Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/08a7ff-2cef-4248-9fe8-04c8f3eeceeb/1/jQkZs7KR6bxLC-kzelWjcyc4jAs.roa
File:                     jQkZs7KR6bxLC-kzelWjcyc4jAs.roa (raw, json)
Hash identifier:          BoQ5ImY5tkId+/mlZoZd4GbHQ3g/GKOIBUMsSm4T2eY=
Subject key identifier:   8D:09:19:B3:B2:91:E9:BC:4B:0B:E9:33:7A:55:A3:73:27:38:8C:0B
Certificate issuer:       /CN=571456649692e60566de008e126bbdd1d2ebed45
Certificate serial:       018CC86F64B8891796FAB50650C1C2115FBD
Authority key identifier: 57:14:56:64:96:92:E6:05:66:DE:00:8E:12:6B:BD:D1:D2:EB:ED:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxRWZJaS5gVm3gCOEmu90dLr7UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/08a7ff-2cef-4248-9fe8-04c8f3eeceeb/1/jQkZs7KR6bxLC-kzelWjcyc4jAs.roa
Signing time:             Tue 02 Jan 2024 04:29:52 +0000
ROA not before:           Tue 02 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59853
IP address blocks:        185.68.228.0/23 maxlen: 23
                          185.68.230.0/23 maxlen: 23
                          178.216.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/08a7ff-2cef-4248-9fe8-04c8f3eeceeb/1/VxRWZJaS5gVm3gCOEmu90dLr7UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/08a7ff-2cef-4248-9fe8-04c8f3eeceeb/1/VxRWZJaS5gVm3gCOEmu90dLr7UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxRWZJaS5gVm3gCOEmu90dLr7UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:64:b8:89:17:96:fa:b5:06:50:c1:c2:11:5f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571456649692e60566de008e126bbdd1d2ebed45
        Validity
            Not Before: Jan  2 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d0919b3b291e9bc4b0be9337a55a37327388c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fa:c0:86:b9:bc:62:40:88:c2:24:b8:15:cb:
                    75:1b:03:dc:16:7d:f5:4f:eb:2d:94:50:ea:a9:1c:
                    ce:aa:82:9d:f4:22:38:6a:dd:8b:dc:91:f3:e4:3d:
                    d8:48:d6:3b:8d:1f:a5:fc:6a:50:69:32:28:fc:85:
                    d5:5b:07:6b:8c:3e:85:07:0e:e5:4c:6f:7e:c8:00:
                    8d:1c:0f:e9:6c:cd:66:7a:1b:52:1a:06:aa:f1:a2:
                    f1:aa:2e:2a:f4:ae:cb:84:44:39:80:48:f6:e3:32:
                    b7:f9:b7:6a:80:87:28:8b:2a:a1:c7:2a:64:c5:e8:
                    28:33:51:2d:26:af:19:0e:37:f3:23:5e:ca:e1:49:
                    f4:27:55:53:9c:b0:d6:0d:80:8f:fe:b3:f2:7b:1a:
                    2f:60:96:88:b0:22:aa:6d:77:26:a2:66:23:99:20:
                    6d:e4:15:7a:2a:2f:c4:6c:16:1c:21:37:2d:d3:4e:
                    21:2e:91:86:1b:d1:8a:2d:09:2b:71:96:f0:55:95:
                    96:ec:a2:8e:56:1d:05:e5:50:a1:c8:b0:3f:1d:cd:
                    d7:f4:40:8c:08:3a:cb:5a:22:43:a2:99:3d:a2:d5:
                    d8:47:72:58:ef:90:74:23:32:b6:61:e7:d5:17:18:
                    b2:eb:a8:d9:b7:85:9d:b8:e2:4a:2d:4d:c5:cb:c6:
                    6d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:09:19:B3:B2:91:E9:BC:4B:0B:E9:33:7A:55:A3:73:27:38:8C:0B
            X509v3 Authority Key Identifier:
                keyid:57:14:56:64:96:92:E6:05:66:DE:00:8E:12:6B:BD:D1:D2:EB:ED:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxRWZJaS5gVm3gCOEmu90dLr7UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/08a7ff-2cef-4248-9fe8-04c8f3eeceeb/1/jQkZs7KR6bxLC-kzelWjcyc4jAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/08a7ff-2cef-4248-9fe8-04c8f3eeceeb/1/VxRWZJaS5gVm3gCOEmu90dLr7UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.216.246.0/24
                  185.68.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:58:77:62:a4:62:ee:99:b8:77:a9:14:30:f6:c9:ad:ee:d8:
         32:5f:65:0e:58:75:a5:97:d7:03:70:bf:72:a3:ac:f8:30:a7:
         b4:1f:ba:e4:08:e3:42:8f:01:f0:9d:39:2e:8d:7e:00:97:ff:
         e6:4f:e2:8b:db:bc:54:d2:17:2e:f0:c6:cb:eb:d8:c0:ac:e0:
         a1:8b:09:8b:4e:4d:16:84:96:89:cd:04:76:05:3b:ef:eb:57:
         62:fc:69:2a:b7:96:0f:96:b0:88:52:e9:d2:3e:14:8b:09:c2:
         f8:f6:c4:c6:67:23:c8:78:81:65:4d:ba:74:f6:4b:db:93:40:
         29:ab:ac:c6:10:dd:80:53:a8:79:ed:71:a6:dd:67:77:d2:c6:
         78:71:b8:96:bd:f5:ee:cb:20:0f:57:05:e5:e0:a0:22:78:79:
         b7:4b:03:67:f7:8c:80:2a:15:d7:13:22:06:03:e6:88:90:ad:
         68:2f:d7:4e:2a:3f:47:42:eb:ef:e5:11:7a:ed:b0:09:b2:55:
         bc:88:5a:34:9f:c6:9d:3c:c7:0f:90:5a:40:d0:a8:55:fe:25:
         8a:90:db:c0:c1:17:fc:a8:ce:4e:28:96:b2:c3:57:8a:ae:63:
         a0:7a:4f:54:29:51:ee:36:03:49:a1:4f:99:27:13:7b:71:57:
         6f:dd:bc:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb2S4iReW+rUGUMHCEV+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTQ1NjY0OTY5MmU2MDU2NmRlMDA4ZTEyNmJiZGQxZDJl
YmVkNDUwHhcNMjQwMTAyMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA5MTliM2IyOTFlOWJjNGIwYmU5MzM3YTU1YTM3MzI3Mzg4YzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPrAhrm8YkCIwiS4Fct1GwPcFn31
T+stlFDqqRzOqoKd9CI4at2L3JHz5D3YSNY7jR+l/GpQaTIo/IXVWwdrjD6FBw7l
TG9+yACNHA/pbM1mehtSGgaq8aLxqi4q9K7LhEQ5gEj24zK3+bdqgIcoiyqhxypk
xegoM1EtJq8ZDjfzI17K4Un0J1VTnLDWDYCP/rPyexovYJaIsCKqbXcmomYjmSBt
5BV6Ki/EbBYcITct004hLpGGG9GKLQkrcZbwVZWW7KKOVh0F5VChyLA/Hc3X9ECM
CDrLWiJDopk9otXYR3JY75B0IzK2YefVFxiy66jZt4WduOJKLU3Fy8ZtYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI0JGbOykem8SwvpM3pVo3MnOIwLMB8GA1UdIwQY
MBaAFFcUVmSWkuYFZt4AjhJrvdHS6+1FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhSV1pKYVM1Z1ZtM2dDT0VtdTkwZExyN1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wOGE3ZmYtMmNlZi00MjQ4LTlmZTgt
MDRjOGYzZWVjZWViLzEvalFrWnM3S1I2YnhMQy1remVsV2pjeWM0akFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wOGE3ZmYtMmNlZi00MjQ4LTlmZTgtMDRjOGYzZWVjZWVi
LzEvVnhSV1pKYVM1Z1ZtM2dDT0VtdTkwZExyN1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAstj2AwQC
uUTkMA0GCSqGSIb3DQEBCwUAA4IBAQCRWHdipGLumbh3qRQw9smt7tgyX2UOWHWl
l9cDcL9yo6z4MKe0H7rkCONCjwHwnTkujX4Al//mT+KL27xU0hcu8MbL69jArOCh
iwmLTk0WhJaJzQR2BTvv61di/Gkqt5YPlrCIUunSPhSLCcL49sTGZyPIeIFlTbp0
9kvbk0Apq6zGEN2AU6h57XGm3Wd30sZ4cbiWvfXuyyAPVwXl4KAieHm3SwNn94yA
KhXXEyIGA+aIkK1oL9dOKj9HQuvv5RF67bAJslW8iFo0n8adPMcPkFpA0KhV/iWK
kNvAwRf8qM5OKJayw1eKrmOgek9UKVHuNgNJoU+ZJxN7cVdv3bzL
-----END CERTIFICATE-----