Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/jX7UTDcWPV66DrTelOBJVcoyOp8.roa
File:                     jX7UTDcWPV66DrTelOBJVcoyOp8.roa (raw, json)
Hash identifier:          ZJAnzxoEc86PcWxo0bZXyNAURKDOZOu4LKhVeql4Zzs=
Subject key identifier:   8D:7E:D4:4C:37:16:3D:5E:BA:0E:B4:DE:94:E0:49:55:CA:32:3A:9F
Certificate issuer:       /CN=a45ded68e2260321bca39e8465b49c25d58a56e6
Certificate serial:       018D77D30B5DFC55A01745345A2E8BA4A850
Authority key identifier: A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/jX7UTDcWPV66DrTelOBJVcoyOp8.roa
Signing time:             Mon 05 Feb 2024 05:52:16 +0000
ROA not before:           Mon 05 Feb 2024 05:52:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198584
IP address blocks:        185.253.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:77:d3:0b:5d:fc:55:a0:17:45:34:5a:2e:8b:a4:a8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a45ded68e2260321bca39e8465b49c25d58a56e6
        Validity
            Not Before: Feb  5 05:52:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d7ed44c37163d5eba0eb4de94e04955ca323a9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:69:09:e4:79:92:ee:b7:f6:eb:2e:57:7a:e3:
                    e8:8f:ea:65:84:c5:dc:66:7b:42:78:07:2c:c3:7a:
                    29:c8:b3:83:67:23:cd:e1:2a:39:67:f2:0c:fd:1f:
                    8e:16:bd:9e:71:1c:06:37:d5:7c:1f:d9:96:1f:cc:
                    6c:f2:bb:a0:1b:15:c6:ab:93:e4:b6:57:6f:8a:e8:
                    da:24:b1:f3:a2:95:00:e9:3e:28:8e:5e:14:1e:84:
                    2a:0b:29:cf:61:a3:67:51:4d:fe:e5:86:a4:c1:de:
                    2d:04:b8:95:d4:a3:d6:6c:19:6f:ac:51:5a:91:9e:
                    5c:a1:b5:a9:fe:24:c4:66:b6:8f:40:38:68:15:a9:
                    6e:1c:44:15:a8:c5:25:e4:84:bb:bf:0a:9d:0b:73:
                    2a:11:4e:ae:b8:93:91:92:06:4b:e1:17:24:d5:63:
                    b2:40:ab:33:51:bd:77:09:0f:4d:97:f5:0c:92:27:
                    89:85:62:88:a2:8e:5e:a1:2d:86:14:86:52:5f:c0:
                    b1:82:83:6d:75:2f:c1:58:02:fb:cb:ea:a9:0c:6d:
                    7f:78:ef:c8:0f:34:19:89:59:19:d7:03:9a:57:a0:
                    b1:32:e6:24:40:e9:57:6a:bd:4e:ad:ec:e2:a3:24:
                    34:fa:34:4c:49:60:41:71:ce:ee:e0:41:fc:f7:da:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:7E:D4:4C:37:16:3D:5E:BA:0E:B4:DE:94:E0:49:55:CA:32:3A:9F
            X509v3 Authority Key Identifier:
                keyid:A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/jX7UTDcWPV66DrTelOBJVcoyOp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:fc:c9:ac:5c:2d:5a:0c:53:e2:71:d5:98:61:8d:cb:54:09:
         ab:f0:62:3d:47:d4:9b:46:9b:df:a5:94:4b:39:9b:8f:cf:e6:
         74:11:5f:e3:27:93:dd:ec:aa:8f:58:14:dd:ee:30:82:10:9e:
         05:5a:7f:ee:71:11:87:1f:d2:a6:57:cb:46:6b:46:e6:de:60:
         36:34:4c:f9:f8:10:0e:06:4c:1d:f2:d4:bc:d1:c4:0f:14:1f:
         96:38:22:96:34:83:3e:73:4a:76:16:39:8e:c1:25:4b:8a:7a:
         b2:e0:27:e1:01:56:a3:6c:46:4c:fa:57:86:5a:18:82:9d:1d:
         ba:5c:23:62:b3:6e:89:cc:52:6e:76:20:4b:7f:8d:1f:05:fa:
         c5:dc:7c:ec:28:a0:3b:5f:fe:63:3b:a8:bc:a4:39:24:26:64:
         a6:65:e8:12:18:3a:fa:51:61:81:21:8e:b3:c8:da:0c:04:54:
         17:1c:fb:a8:b0:0d:63:3e:12:4d:d9:16:87:6a:e5:1e:88:f5:
         b4:f2:48:79:3b:7a:c1:c4:b5:d7:76:8a:dd:39:41:83:04:79:
         ff:9d:24:08:a4:85:24:29:a5:19:62:a3:99:6b:39:82:e2:c2:
         57:ad:b5:a4:a6:e8:2b:83:2b:4d:ba:86:bd:44:f7:73:d8:06:
         b2:43:ef:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY130wtd/FWgF0U0Wi6LpKhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NWRlZDY4ZTIyNjAzMjFiY2EzOWU4NDY1YjQ5YzI1ZDU4
YTU2ZTYwHhcNMjQwMjA1MDU1MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDdlZDQ0YzM3MTYzZDVlYmEwZWI0ZGU5NGUwNDk1NWNhMzIzYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmkJ5HmS7rf26y5XeuPoj+plhMXc
ZntCeAcsw3opyLODZyPN4So5Z/IM/R+OFr2ecRwGN9V8H9mWH8xs8rugGxXGq5Pk
tldviujaJLHzopUA6T4ojl4UHoQqCynPYaNnUU3+5Yakwd4tBLiV1KPWbBlvrFFa
kZ5cobWp/iTEZraPQDhoFaluHEQVqMUl5IS7vwqdC3MqEU6uuJORkgZL4Rck1WOy
QKszUb13CQ9Nl/UMkieJhWKIoo5eoS2GFIZSX8CxgoNtdS/BWAL7y+qpDG1/eO/I
DzQZiVkZ1wOaV6CxMuYkQOlXar1OrezioyQ0+jRMSWBBcc7u4EH899rgzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1+1Ew3Fj1eug603pTgSVXKMjqfMB8GA1UdIwQY
MBaAFKRd7WjiJgMhvKOehGW0nCXVilbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTct
NTQ4NTNjNDc2NjFmLzEvalg3VVREY1dQVjY2RHJUZWxPQkpWY295T3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTctNTQ4NTNjNDc2NjFm
LzEvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf0BMA0G
CSqGSIb3DQEBCwUAA4IBAQCG/MmsXC1aDFPicdWYYY3LVAmr8GI9R9SbRpvfpZRL
OZuPz+Z0EV/jJ5Pd7KqPWBTd7jCCEJ4FWn/ucRGHH9KmV8tGa0bm3mA2NEz5+BAO
Bkwd8tS80cQPFB+WOCKWNIM+c0p2FjmOwSVLinqy4CfhAVajbEZM+leGWhiCnR26
XCNis26JzFJudiBLf40fBfrF3HzsKKA7X/5jO6i8pDkkJmSmZegSGDr6UWGBIY6z
yNoMBFQXHPuosA1jPhJN2RaHauUeiPW08kh5O3rBxLXXdordOUGDBHn/nSQIpIUk
KaUZYqOZazmC4sJXrbWkpugrgytNuoa9RPdz2AayQ+99
-----END CERTIFICATE-----