Yn4wGlUb4076RYKlzzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.43.0/24
                  185.62.162.0/23
                IPv6:
                  2a03:522::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:69:84:5a:48:f0:00:e9:2e:fb:5c:44:68:c4:a1:32:b7:13:
         87:73:f5:6d:49:ae:bf:40:de:9e:67:ff:33:85:86:10:82:b7:
         7f:91:fd:11:05:c8:7c:ed:aa:ec:c4:96:f0:be:50:c8:31:80:
         d4:3a:69:51:da:19:67:d3:f6:b8:e1:61:21:9f:64:a4:fd:cd:
         7c:6e:3d:fe:82:f5:e3:fd:30:4b:6a:86:c5:0b:d2:01:01:82:
         8d:c0:c5:8b:68:2a:b1:16:51:21:2b:97:ec:db:e8:75:97:b3:
         fc:04:f9:09:71:2f:13:c3:b5:51:5f:61:c0:b3:a7:be:34:a2:
         67:2b:83:52:98:e8:bc:2f:a8:f0:ce:dc:ce:04:37:39:9a:93:
         92:ab:fd:67:1e:9b:11:4c:14:6e:5d:31:67:f3:92:a6:07:7d:
         df:03:52:1e:7a:63:d5:2c:68:7e:8f:1d:56:9c:1f:32:01:d6:
         d4:4f:b4:63:ea:8f:33:d4:54:f0:32:43:f3:1d:77:32:b2:8f:
         e5:9b:30:d7:23:cd:c6:52:8b:7d:77:23:43:8d:15:e7:38:22:
         6b:4d:b7:3c:d2:86:e6:99:84:3a:10:7f:95:98:1b:d7:e1:54:
         4e:1f:f9:75:73:5a:68:83:4f:b6:87:04:6c:03:bc:79:85:74:
         81:03:0b:99
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFADAzyApJrRsBZ38jOuDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyODVhMTQ3NGUzODYyN2UzMDFhNTUxYmUzNGVmYTQ1ODJh
NWNmMzkwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzJkNjg3Y2MzMzQ4MGZjOWNhZTMwMmE0MGE5NGQ4OTE3N2UxMzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSCCVkd2/QtA+f1LFgdJ0UpxHQ8u
/36uQRQWoTLqfJlo2UV0a1mmifgX19vDE8YgjsQMcz0UoWHGgVrKrkHidtPNJru9
L5eeL9eEe1XGk73Zpz3YlP85HaeUnkZ9WVDRfXmfazzjaQ0JksEdro8ytB9IOpLD
O8dpEdnuMEF7EiQy8tyx84nwBaYuLCS1Qh4xQpw9CmoDn4KLDe8BmcX97zxIUhi2
q+lClBehOtddy3EFXKLQSuAv1qi7N4hc/HXL8V57dwXU+8PEcydfpFk8TPp2no2P
df3+UMQ8s3ZTT4IEIJ/y59KK85Y5ZpLcGx3Qig7zDgOZRRzYk908aCGkJQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIwtaHzDNID8nK4wKkCpTYkXfhNlMB8GA1UdIwQY
MBaAFMKFoUdOOGJ+MBpVG+NO+kWCpc85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd29XaFIwNDRZbjR3R2xVYjQwNzZSWUtsenprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9iNDlmODEtODUzNi00YTY3LTg5OWYt
ZDVlNjM4NTZkNTVkLzEvakMxb2ZNTTBnUHljcmpBcVFLbE5pUmQtRTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9iNDlmODEtODUzNi00YTY3LTg5OWYtZDVlNjM4NTZkNTVk
LzEvd29XaFIwNDRZbjR3R2xVYjQwNzZSWUtsenprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAUa0rAwQB
uT6iMA0EAgACMAcDBQAqAwUiMA0GCSqGSIb3DQEBCwUAA4IBAQCaaYRaSPAA6S77
XERoxKEytxOHc/VtSa6/QN6eZ/8zhYYQgrd/kf0RBch87arsxJbwvlDIMYDUOmlR
2hln0/a44WEhn2Sk/c18bj3+gvXj/TBLaobFC9IBAYKNwMWLaCqxFlEhK5fs2+h1
l7P8BPkJcS8Tw7VRX2HAs6e+NKJnK4NSmOi8L6jwztzOBDc5mpOSq/1nHpsRTBRu
XTFn85KmB33fA1IeemPVLGh+jx1WnB8yAdbUT7Rj6o8z1FTwMkPzHXcyso/lmzDX
I83GUot9dyNDjRXnOCJrTbc80obmmYQ6EH+VmBvX4VROH/l1c1pog0+2hwRsA7x5
hXSBAwuZ
-----END CERTIFICATE-----