Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/fa9d86-ca25-4d69-a0f4-109c2ae59316/1/jN3p0OhMnjbtQdqpwq1-Y9Moxms.roa
File:                     jN3p0OhMnjbtQdqpwq1-Y9Moxms.roa (raw, json)
Hash identifier:          lbFWDNb/7KU7WSQbz3CyZIzb8H/blSJbBGRdhRVTQmY=
Subject key identifier:   8C:DD:E9:D0:E8:4C:9E:36:ED:41:DA:A9:C2:AD:7E:63:D3:28:C6:6B
Certificate issuer:       /CN=76b0bcfc2cdb052b89e29ca5a75bbef2922c80c3
Certificate serial:       018CC86F14D61298205821B52F0816CB8B1A
Authority key identifier: 76:B0:BC:FC:2C:DB:05:2B:89:E2:9C:A5:A7:5B:BE:F2:92:2C:80:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/drC8_CzbBSuJ4pylp1u-8pIsgMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/fa9d86-ca25-4d69-a0f4-109c2ae59316/1/jN3p0OhMnjbtQdqpwq1-Y9Moxms.roa
Signing time:             Tue 02 Jan 2024 04:29:32 +0000
ROA not before:           Tue 02 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199895
IP address blocks:        185.37.13.0/24 maxlen: 24
                          185.37.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/fa9d86-ca25-4d69-a0f4-109c2ae59316/1/drC8_CzbBSuJ4pylp1u-8pIsgMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/fa9d86-ca25-4d69-a0f4-109c2ae59316/1/drC8_CzbBSuJ4pylp1u-8pIsgMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/drC8_CzbBSuJ4pylp1u-8pIsgMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:14:d6:12:98:20:58:21:b5:2f:08:16:cb:8b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76b0bcfc2cdb052b89e29ca5a75bbef2922c80c3
        Validity
            Not Before: Jan  2 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cdde9d0e84c9e36ed41daa9c2ad7e63d328c66b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:74:97:83:ec:96:52:0c:76:8d:03:aa:57:a1:
                    4e:45:e6:0f:72:ec:a1:e0:f3:b1:4c:3b:9b:ef:5f:
                    90:91:81:d0:23:1e:d6:dc:68:b1:26:61:49:8b:34:
                    f9:f6:9b:7a:b2:3c:94:cf:8f:52:22:24:4b:d7:e1:
                    b8:70:cd:09:71:26:c4:10:49:98:16:6f:bb:87:09:
                    57:f8:f3:7d:18:82:b9:7e:a2:75:c0:db:4d:5e:54:
                    57:1e:eb:c8:d3:e5:68:4e:d5:2b:f9:c7:35:30:21:
                    21:32:ca:d5:43:5c:82:10:56:a3:0c:88:f4:40:00:
                    7c:0b:75:59:c2:09:80:aa:91:ce:6c:57:d1:1d:e7:
                    f6:05:a8:a6:e1:7b:d6:cb:a6:ba:a5:63:38:30:47:
                    78:13:b9:fa:ee:52:fd:28:b3:c9:d8:35:f0:d9:23:
                    80:ec:54:dd:6c:e1:c6:6f:3f:e8:ff:99:a2:1b:ee:
                    49:88:52:48:38:82:2a:22:54:8b:3f:1a:71:ef:0d:
                    21:73:54:d0:0a:ea:9e:bd:e5:bb:93:39:da:09:03:
                    cc:90:da:7a:9c:3d:7c:ba:29:8c:ff:74:4d:76:1c:
                    18:a4:ff:a1:88:20:8d:65:53:3f:dc:8b:c8:6b:82:
                    b8:ae:1a:ac:48:28:c7:48:5f:ca:86:cb:e2:7e:a9:
                    83:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DD:E9:D0:E8:4C:9E:36:ED:41:DA:A9:C2:AD:7E:63:D3:28:C6:6B
            X509v3 Authority Key Identifier:
