Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/jwu-JYdsdfojrqgdEId3WBx_CnY.roa
File:                     jwu-JYdsdfojrqgdEId3WBx_CnY.roa (raw, json)
Hash identifier:          8fjrmuimOrD+1FYrVEEifWxSP+T4UPZo9uqi1Pv2O/k=
Subject key identifier:   8F:0B:BE:25:87:6C:75:FA:23:AE:A8:1D:10:87:77:58:1C:7F:0A:76
Certificate issuer:       /CN=8353accb94e10cf8c2c29679067ee39099f404d3
Certificate serial:       018CC7272B1CDC5689E318CCC2533139BB45
Authority key identifier: 83:53:AC:CB:94:E1:0C:F8:C2:C2:96:79:06:7E:E3:90:99:F4:04:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/jwu-JYdsdfojrqgdEId3WBx_CnY.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44375
IP address blocks:        193.178.200.0/22 maxlen: 22
                          93.126.0.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2b:1c:dc:56:89:e3:18:cc:c2:53:31:39:bb:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8353accb94e10cf8c2c29679067ee39099f404d3
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f0bbe25876c75fa23aea81d108777581c7f0a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e8:e7:c6:82:f4:43:93:36:7c:ef:68:c8:83:
                    00:3d:a3:33:c7:88:48:c5:b5:76:c8:04:30:52:d2:
                    d7:f9:84:b6:6e:52:76:99:a0:4f:7d:c3:9b:b7:aa:
                    b5:fb:59:0e:aa:80:e3:c1:17:19:f5:53:90:e0:9a:
                    c2:e9:51:e2:11:f5:a0:15:4d:60:6d:ba:8c:37:c1:
                    cf:9b:98:10:8b:d3:e0:e5:25:b3:be:4e:c3:81:34:
                    1b:68:dd:c8:a8:50:7f:1b:26:47:df:f4:4c:9a:4b:
                    13:89:59:48:70:93:4d:0b:af:eb:b2:64:96:69:65:
                    a4:0d:81:a1:ba:04:04:c8:74:46:a7:90:a8:e5:af:
                    3a:4c:25:58:50:41:67:a5:6c:79:93:98:8a:ef:67:
                    4a:42:21:6f:5f:2a:bf:0f:ef:b8:cc:ce:2f:51:0c:
                    fa:ea:9c:52:50:1f:42:16:5b:d3:0f:44:1b:c0:95:
                    e4:69:80:60:88:6e:e4:16:57:13:77:a4:01:a1:d3:
                    45:a3:b4:be:f1:b5:db:54:7e:90:40:73:13:84:7e:
                    37:75:3e:ff:eb:c4:58:3c:5f:4f:0f:c6:01:51:ba:
                    d0:13:60:15:ec:d7:ba:1d:8c:36:b8:de:77:21:d5:
                    e6:bd:bc:ce:6f:ee:ab:a8:7c:d1:27:71:23:0b:a6:
                    a9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:0B:BE:25:87:6C:75:FA:23:AE:A8:1D:10:87:77:58:1C:7F:0A:76
            X509v3 Authority Key Identifier:
                keyid:83:53:AC:CB:94:E1:0C:F8:C2:C2:96:79:06:7E:E3:90:99:F4:04:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/jwu-JYdsdfojrqgdEId3WBx_CnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.126.0.0/18
