Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/jF6Y0DhjziHiqezXQNvQDa1qMa8.roa
File:                     jF6Y0DhjziHiqezXQNvQDa1qMa8.roa (raw, json)
Hash identifier:          A2waES0KvP7qtcj1EpOO7bDucyE3UIuT3TCAoR+G8oo=
Subject key identifier:   8C:5E:98:D0:38:63:CE:21:E2:A9:EC:D7:40:DB:D0:0D:AD:6A:31:AF
Certificate issuer:       /CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
Certificate serial:       018CC801328FB3C9707EB3E07D65E6E26CDA
Authority key identifier: 6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/jF6Y0DhjziHiqezXQNvQDa1qMa8.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.157.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:32:8f:b3:c9:70:7e:b3:e0:7d:65:e6:e2:6c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c5e98d03863ce21e2a9ecd740dbd00dad6a31af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bf:2a:53:4d:d4:53:6a:a5:17:e3:b7:9c:50:
                    65:09:35:66:63:a8:af:9c:31:d8:78:fb:15:c5:cc:
                    c4:45:06:68:38:bc:2e:45:f7:7e:7d:8d:0c:a3:d7:
                    5d:80:e5:66:12:d8:38:e5:28:53:f1:e7:69:75:c7:
                    6b:58:9d:be:37:c3:7f:4e:00:11:a9:48:89:06:53:
                    ae:b3:ec:40:83:1f:ad:da:db:b2:0c:c3:ed:9c:6f:
                    c7:4e:30:e0:e5:58:63:e5:c4:f9:b4:28:be:85:75:
                    b6:be:93:2e:86:f9:71:ac:64:7b:e4:e9:72:46:08:
                    37:83:5f:e6:5b:ca:de:f8:e2:a6:04:98:73:d5:48:
                    8b:44:02:76:cc:e0:d5:de:d2:8d:3e:0a:64:aa:9e:
                    b9:2c:82:a2:09:3e:14:35:7a:7a:93:a5:d9:5e:78:
                    d7:a1:da:4b:d1:e6:b9:87:5d:bb:db:c2:70:0e:2f:
                    90:21:3d:03:9f:3a:43:c7:92:da:56:46:6c:95:ac:
                    8a:36:2d:f5:75:c8:51:e4:ce:16:5d:27:1b:43:9e:
                    96:41:4c:17:c9:e7:72:22:32:5f:5a:59:4f:b7:2c:
                    44:d6:68:3f:6f:ba:b1:6f:82:fd:58:da:8f:01:13:
                    b0:99:4a:64:11:0c:04:24:cf:52:a5:0d:ff:00:15:
                    58:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:5E:98:D0:38:63:CE:21:E2:A9:EC:D7:40:DB:D0:0D:AD:6A:31:AF
            X509v3 Authority Key Identifier:
                keyid:6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/jF6Y0DhjziHiqezXQNvQDa1qMa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d1:ae:14:6a:18:2a:b7:75:da:65:d7:33:93:64:90:08:ed:
         91:7a:6f:ce:b4:d3:43:fb:d3:76:48:aa:12:91:5b:7a:89:f2:
         35:b3:4f:4a:83:e4:2d:b4:84:1a:4e:a6:b8:7f:ff:c8:49:4c:
         3f:0a:db:df:cd:d0:ce:84:b9:3f:1f:ca:cb:66:75:d2:aa:4e:
         9a:03:d9:fe:40:b5:5a:ae:3a:15:b9:49:13:12:6c:72:57:43:
         00:8f:b5:48:13:21:a1:e1:dd:44:21:a0:46:24:c6:05:89:9f:
         43:42:f6:fd:e8:28:08:22:0d:b5:8c:5d:e9:c8:ea:5d:94:f0:
         0f:0a:d1:db:ee:a0:c7:a0:e5:79:ea:82:62:10:31:6c:7b:5d:
         cf:30:53:28:fa:a7:72:e7:fd:19:09:b9:a0:71:c6:24:cc:b2:
         b7:fd:50:82:67:2a:eb:58:a5:ab:be:13:7f:2f:bc:e4:e4:c8:
         6a:8e:0b:e6:fb:19:b7:8d:57:36:72:b6:16:5a:d9:f6:84:43:
         17:1b:46:dc:9d:9d:d7:87:40:94:9d:d0:16:35:ca:f4:9f:34:
         0e:de:8b:99:29:4e:23:1a:f0:bc:c4:fe:8c:b6:13:88:6c:82:
         78:06:fd:36:33:3f:85:20:56:86:b0:8f:32:43:1c:73:ef:84:
         ed:c4:60:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATKPs8lwfrPgfWXm4mzaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYTZmOWUzZTI2MjJhNzgxNWEyNTllNThkNTUyNDM5YzI1
NWEzMWIwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzVlOThkMDM4NjNjZTIxZTJhOWVjZDc0MGRiZDAwZGFkNmEzMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr8qU03UU2qlF+O3nFBlCTVmY6iv
nDHYePsVxczERQZoOLwuRfd+fY0Mo9ddgOVmEtg45ShT8edpdcdrWJ2+N8N/TgAR
qUiJBlOus+xAgx+t2tuyDMPtnG/HTjDg5Vhj5cT5tCi+hXW2vpMuhvlxrGR75Oly
Rgg3g1/mW8re+OKmBJhz1UiLRAJ2zODV3tKNPgpkqp65LIKiCT4UNXp6k6XZXnjX
odpL0ea5h12728JwDi+QIT0DnzpDx5LaVkZslayKNi31dchR5M4WXScbQ56WQUwX
yedyIjJfWllPtyxE1mg/b7qxb4L9WNqPAROwmUpkEQwEJM9SpQ3/ABVYhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxemNA4Y84h4qns10Db0A2tajGvMB8GA1UdIwQY
MBaAFGqm+ePiYip4FaJZ5Y1VJDnCVaMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4Mzct
YzUwNzM0ZDAyMGYwLzEvakY2WTBEaGp6aUhpcWV6WFFOdlFEYTFxTWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4MzctYzUwNzM0ZDAyMGYw
LzEvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ3NMA0G
CSqGSIb3DQEBCwUAA4IBAQB70a4Uahgqt3XaZdczk2SQCO2Rem/OtNND+9N2SKoS
kVt6ifI1s09Kg+QttIQaTqa4f//ISUw/CtvfzdDOhLk/H8rLZnXSqk6aA9n+QLVa
rjoVuUkTEmxyV0MAj7VIEyGh4d1EIaBGJMYFiZ9DQvb96CgIIg21jF3pyOpdlPAP
CtHb7qDHoOV56oJiEDFse13PMFMo+qdy5/0ZCbmgccYkzLK3/VCCZyrrWKWrvhN/
L7zk5Mhqjgvm+xm3jVc2crYWWtn2hEMXG0bcnZ3Xh0CUndAWNcr0nzQO3ouZKU4j
GvC8xP6MthOIbIJ4Bv02Mz+FIFaGsI8yQxxz74TtxGB9
-----END CERTIFICATE-----