Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/89c3e4-b613-49ec-ae25-2e75228f9261/1/jNs533ylMl1gALd0dX2ldtxV7f0.roa
File:                     jNs533ylMl1gALd0dX2ldtxV7f0.roa (raw, json)
Hash identifier:          bLUGBnQmVrZPNCazeIU7SIYQdYTRqfHuBMAz2J0ygQY=
Subject key identifier:   8C:DB:39:DF:7C:A5:32:5D:60:00:B7:74:75:7D:A5:76:DC:55:ED:FD
Certificate issuer:       /CN=2b0140ad39414c4eab02ac55422b44163ed34b0f
Certificate serial:       0191E267F2B8F43891F159AA04BA5F4D8082
Authority key identifier: 2B:01:40:AD:39:41:4C:4E:AB:02:AC:55:42:2B:44:16:3E:D3:4B:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwFArTlBTE6rAqxVQitEFj7TSw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/89c3e4-b613-49ec-ae25-2e75228f9261/1/jNs533ylMl1gALd0dX2ldtxV7f0.roa
Signing time:             Wed 11 Sep 2024 18:45:48 +0000
ROA not before:           Wed 11 Sep 2024 18:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44407
IP address blocks:        185.111.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/89c3e4-b613-49ec-ae25-2e75228f9261/1/KwFArTlBTE6rAqxVQitEFj7TSw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/89c3e4-b613-49ec-ae25-2e75228f9261/1/KwFArTlBTE6rAqxVQitEFj7TSw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwFArTlBTE6rAqxVQitEFj7TSw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e2:67:f2:b8:f4:38:91:f1:59:aa:04:ba:5f:4d:80:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b0140ad39414c4eab02ac55422b44163ed34b0f
        Validity
            Not Before: Sep 11 18:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cdb39df7ca5325d6000b774757da576dc55edfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ec:1c:1e:d8:51:2c:d7:08:ef:aa:10:1b:28:
                    52:db:92:e8:01:a3:ba:fd:72:ff:e2:8f:d2:26:3f:
                    4f:58:31:4b:08:cb:91:d5:00:09:26:fb:62:ff:e3:
                    76:4d:87:36:b5:03:61:2b:3e:28:94:7c:c7:65:6e:
                    91:f0:0e:05:fe:14:76:c6:0f:61:42:eb:fb:84:fb:
                    88:15:6c:b1:80:d6:e2:eb:d5:c3:d1:d9:70:a1:af:
                    a0:14:71:e7:f3:56:6d:ce:1f:51:de:46:98:23:b5:
                    8e:cd:45:13:b0:e1:75:86:07:d8:76:fe:42:a4:26:
                    2b:f2:c9:c3:9d:98:98:ea:d3:04:59:97:6e:2f:f0:
                    50:47:f7:62:68:ce:c7:0c:16:8b:36:d0:23:68:2c:
                    25:5b:ea:ce:50:cc:0d:85:30:aa:44:d2:35:04:38:
                    a3:c0:bb:62:c2:ef:78:14:f8:9b:56:74:76:6e:3f:
                    ec:d6:c8:7f:9c:30:c1:30:ad:95:08:47:23:59:87:
                    e1:53:1b:d8:d4:1a:55:e9:87:fa:d2:f9:62:41:75:
                    79:75:1e:d1:16:25:be:d6:71:7d:6c:bf:10:37:32:
                    e7:e5:48:df:9e:18:2c:84:ed:c6:f5:ca:d5:99:89:
                    f9:0a:5e:00:ea:fb:3c:b1:8d:59:42:b6:77:03:66:
                    10:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DB:39:DF:7C:A5:32:5D:60:00:B7:74:75:7D:A5:76:DC:55:ED:FD
            X509v3 Authority Key Identifier:
                keyid:2B:01:40:AD:39:41:4C:4E:AB:02:AC:55:42:2B:44:16:3E:D3:4B:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwFArTlBTE6rAqxVQitEFj7TSw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/89c3e4-b613-49ec-ae25-2e75228f9261/1/jNs533ylMl1gALd0dX2ldtxV7f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/89c3e4-b613-49ec-ae25-2e75228f9261/1/KwFArTlBTE6rAqxVQitEFj7TSw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:78:ce:2e:0c:4d:a3:44:22:84:74:61:b3:a4:2f:1e:70:86:
         c8:ff:d1:9b:49:be:c1:5d:0d:95:0b:9b:3d:42:75:1d:f9:fe:
         82:e6:6e:9b:6e:79:8a:91:37:15:4c:76:98:78:60:fd:45:60:
         d9:0e:dc:8a:c4:cc:0d:aa:4a:b4:ff:72:09:64:f7:ef:38:94:
         98:6a:1a:89:31:57:2a:54:66:0b:ae:f5:ad:e0:7c:b2:d2:de:
         25:0d:fa:09:4c:c4:12:02:24:d2:cb:b6:30:a2:59:17:3f:40:
         1a:dd:bf:27:b2:7b:fe:6a:43:c0:20:7f:ec:96:15:97:94:78:
         fc:75:9c:08:52:d6:60:69:91:93:06:97:25:ee:be:9e:c1:0e:
         58:62:6e:03:41:94:38:58:0a:ec:7e:c8:41:c6:d8:40:6d:e3:
         b0:22:71:bf:b7:8d:94:1b:04:3b:e0:81:dc:6d:9a:09:fd:22:
         da:6d:53:09:78:95:ef:ba:74:67:a8:79:d9:02:b0:3d:79:44:
         ed:bb:b8:e7:59:81:55:41:88:ab:a8:ed:2a:fb:6a:0c:14:b2:
         5b:00:69:01:39:c1:fc:9d:4e:69:f9:7b:c2:79:19:24:5e:5e:
         93:c1:c3:5a:35:88:2c:40:15:ae:50:87:1f:e6:26:1f:a8:18:
         fd:f4:8c:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHiZ/K49DiR8VmqBLpfTYCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMDE0MGFkMzk0MTRjNGVhYjAyYWM1NTQyMmI0NDE2M2Vk
MzRiMGYwHhcNMjQwOTExMTg0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RiMzlkZjdjYTUzMjVkNjAwMGI3NzQ3NTdkYTU3NmRjNTVlZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOwcHthRLNcI76oQGyhS25LoAaO6
/XL/4o/SJj9PWDFLCMuR1QAJJvti/+N2TYc2tQNhKz4olHzHZW6R8A4F/hR2xg9h
Quv7hPuIFWyxgNbi69XD0dlwoa+gFHHn81Ztzh9R3kaYI7WOzUUTsOF1hgfYdv5C
pCYr8snDnZiY6tMEWZduL/BQR/diaM7HDBaLNtAjaCwlW+rOUMwNhTCqRNI1BDij
wLtiwu94FPibVnR2bj/s1sh/nDDBMK2VCEcjWYfhUxvY1BpV6Yf60vliQXV5dR7R
FiW+1nF9bL8QNzLn5UjfnhgshO3G9crVmYn5Cl4A6vs8sY1ZQrZ3A2YQ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzbOd98pTJdYAC3dHV9pXbcVe39MB8GA1UdIwQY
MBaAFCsBQK05QUxOqwKsVUIrRBY+00sPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3dGQXJUbEJURTZyQXF4VlFpdEVGajdUU3c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OWMzZTQtYjYxMy00OWVjLWFlMjUt
MmU3NTIyOGY5MjYxLzEvak5zNTMzeWxNbDFnQUxkMGRYMmxkdHhWN2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OWMzZTQtYjYxMy00OWVjLWFlMjUtMmU3NTIyOGY5MjYx
LzEvS3dGQXJUbEJURTZyQXF4VlFpdEVGajdUU3c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW8QMA0G
CSqGSIb3DQEBCwUAA4IBAQBQeM4uDE2jRCKEdGGzpC8ecIbI/9GbSb7BXQ2VC5s9
QnUd+f6C5m6bbnmKkTcVTHaYeGD9RWDZDtyKxMwNqkq0/3IJZPfvOJSYahqJMVcq
VGYLrvWt4Hyy0t4lDfoJTMQSAiTSy7YwolkXP0Aa3b8nsnv+akPAIH/slhWXlHj8
dZwIUtZgaZGTBpcl7r6ewQ5YYm4DQZQ4WArsfshBxthAbeOwInG/t42UGwQ74IHc
bZoJ/SLabVMJeJXvunRnqHnZArA9eUTtu7jnWYFVQYirqO0q+2oMFLJbAGkBOcH8
nU5p+XvCeRkkXl6TwcNaNYgsQBWuUIcf5iYfqBj99Ixi
-----END CERTIFICATE-----