                  193.178.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:1c:ce:59:38:e8:57:ef:aa:93:62:7b:bf:96:39:2c:90:e2:
         bf:8b:0e:f4:6f:84:58:f3:60:71:95:1a:94:67:0b:23:38:00:
         98:7c:86:19:d9:0b:8d:f6:f4:01:f6:5c:99:3a:91:0f:2a:6d:
         9d:63:84:8b:a6:6f:51:31:69:d6:84:ce:ef:84:61:69:cf:3b:
         38:db:4a:18:2b:6e:cf:52:0b:42:32:93:9f:44:e1:23:c0:b4:
         d8:31:e8:5c:4f:d5:26:b8:ac:e4:99:1e:93:1d:9e:60:78:b6:
         8b:15:28:0f:ee:ee:0d:36:6a:60:c2:b8:10:00:43:0d:e7:16:
         b1:08:85:fe:f5:e4:7a:2e:f0:32:f5:5c:04:99:65:5e:41:8b:
         69:8c:17:30:f9:15:b4:5d:18:80:bc:b0:cf:b5:8b:c8:bc:c7:
         8f:d1:cc:89:74:e8:13:86:89:f2:9b:f8:2d:77:96:8c:53:62:
         f4:5d:63:47:78:ff:db:10:fc:d7:7a:36:5b:7a:20:4a:b7:83:
         62:9c:e1:bc:d8:ff:26:45:ce:e7:94:b0:f6:71:21:de:79:92:
         fb:da:92:aa:87:63:b9:6b:d9:4c:7a:19:6d:e6:27:ff:39:97:
         6d:95:e2:57:f2:c4:0b:46:54:51:76:e6:9d:6f:40:cc:87:cf:
         f9:56:2e:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJysc3FaJ4xjMwlMxObtFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNTNhY2NiOTRlMTBjZjhjMmMyOTY3OTA2N2VlMzkwOTlm
NDA0ZDMwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjBiYmUyNTg3NmM3NWZhMjNhZWE4MWQxMDg3Nzc1ODFjN2YwYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuejnxoL0Q5M2fO9oyIMAPaMzx4hI
xbV2yAQwUtLX+YS2blJ2maBPfcObt6q1+1kOqoDjwRcZ9VOQ4JrC6VHiEfWgFU1g
bbqMN8HPm5gQi9Pg5SWzvk7DgTQbaN3IqFB/GyZH3/RMmksTiVlIcJNNC6/rsmSW
aWWkDYGhugQEyHRGp5Co5a86TCVYUEFnpWx5k5iK72dKQiFvXyq/D++4zM4vUQz6
6pxSUB9CFlvTD0QbwJXkaYBgiG7kFlcTd6QBodNFo7S+8bXbVH6QQHMThH43dT7/
68RYPF9PD8YBUbrQE2AV7Ne6HYw2uN53IdXmvbzOb+6rqHzRJ3EjC6apmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI8LviWHbHX6I66oHRCHd1gcfwp2MB8GA1UdIwQY
MBaAFINTrMuU4Qz4wsKWeQZ+45CZ9ATTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzFPc3k1VGhEUGpDd3BaNUJuN2prSm4wQk5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85OTM3NzItNWZiYS00MGJmLWI3MjEt
NmMzOTUwMTk0MzcwLzEvand1LUpZZHNkZm9qcnFnZEVJZDNXQnhfQ25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85OTM3NzItNWZiYS00MGJmLWI3MjEtNmMzOTUwMTk0Mzcw
LzEvZzFPc3k1VGhEUGpDd3BaNUJuN2prSm4wQk5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGXX4AAwQC
wbLIMA0GCSqGSIb3DQEBCwUAA4IBAQADHM5ZOOhX76qTYnu/ljkskOK/iw70b4RY
82BxlRqUZwsjOACYfIYZ2QuN9vQB9lyZOpEPKm2dY4SLpm9RMWnWhM7vhGFpzzs4
20oYK27PUgtCMpOfROEjwLTYMehcT9UmuKzkmR6THZ5geLaLFSgP7u4NNmpgwrgQ
AEMN5xaxCIX+9eR6LvAy9VwEmWVeQYtpjBcw+RW0XRiAvLDPtYvIvMeP0cyJdOgT
honym/gtd5aMU2L0XWNHeP/bEPzXejZbeiBKt4NinOG82P8mRc7nlLD2cSHeeZL7
2pKqh2O5a9lMehlt5if/OZdtleJX8sQLRlRRduadb0DMh8/5Vi58
-----END CERTIFICATE-----