Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/JkFGws_5GFEgTGJxGESzbz5nfQU.roa
File:                     JkFGws_5GFEgTGJxGESzbz5nfQU.roa (raw, json)
Hash identifier:          0SKHywz/spe7LufGeG+dqJPJLAHf41JWwPe8njnDLG4=
Subject key identifier:   26:41:46:C2:CF:F9:18:51:20:4C:62:71:18:44:B3:6F:3E:67:7D:05
Certificate issuer:       /CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
Certificate serial:       018F0B7D3F854261D6ABE812D30C6DC48AEB
Authority key identifier: C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/JkFGws_5GFEgTGJxGESzbz5nfQU.roa
Signing time:             Tue 23 Apr 2024 15:05:08 +0000
ROA not before:           Tue 23 Apr 2024 15:05:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        185.233.165.0/24 maxlen: 24
                          185.233.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0b:7d:3f:85:42:61:d6:ab:e8:12:d3:0c:6d:c4:8a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
        Validity
            Not Before: Apr 23 15:05:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=264146c2cff91851204c62711844b36f3e677d05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:31:b4:a4:bd:e9:4b:ff:c0:01:7f:5f:51:5e:
                    64:a7:c2:75:09:9f:32:4d:64:2a:27:d8:51:cd:fd:
                    ef:0c:59:83:ac:49:cc:78:dc:5e:37:07:4e:7b:62:
                    6d:69:80:10:e4:1f:f0:91:7b:e7:86:2d:79:8b:7f:
                    45:1f:e5:f5:75:36:af:3b:e5:ed:46:bd:0d:52:1f:
                    b3:8a:bd:0e:1c:cd:a1:cc:ea:e4:bf:12:40:78:16:
                    c4:ee:91:44:68:19:ec:5c:d4:80:ba:34:2a:17:5f:
                    59:35:b6:cb:fc:19:b8:34:16:40:46:c1:d4:74:7b:
                    17:89:3a:31:59:fc:19:95:8f:7d:eb:51:52:71:20:
                    0b:fb:9b:5a:2f:c1:ed:c5:4d:63:94:4e:a5:2b:1e:
                    00:f5:37:1c:43:26:f4:4d:69:77:66:27:a4:a6:3b:
                    0d:d5:e4:64:b2:6a:b2:26:6e:ef:d8:38:99:ab:cc:
                    f3:c9:35:5e:2c:09:ab:f6:67:84:a3:ef:a7:aa:99:
                    f7:bb:fe:cc:54:27:22:1e:3b:3e:46:7b:94:d5:ed:
                    8b:b8:3f:be:fe:6f:04:69:17:42:c7:e7:24:4f:16:
                    12:f1:90:ba:5a:a2:85:d7:27:8e:8e:c1:54:fb:e6:
                    b0:bc:32:8b:15:c2:58:4d:3d:2e:8d:3a:ab:54:d8:
                    bb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:41:46:C2:CF:F9:18:51:20:4C:62:71:18:44:B3:6F:3E:67:7D:05
            X509v3 Authority Key Identifier:
                keyid:C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/JkFGws_5GFEgTGJxGESzbz5nfQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.165.0/24
                  185.233.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:0f:79:5f:7d:9d:ca:4a:ba:19:44:f9:a1:b7:90:3e:f5:13:
         c7:8d:13:c5:21:89:8e:b2:36:ac:17:65:a0:46:c9:1c:0b:ab:
         d6:65:f7:ba:0a:ac:b4:d9:4e:7f:db:4b:98:33:d4:22:e8:bd:
         5d:3e:b6:b1:41:53:04:72:10:03:35:28:0d:ba:c9:fa:a7:2d:
         da:eb:47:ff:1a:a2:14:07:b6:69:a4:e6:49:f8:08:c5:24:e1:
         f6:44:fd:d8:24:fc:36:f1:4d:5e:a1:f9:a9:9b:25:f9:e9:8d:
         b7:a4:17:f1:c3:24:6e:fe:87:39:04:8c:32:b8:81:f3:48:52:
         bd:c9:3d:7c:dc:6b:69:4c:83:bf:db:39:0f:ab:f1:50:ee:49:
         da:46:ac:7f:91:e4:ec:28:d5:5d:bc:ab:4c:3e:03:44:2a:14:
         a2:fb:ff:c0:d2:b3:a9:b6:95:a0:28:27:45:64:9c:22:97:36:
         df:81:05:75:f1:10:a6:4b:d7:d0:bb:70:75:c5:a2:1b:a1:50:
         31:71:0f:48:1a:a4:05:8c:52:eb:65:e6:f4:ab:74:5a:c8:06:
         2f:14:37:43:ca:29:6f:03:a3:db:a8:da:cb:d0:72:c7:25:9a:
         20:f9:05:b6:e0:c0:6f:72:c6:ca:e8:53:5a:28:b3:42:9b:92:
         43:04:a6:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8LfT+FQmHWq+gS0wxtxIrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YjYyM2JiYzU0ZTk4NDY3NDhjZDc3YjJiOGIzNDM4Mjdl
NWFlYWEwHhcNMjQwNDIzMTUwNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQxNDZjMmNmZjkxODUxMjA0YzYyNzExODQ0YjM2ZjNlNjc3ZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujG0pL3pS//AAX9fUV5kp8J1CZ8y
TWQqJ9hRzf3vDFmDrEnMeNxeNwdOe2JtaYAQ5B/wkXvnhi15i39FH+X1dTavO+Xt
Rr0NUh+zir0OHM2hzOrkvxJAeBbE7pFEaBnsXNSAujQqF19ZNbbL/Bm4NBZARsHU
dHsXiToxWfwZlY9961FScSAL+5taL8HtxU1jlE6lKx4A9TccQyb0TWl3ZiekpjsN
1eRksmqyJm7v2DiZq8zzyTVeLAmr9meEo++nqpn3u/7MVCciHjs+RnuU1e2LuD++
/m8EaRdCx+ckTxYS8ZC6WqKF1yeOjsFU++awvDKLFcJYTT0ujTqrVNi7RwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCZBRsLP+RhRIExicRhEs28+Z30FMB8GA1UdIwQY
MBaAFMe2I7vFTphGdIzXeyuLNDgn5a6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDdZanU4Vk9tRVowak5kN0s0czBPQ2ZscnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lZDg3OWItZTNjNC00YjdhLWJkMGMt
MzRlNGUwNjc5MzMzLzEvSmtGR3dzXzVHRkVnVEdKeEdFU3piejVuZlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lZDg3OWItZTNjNC00YjdhLWJkMGMtMzRlNGUwNjc5MzMz
LzEveDdZanU4Vk9tRVowak5kN0s0czBPQ2ZscnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuemlAwQA
uemnMA0GCSqGSIb3DQEBCwUAA4IBAQBwD3lffZ3KSroZRPmht5A+9RPHjRPFIYmO
sjasF2WgRskcC6vWZfe6Cqy02U5/20uYM9Qi6L1dPraxQVMEchADNSgNusn6py3a
60f/GqIUB7ZppOZJ+AjFJOH2RP3YJPw28U1eofmpmyX56Y23pBfxwyRu/oc5BIwy
uIHzSFK9yT183GtpTIO/2zkPq/FQ7knaRqx/keTsKNVdvKtMPgNEKhSi+//A0rOp
tpWgKCdFZJwilzbfgQV18RCmS9fQu3B1xaIboVAxcQ9IGqQFjFLrZeb0q3RayAYv
FDdDyilvA6PbqNrL0HLHJZog+QW24MBvcsbK6FNaKLNCm5JDBKZn
-----END CERTIFICATE-----