Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/JSV8NLzx2W-u7zp0d28E4o-9wMA.roa
File:                     JSV8NLzx2W-u7zp0d28E4o-9wMA.roa (raw, json)
Hash identifier:          xqqSykwKuhQYGT2lNzQXpzV06yGWHtwM+WcspZiDzjc=
Subject key identifier:   25:25:7C:34:BC:F1:D9:6F:AE:EF:3A:74:77:6F:04:E2:8F:BD:C0:C0
Certificate issuer:       /CN=849d5c1ca865b04b6f2b3ccd9016e92ddad99aab
Certificate serial:       018CC9BBC41FC9522F4172A5BD7328E27065
Authority key identifier: 84:9D:5C:1C:A8:65:B0:4B:6F:2B:3C:CD:90:16:E9:2D:DA:D9:9A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/JSV8NLzx2W-u7zp0d28E4o-9wMA.roa
Signing time:             Tue 02 Jan 2024 10:32:55 +0000
ROA not before:           Tue 02 Jan 2024 10:32:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        185.110.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c4:1f:c9:52:2f:41:72:a5:bd:73:28:e2:70:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=849d5c1ca865b04b6f2b3ccd9016e92ddad99aab
        Validity
            Not Before: Jan  2 10:32:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25257c34bcf1d96faeef3a74776f04e28fbdc0c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:91:59:0a:cd:43:95:b4:df:b2:69:0a:ec:e1:
                    9c:24:91:2a:48:f6:bc:fa:fa:ca:c1:5b:7e:bc:75:
                    c4:1d:84:e7:6b:f8:75:43:a4:b3:3d:cf:f1:4a:5e:
                    85:95:d0:88:f9:69:8f:6a:63:bc:95:f8:8a:61:68:
                    de:bf:ac:73:8c:91:8c:b8:e1:95:93:04:1a:da:3d:
                    24:a9:2d:69:c0:08:39:4b:e9:ac:fe:f9:1b:64:c5:
                    d7:9a:98:30:76:62:aa:b3:32:16:ca:d4:34:7a:55:
                    05:e7:5c:b9:7a:90:2d:30:5d:e2:6c:94:ec:e7:36:
                    4f:b2:4f:38:1f:2f:89:25:3c:8a:43:6d:72:db:eb:
                    25:66:31:7e:16:db:1b:27:f8:4c:ea:e1:bb:ee:58:
                    8a:ac:6b:2d:0d:37:43:5c:f6:3f:6f:27:cf:1a:43:
                    34:7e:61:cf:87:3d:7b:4c:36:a8:e9:8d:c4:66:20:
                    a0:0b:f0:e2:96:76:d3:12:2d:f7:c3:80:43:e6:c0:
                    af:80:60:29:55:1b:d0:c0:06:ab:9a:cd:0c:4d:4d:
                    db:71:7a:6a:ac:21:d8:64:a7:6c:64:7d:cd:40:7f:
                    c3:63:e0:ac:cc:bc:21:b5:76:ca:63:2f:89:eb:1f:
                    81:f6:84:02:40:78:f3:73:4d:01:1b:cb:e4:f9:69:
                    02:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:25:7C:34:BC:F1:D9:6F:AE:EF:3A:74:77:6F:04:E2:8F:BD:C0:C0
            X509v3 Authority Key Identifier:
                keyid:84:9D:5C:1C:A8:65:B0:4B:6F:2B:3C:CD:90:16:E9:2D:DA:D9:9A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/JSV8NLzx2W-u7zp0d28E4o-9wMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:b2:9f:61:72:db:2b:9e:a1:c5:af:fc:e3:83:1f:f3:93:05:
         65:de:6b:05:38:4d:5c:66:62:13:87:21:01:ac:92:f3:ad:94:
         0c:99:35:85:7a:e9:28:7e:60:5d:8c:17:84:3c:5a:95:45:1f:
         8e:93:41:fb:f9:b7:52:bf:77:85:a5:51:68:83:83:59:67:a4:
         da:33:96:5e:f7:8d:18:b7:47:a0:84:63:4f:22:73:7b:a8:f5:
         60:55:41:04:45:64:4b:8e:e4:14:97:91:57:0c:9b:99:86:42:
         09:08:90:b3:fa:f3:2b:ef:b5:54:84:9b:68:f5:a8:12:ee:ad:
         9d:27:b4:56:4f:87:64:d0:c6:fe:a0:68:90:ac:e2:e7:03:57:
         65:4d:ae:34:cf:82:dd:7c:48:ca:dd:ca:92:14:3a:61:e4:e5:
         a0:57:8b:07:39:77:62:60:ed:ed:ff:4a:e9:6a:11:8f:56:1b:
         bc:63:cf:23:79:33:f8:d5:e9:fc:8d:b4:7e:7a:65:73:6e:0c:
         8d:55:31:a5:0f:7b:38:a8:f3:aa:48:a6:bb:37:63:05:6b:11:
         59:0d:49:3d:3d:18:1e:4c:bd:c8:b8:3f:43:be:13:98:a3:79:
         16:29:20:d2:f4:d1:6d:f5:2f:61:b6:91:2e:40:83:5b:a4:3e:
         b1:62:12:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8QfyVIvQXKlvXMo4nBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OWQ1YzFjYTg2NWIwNGI2ZjJiM2NjZDkwMTZlOTJkZGFk
OTlhYWIwHhcNMjQwMTAyMTAzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTI1N2MzNGJjZjFkOTZmYWVlZjNhNzQ3NzZmMDRlMjhmYmRjMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJFZCs1DlbTfsmkK7OGcJJEqSPa8
+vrKwVt+vHXEHYTna/h1Q6SzPc/xSl6FldCI+WmPamO8lfiKYWjev6xzjJGMuOGV
kwQa2j0kqS1pwAg5S+ms/vkbZMXXmpgwdmKqszIWytQ0elUF51y5epAtMF3ibJTs
5zZPsk84Hy+JJTyKQ21y2+slZjF+FtsbJ/hM6uG77liKrGstDTdDXPY/byfPGkM0
fmHPhz17TDao6Y3EZiCgC/DilnbTEi33w4BD5sCvgGApVRvQwAarms0MTU3bcXpq
rCHYZKdsZH3NQH/DY+CszLwhtXbKYy+J6x+B9oQCQHjzc00BG8vk+WkCVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUlfDS88dlvru86dHdvBOKPvcDAMB8GA1UdIwQY
MBaAFISdXByoZbBLbys8zZAW6S3a2ZqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEoxY0hLaGxzRXR2S3p6TmtCYnBMZHJabXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzQxOGItZWM3ZC00NmQyLTk5ZDUt
ZGRlMGQxMjczNWM2LzEvSlNWOE5MengyVy11N3pwMGQyOEU0by05d01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzQxOGItZWM3ZC00NmQyLTk5ZDUtZGRlMGQxMjczNWM2
LzEvaEoxY0hLaGxzRXR2S3p6TmtCYnBMZHJabXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW7EMA0G
CSqGSIb3DQEBCwUAA4IBAQCMsp9hctsrnqHFr/zjgx/zkwVl3msFOE1cZmIThyEB
rJLzrZQMmTWFeukofmBdjBeEPFqVRR+Ok0H7+bdSv3eFpVFog4NZZ6TaM5Ze940Y
t0eghGNPInN7qPVgVUEERWRLjuQUl5FXDJuZhkIJCJCz+vMr77VUhJto9agS7q2d
J7RWT4dk0Mb+oGiQrOLnA1dlTa40z4LdfEjK3cqSFDph5OWgV4sHOXdiYO3t/0rp
ahGPVhu8Y88jeTP41en8jbR+emVzbgyNVTGlD3s4qPOqSKa7N2MFaxFZDUk9PRge
TL3IuD9DvhOYo3kWKSDS9NFt9S9htpEuQINbpD6xYhIx
-----END CERTIFICATE-----