Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/JRd6Ua_p67SL01cf9t9AIv_Aq_w.roa
File:                     JRd6Ua_p67SL01cf9t9AIv_Aq_w.roa (raw, json)
Hash identifier:          z2kkBD+LCEoa9UOSGi2jDHZvlZfJ421S5Wz56UpjOAM=
Subject key identifier:   25:17:7A:51:AF:E9:EB:B4:8B:D3:57:1F:F6:DF:40:22:FF:C0:AB:FC
Certificate issuer:       /CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
Certificate serial:       018CC7936AE7B0385FBF3EF4AEB251F37478
Authority key identifier: 16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/JRd6Ua_p67SL01cf9t9AIv_Aq_w.roa
Signing time:             Tue 02 Jan 2024 00:29:36 +0000
ROA not before:           Tue 02 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        185.29.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:6a:e7:b0:38:5f:bf:3e:f4:ae:b2:51:f3:74:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
        Validity
            Not Before: Jan  2 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25177a51afe9ebb48bd3571ff6df4022ffc0abfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:12:1a:79:42:92:06:66:72:bd:19:4d:58:b2:
                    c2:1d:4d:b9:ad:22:0d:9d:67:25:69:77:ce:71:fc:
                    b1:d5:29:18:dc:a5:bf:6e:ed:dd:4f:09:af:3e:66:
                    4e:f4:5b:90:7b:91:6e:75:dc:2c:1c:b6:78:d0:4c:
                    63:c2:24:26:6b:7d:9b:13:39:3d:6e:02:cd:96:f5:
                    17:f6:30:bb:7b:9a:b5:45:cb:34:ca:a1:8a:20:e2:
                    90:1f:3d:69:88:c1:49:c4:46:a3:b0:66:0a:95:f3:
                    21:5c:92:89:e2:13:78:1b:ee:e3:bb:e9:72:43:e6:
                    0c:42:36:25:e9:57:68:b6:72:57:60:ef:3a:e6:6b:
                    64:c8:a1:1d:de:3e:02:63:df:a0:d9:fd:cd:f2:fa:
                    8f:f2:2e:51:40:30:78:da:8c:91:0c:64:b8:87:90:
                    11:7d:9f:9d:9c:2c:b8:64:96:09:22:3a:7b:8b:30:
                    1e:92:d2:d8:33:4c:3f:72:90:b6:be:6e:7c:fe:fc:
                    40:83:31:32:d0:61:00:82:fe:84:ce:c1:84:80:d8:
                    d9:f1:57:e5:1f:33:87:ac:e4:d4:0f:df:7d:fb:e0:
                    1d:e5:2c:c9:95:55:a7:13:b0:a9:75:5a:78:93:21:
                    bc:2d:43:55:24:7e:f2:08:e1:71:c4:89:4e:8e:90:
                    db:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:17:7A:51:AF:E9:EB:B4:8B:D3:57:1F:F6:DF:40:22:FF:C0:AB:FC
            X509v3 Authority Key Identifier:
                keyid:16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/JRd6Ua_p67SL01cf9t9AIv_Aq_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:7d:fe:46:a8:10:1d:a9:88:2a:12:10:b8:64:d8:56:3e:b6:
         5e:56:2c:4b:4e:c1:c9:db:f2:a1:3c:53:17:4b:a2:f3:98:f0:
         71:30:5b:82:da:51:df:21:da:a8:e7:31:90:24:be:e9:13:9e:
         b1:c0:e3:0d:28:a5:c2:24:59:cd:e8:ee:03:48:0a:7d:fa:0b:
         17:c3:47:e6:a4:4b:e5:ef:7a:34:9a:83:13:0f:f6:ca:1a:43:
         08:79:5e:33:f6:20:22:44:06:ca:f8:ed:a8:a5:54:18:4b:99:
         32:57:cb:fe:ee:58:82:ea:a2:91:bd:96:86:5a:aa:44:2c:8d:
         50:b5:62:c9:08:50:ee:5c:dd:71:93:0a:97:b0:32:81:53:7b:
         a0:04:8d:9e:67:e4:39:59:32:a8:f4:97:67:0b:1d:36:ac:5b:
         85:ff:53:f3:a7:bd:f4:ce:bb:ce:fe:a1:12:e1:15:89:a0:7d:
         eb:69:94:75:a4:0f:52:15:fe:6b:23:dd:4c:01:10:77:5a:e0:
         71:ed:53:ce:d2:25:45:28:4d:11:3b:68:a9:a0:7e:3a:20:55:
         e5:06:b9:45:28:c1:63:7d:ad:d7:32:f3:a5:f1:c7:4c:c5:c5:
         d5:3a:45:f5:d6:e6:67:5f:59:3c:b6:85:1d:a0:99:05:e0:ee:
         73:08:d0:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk2rnsDhfvz70rrJR83R4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTA5NzBkZGJiNzYxOWNjODIxODZkZGI1MzZlYjRlODk4
NWQyZGUwHhcNMjQwMTAyMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTE3N2E1MWFmZTllYmI0OGJkMzU3MWZmNmRmNDAyMmZmYzBhYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBIaeUKSBmZyvRlNWLLCHU25rSIN
nWclaXfOcfyx1SkY3KW/bu3dTwmvPmZO9FuQe5FuddwsHLZ40ExjwiQma32bEzk9
bgLNlvUX9jC7e5q1Rcs0yqGKIOKQHz1piMFJxEajsGYKlfMhXJKJ4hN4G+7ju+ly
Q+YMQjYl6VdotnJXYO865mtkyKEd3j4CY9+g2f3N8vqP8i5RQDB42oyRDGS4h5AR
fZ+dnCy4ZJYJIjp7izAektLYM0w/cpC2vm58/vxAgzEy0GEAgv6EzsGEgNjZ8Vfl
HzOHrOTUD999++Ad5SzJlVWnE7CpdVp4kyG8LUNVJH7yCOFxxIlOjpDbewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUXelGv6eu0i9NXH/bfQCL/wKv8MB8GA1UdIwQY
MBaAFBaQlw3bt2GcyCGG3bU2606JhdLeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUt
Y2MwM2JkMzE1ZmY5LzEvSlJkNlVhX3A2N1NMMDFjZjl0OUFJdl9BcV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUtY2MwM2JkMzE1ZmY5
LzEvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR1MMA0G
CSqGSIb3DQEBCwUAA4IBAQASff5GqBAdqYgqEhC4ZNhWPrZeVixLTsHJ2/KhPFMX
S6LzmPBxMFuC2lHfIdqo5zGQJL7pE56xwOMNKKXCJFnN6O4DSAp9+gsXw0fmpEvl
73o0moMTD/bKGkMIeV4z9iAiRAbK+O2opVQYS5kyV8v+7liC6qKRvZaGWqpELI1Q
tWLJCFDuXN1xkwqXsDKBU3ugBI2eZ+Q5WTKo9JdnCx02rFuF/1Pzp730zrvO/qES
4RWJoH3raZR1pA9SFf5rI91MARB3WuBx7VPO0iVFKE0RO2ipoH46IFXlBrlFKMFj
fa3XMvOl8cdMxcXVOkX11uZnX1k8toUdoJkF4O5zCNCR
-----END CERTIFICATE-----