Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/cJn78bflEyzInDsjmek_l7YcMic.roa
File:                     cJn78bflEyzInDsjmek_l7YcMic.roa (raw, json)
Hash identifier:          3UkXQR4VcDkOZFOHOJNyzhwHUwtE78NtAE/zNx3x8cc=
Subject key identifier:   70:99:FB:F1:B7:E5:13:2C:C8:9C:3B:23:99:E9:3F:97:B6:1C:32:27
Certificate issuer:       /CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
Certificate serial:       018DCFAE61786A01AF013697AC8B933185F7
Authority key identifier: 81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/cJn78bflEyzInDsjmek_l7YcMic.roa
Signing time:             Thu 22 Feb 2024 07:18:48 +0000
ROA not before:           Thu 22 Feb 2024 07:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63801
IP address blocks:        185.140.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cf:ae:61:78:6a:01:af:01:36:97:ac:8b:93:31:85:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
        Validity
            Not Before: Feb 22 07:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7099fbf1b7e5132cc89c3b2399e93f97b61c3227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2c:c2:8e:d6:02:84:69:80:c5:9c:24:71:2e:
                    0d:b8:92:f2:aa:60:39:b4:eb:14:8e:4b:5c:7b:13:
                    f3:a5:0c:b5:b9:e7:a6:7a:ab:fc:18:4e:a8:b4:93:
                    85:0e:51:3f:8e:63:d4:0c:2b:e2:bb:f8:01:bb:f9:
                    7e:d8:cc:89:3d:e3:67:43:21:72:f3:c5:f2:33:18:
                    19:2a:31:91:93:fb:ec:9b:e3:16:3a:f2:c2:58:f8:
                    e1:04:57:d1:8a:11:a6:27:9c:f5:cc:0e:e2:0b:04:
                    20:db:eb:f3:33:9d:f7:8a:f2:00:c6:ed:3a:48:bb:
                    61:9f:35:66:3f:ee:a3:f7:74:46:8a:59:21:02:9d:
                    0d:1b:6a:55:4f:b4:ae:3b:dc:4d:d7:0e:4f:6c:3b:
                    32:b9:fd:6c:57:06:88:0e:1f:24:5d:11:b4:66:b2:
                    1e:59:a4:70:72:8d:b7:9c:c7:75:54:dc:9d:3c:26:
                    67:54:aa:b9:98:a7:b0:95:02:1a:00:4b:f1:fd:9d:
                    bb:8a:15:f6:0d:bc:c9:4d:49:32:a6:3b:20:a4:09:
                    81:96:9b:21:5a:9c:3e:6f:8a:02:6d:5c:0c:fa:79:
                    58:d3:02:2b:dc:e4:84:38:72:54:7f:b6:4c:13:e1:
                    11:28:86:b4:06:c7:7f:a4:c2:79:45:a0:b1:a8:84:
                    a7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:99:FB:F1:B7:E5:13:2C:C8:9C:3B:23:99:E9:3F:97:B6:1C:32:27
            X509v3 Authority Key Identifier:
                keyid:81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/cJn78bflEyzInDsjmek_l7YcMic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:4c:94:02:29:07:c1:f7:02:86:3c:7a:c2:84:c6:6a:4d:f6:
         a8:a2:b5:50:4f:2f:d1:8f:0c:f1:23:59:bc:06:16:67:22:22:
         db:02:78:e4:33:47:9e:67:b3:b2:0a:ef:96:49:9a:ab:dc:9c:
         5c:7f:50:b5:48:30:52:e3:eb:b6:d0:d0:3c:1e:10:9f:a8:41:
         f5:0c:bd:ed:f6:d8:4c:17:80:33:7f:ca:6e:04:ba:8a:a3:a3:
         4d:a7:a7:a0:9e:8e:9e:bd:c7:87:38:20:f2:2a:1a:b3:a4:20:
         70:41:26:08:c8:12:bc:ce:72:30:6c:ff:5d:e0:71:39:74:20:
         22:ed:27:bb:05:55:70:e2:e8:02:b5:e4:3e:fe:55:c7:b0:7d:
         42:75:bf:5b:29:4c:36:ac:12:dd:26:aa:d1:fc:a4:40:18:db:
         d6:d0:3e:ca:30:a4:09:34:49:90:ef:94:5a:1b:ba:84:d1:52:
         2b:4f:24:08:1a:4e:b4:66:69:28:19:7d:4e:30:ca:4d:85:1c:
         28:a4:fd:0c:58:95:04:be:24:1c:1a:0d:38:e1:51:9d:75:e3:
         9c:34:94:10:8f:1a:d6:ae:99:12:9d:e1:19:fb:5a:12:42:fe:
         bc:43:53:ea:4a:45:20:bd:b6:3a:a2:b1:cb:f2:d0:05:13:06:
         68:32:8a:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3PrmF4agGvATaXrIuTMYX3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmQyMjBiMmI1YTQ2ZmJlYjI3ZWYyZDk2OWZhMjFkZDMz
OGM1YjMwHhcNMjQwMjIyMDcxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk5ZmJmMWI3ZTUxMzJjYzg5YzNiMjM5OWU5M2Y5N2I2MWMzMjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyzCjtYChGmAxZwkcS4NuJLyqmA5
tOsUjktcexPzpQy1ueemeqv8GE6otJOFDlE/jmPUDCviu/gBu/l+2MyJPeNnQyFy
88XyMxgZKjGRk/vsm+MWOvLCWPjhBFfRihGmJ5z1zA7iCwQg2+vzM533ivIAxu06
SLthnzVmP+6j93RGilkhAp0NG2pVT7SuO9xN1w5PbDsyuf1sVwaIDh8kXRG0ZrIe
WaRwco23nMd1VNydPCZnVKq5mKewlQIaAEvx/Z27ihX2DbzJTUkypjsgpAmBlpsh
Wpw+b4oCbVwM+nlY0wIr3OSEOHJUf7ZME+ERKIa0Bsd/pMJ5RaCxqISnjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCZ+/G35RMsyJw7I5npP5e2HDInMB8GA1UdIwQY
MBaAFIFtIgsrWkb76yfvLZafoh3TOMWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTct
ZTk3ODIwNDFjYzI0LzEvY0puNzhiZmxFeXpJbkRzam1la19sN1ljTWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTctZTk3ODIwNDFjYzI0
LzEvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYw1MA0G
CSqGSIb3DQEBCwUAA4IBAQBWTJQCKQfB9wKGPHrChMZqTfaoorVQTy/RjwzxI1m8
BhZnIiLbAnjkM0eeZ7OyCu+WSZqr3Jxcf1C1SDBS4+u20NA8HhCfqEH1DL3t9thM
F4Azf8puBLqKo6NNp6egno6evceHOCDyKhqzpCBwQSYIyBK8znIwbP9d4HE5dCAi
7Se7BVVw4ugCteQ+/lXHsH1Cdb9bKUw2rBLdJqrR/KRAGNvW0D7KMKQJNEmQ75Ra
G7qE0VIrTyQIGk60ZmkoGX1OMMpNhRwopP0MWJUEviQcGg044VGddeOcNJQQjxrW
rpkSneEZ+1oSQv68Q1PqSkUgvbY6orHL8tAFEwZoMoow
-----END CERTIFICATE-----