                keyid:76:B0:BC:FC:2C:DB:05:2B:89:E2:9C:A5:A7:5B:BE:F2:92:2C:80:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/drC8_CzbBSuJ4pylp1u-8pIsgMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/fa9d86-ca25-4d69-a0f4-109c2ae59316/1/jN3p0OhMnjbtQdqpwq1-Y9Moxms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/fa9d86-ca25-4d69-a0f4-109c2ae59316/1/drC8_CzbBSuJ4pylp1u-8pIsgMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:29:25:3b:74:a2:b3:72:36:71:ff:19:37:27:14:e3:a1:c8:
         bc:61:9a:78:52:cb:75:82:eb:4d:13:96:dc:f9:e4:f5:bb:5d:
         35:66:85:90:47:7c:6f:c1:ed:2a:69:80:ff:91:08:eb:15:38:
         cc:e2:ed:bc:86:91:ca:ca:a6:b6:75:f0:1a:65:63:e7:62:98:
         4f:73:2d:77:9a:ff:b0:cb:28:f0:f1:76:a1:f4:af:7e:be:67:
         c8:2d:6e:00:a0:b8:bc:25:25:88:6e:97:31:76:9a:93:9c:9c:
         64:31:61:f4:8e:50:71:99:99:17:ac:14:12:a8:55:d1:95:69:
         83:5d:e7:53:59:07:f8:37:d7:17:6d:be:df:c2:8c:64:4f:79:
         83:52:68:5c:b7:79:d3:ed:04:49:99:b4:75:80:03:43:50:59:
         1f:28:c3:58:4e:04:e3:12:ee:a0:45:03:dc:92:37:ee:85:92:
         42:d0:fe:e6:a1:85:41:f5:27:33:84:0c:94:7f:7d:67:7e:18:
         3b:3c:43:a6:4c:ba:1c:b2:7b:c8:b2:cc:4f:4a:c2:5e:7d:72:
         e0:a3:16:80:c7:91:a2:e2:7e:3b:30:96:dc:41:ec:8d:f3:e5:
         00:dc:d9:3e:2f:c8:e8:8b:64:d4:a9:59:24:d8:84:15:b9:ff:
         76:22:b7:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxTWEpggWCG1LwgWy4saMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YjBiY2ZjMmNkYjA1MmI4OWUyOWNhNWE3NWJiZWYyOTIy
YzgwYzMwHhcNMjQwMTAyMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RkZTlkMGU4NGM5ZTM2ZWQ0MWRhYTljMmFkN2U2M2QzMjhjNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHSXg+yWUgx2jQOqV6FOReYPcuyh
4POxTDub71+QkYHQIx7W3GixJmFJizT59pt6sjyUz49SIiRL1+G4cM0JcSbEEEmY
Fm+7hwlX+PN9GIK5fqJ1wNtNXlRXHuvI0+VoTtUr+cc1MCEhMsrVQ1yCEFajDIj0
QAB8C3VZwgmAqpHObFfRHef2Baim4XvWy6a6pWM4MEd4E7n67lL9KLPJ2DXw2SOA
7FTdbOHGbz/o/5miG+5JiFJIOIIqIlSLPxpx7w0hc1TQCuqeveW7kznaCQPMkNp6
nD18uimM/3RNdhwYpP+hiCCNZVM/3IvIa4K4rhqsSCjHSF/KhsvifqmDnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzd6dDoTJ427UHaqcKtfmPTKMZrMB8GA1UdIwQY
MBaAFHawvPws2wUrieKcpadbvvKSLIDDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHJDOF9DemJCU3VKNHB5bHAxdS04cElzZ01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mYTlkODYtY2EyNS00ZDY5LWEwZjQt
MTA5YzJhZTU5MzE2LzEvak4zcDBPaE1uamJ0UWRxcHdxMS1ZOU1veG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mYTlkODYtY2EyNS00ZDY5LWEwZjQtMTA5YzJhZTU5MzE2
LzEvZHJDOF9DemJCU3VKNHB5bHAxdS04cElzZ01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSUMMA0G
CSqGSIb3DQEBCwUAA4IBAQBwKSU7dKKzcjZx/xk3JxTjoci8YZp4Ust1gutNE5bc
+eT1u101ZoWQR3xvwe0qaYD/kQjrFTjM4u28hpHKyqa2dfAaZWPnYphPcy13mv+w
yyjw8Xah9K9+vmfILW4AoLi8JSWIbpcxdpqTnJxkMWH0jlBxmZkXrBQSqFXRlWmD
XedTWQf4N9cXbb7fwoxkT3mDUmhct3nT7QRJmbR1gANDUFkfKMNYTgTjEu6gRQPc
kjfuhZJC0P7moYVB9SczhAyUf31nfhg7PEOmTLocsnvIssxPSsJefXLgoxaAx5Gi
4n47MJbcQeyN8+UA3Nk+L8joi2TUqVkk2IQVuf92Irf6
-----END CERTIFICATE-----