Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/jEbh7e1lo_PSjVT9HHODJ3hxm4o.roa
File:                     jEbh7e1lo_PSjVT9HHODJ3hxm4o.roa (raw, json)
Hash identifier:          fZYeIg6xdX+XGArETTO2iqAa+UWc5N7QNoFGlC7/YNM=
Subject key identifier:   8C:46:E1:ED:ED:65:A3:F3:D2:8D:54:FD:1C:73:83:27:78:71:9B:8A
Certificate issuer:       /CN=a45ded68e2260321bca39e8465b49c25d58a56e6
Certificate serial:       0192E2FD90D8975659C2871BFEECD75B65CD
Authority key identifier: A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/jEbh7e1lo_PSjVT9HHODJ3hxm4o.roa
Signing time:             Thu 31 Oct 2024 14:32:01 +0000
ROA not before:           Thu 31 Oct 2024 14:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        185.128.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:fd:90:d8:97:56:59:c2:87:1b:fe:ec:d7:5b:65:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a45ded68e2260321bca39e8465b49c25d58a56e6
        Validity
            Not Before: Oct 31 14:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c46e1eded65a3f3d28d54fd1c73832778719b8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:1f:1c:3d:32:eb:d7:cf:4e:ce:2e:f3:87:39:
                    a2:a7:f4:03:80:0b:97:94:d6:1a:de:2a:da:e6:17:
                    35:d8:c0:6f:c2:fd:6c:42:e9:1c:86:12:f8:0c:ca:
                    69:8b:cd:24:d3:9f:92:61:6c:46:d2:a3:b1:b3:a3:
                    64:20:04:f5:dd:a0:ce:da:2a:bd:e6:39:58:ae:25:
                    ec:a6:d9:94:a8:0f:bc:3e:2a:31:d2:e8:07:fa:b4:
                    1d:36:b3:6e:57:62:57:c6:52:c5:d6:cf:6b:48:62:
                    d1:72:cc:03:6b:ba:50:80:09:c9:ad:16:c7:97:a7:
                    94:df:3a:92:9c:0b:63:3b:51:5d:21:f1:8f:0e:ce:
                    cc:f5:fb:56:c3:5d:c8:5f:0a:79:36:95:b7:c1:46:
                    08:65:e7:65:eb:3b:dc:ec:f4:43:bf:f3:b9:2d:07:
                    fe:00:51:47:36:e5:d5:e2:4a:73:32:c2:c2:10:3b:
                    b4:0c:88:ca:73:d0:ac:c9:cc:85:9c:44:35:5c:a1:
                    68:c8:f2:d9:a3:c1:b6:30:50:dd:45:ae:fa:59:85:
                    77:0e:b9:d6:a9:e3:47:2b:42:cc:67:40:2c:1f:29:
                    5c:47:b9:3b:86:f7:bc:0b:52:3d:84:25:99:19:90:
                    08:0f:c8:9f:37:b3:aa:52:24:fb:7d:1d:4e:76:77:
                    4d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:46:E1:ED:ED:65:A3:F3:D2:8D:54:FD:1C:73:83:27:78:71:9B:8A
            X509v3 Authority Key Identifier:
                keyid:A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/jEbh7e1lo_PSjVT9HHODJ3hxm4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:19:4e:a9:73:59:34:6f:68:51:5f:03:2e:03:dc:26:31:be:
         54:2d:6e:ac:5b:94:f4:50:9a:b4:8a:b9:e6:3e:25:03:1f:ff:
         57:cb:69:c9:57:72:98:42:c0:4d:cd:64:93:92:17:52:7b:d3:
         80:f3:ea:4b:05:5b:51:9f:45:34:bc:e0:e0:a6:ed:b3:5f:9d:
         77:68:09:4d:ca:72:0f:c2:32:e8:c6:78:f5:b8:e3:18:9f:f2:
         a6:b7:4b:a5:4b:4e:62:d5:a6:51:0a:e0:52:15:fd:d7:94:24:
         6e:d3:d7:a2:21:ac:ff:55:cc:a1:f9:32:ad:86:db:cc:71:a1:
         3e:6b:b3:73:f8:6b:d8:5c:92:59:cc:01:39:05:86:24:33:49:
         e9:97:67:c4:11:20:c2:8e:f2:8d:ef:be:f9:7a:b4:37:70:5b:
         a8:2c:83:79:d0:f1:8d:3c:75:a4:42:f5:82:02:81:ae:76:6b:
         26:33:2a:3b:9a:15:1c:ea:37:53:a0:a9:3c:2c:36:b5:78:14:
         85:66:7d:5e:7b:82:9f:48:0b:88:50:74:31:43:80:b8:ff:b2:
         2e:a4:06:79:dc:6c:b4:c7:61:5f:5b:70:e3:ec:b1:e7:b7:20:
         9e:1a:24:fe:c0:1c:88:4a:a0:33:14:df:be:9f:ca:4f:d2:a3:
         f4:25:0e:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLi/ZDYl1ZZwocb/uzXW2XNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NWRlZDY4ZTIyNjAzMjFiY2EzOWU4NDY1YjQ5YzI1ZDU4
YTU2ZTYwHhcNMjQxMDMxMTQzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQ2ZTFlZGVkNjVhM2YzZDI4ZDU0ZmQxYzczODMyNzc4NzE5YjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1B8cPTLr189Ozi7zhzmip/QDgAuX
lNYa3ira5hc12MBvwv1sQukchhL4DMppi80k05+SYWxG0qOxs6NkIAT13aDO2iq9
5jlYriXsptmUqA+8Piox0ugH+rQdNrNuV2JXxlLF1s9rSGLRcswDa7pQgAnJrRbH
l6eU3zqSnAtjO1FdIfGPDs7M9ftWw13IXwp5NpW3wUYIZedl6zvc7PRDv/O5LQf+
AFFHNuXV4kpzMsLCEDu0DIjKc9CsycyFnEQ1XKFoyPLZo8G2MFDdRa76WYV3DrnW
qeNHK0LMZ0AsHylcR7k7hve8C1I9hCWZGZAID8ifN7OqUiT7fR1OdndNYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxG4e3tZaPz0o1U/Rxzgyd4cZuKMB8GA1UdIwQY
MBaAFKRd7WjiJgMhvKOehGW0nCXVilbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTct
NTQ4NTNjNDc2NjFmLzEvakViaDdlMWxvX1BTalZUOUhIT0RKM2h4bTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTctNTQ4NTNjNDc2NjFm
LzEvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDiMA0G
CSqGSIb3DQEBCwUAA4IBAQBrGU6pc1k0b2hRXwMuA9wmMb5ULW6sW5T0UJq0irnm
PiUDH/9Xy2nJV3KYQsBNzWSTkhdSe9OA8+pLBVtRn0U0vODgpu2zX513aAlNynIP
wjLoxnj1uOMYn/Kmt0ulS05i1aZRCuBSFf3XlCRu09eiIaz/Vcyh+TKthtvMcaE+
a7Nz+GvYXJJZzAE5BYYkM0npl2fEESDCjvKN7775erQ3cFuoLIN50PGNPHWkQvWC
AoGudmsmMyo7mhUc6jdToKk8LDa1eBSFZn1ee4KfSAuIUHQxQ4C4/7IupAZ53Gy0
x2FfW3Dj7LHntyCeGiT+wByISqAzFN++n8pP0qP0JQ7N
-----END CERTIFICATE-----