Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/cja0tXxciwnhk4KzWj-MmgibDEM.roa
File:                     cja0tXxciwnhk4KzWj-MmgibDEM.roa (raw, json)
Hash identifier:          SUFPt7sJYGMYnHRL8Ps74Z8piiSqzIQbawkJFU58ssE=
Subject key identifier:   72:36:B4:B5:7C:5C:8B:09:E1:93:82:B3:5A:3F:8C:9A:08:9B:0C:43
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFF1EF12AA2FFA71852A016A1C4E1
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/cja0tXxciwnhk4KzWj-MmgibDEM.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202409
IP address blocks:        185.1.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ff:1e:f1:2a:a2:ff:a7:18:52:a0:16:a1:c4:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7236b4b57c5c8b09e19382b35a3f8c9a089b0c43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:57:4c:be:c6:24:64:9a:cb:38:60:e4:9a:1d:
                    06:19:cc:93:2d:c1:99:0d:10:64:8a:f5:96:43:3f:
                    b3:08:16:3c:92:5a:69:7c:11:17:8d:a4:fc:ac:d2:
                    f8:e1:a4:f3:cb:79:59:3e:16:41:50:38:1b:71:fd:
                    f9:5e:41:0e:5f:09:79:07:53:cc:30:76:e1:21:b8:
                    a4:92:82:f8:f3:d6:aa:17:34:67:34:fc:f0:e8:41:
                    ad:04:59:28:36:9c:8a:31:d6:f0:5b:eb:4b:9b:9b:
                    99:0f:6e:81:c2:ef:5e:7b:94:b4:65:04:c7:e2:a7:
                    29:b3:36:b0:5f:0c:2e:71:8a:33:29:c7:2e:09:c2:
                    70:47:bb:ef:67:46:af:0e:24:e5:0b:5b:2e:7d:00:
                    d1:b7:e0:4c:c7:9e:09:f5:de:79:a6:f1:cc:a5:1c:
                    32:88:c9:78:c3:02:c2:31:d0:d5:56:79:95:a6:b1:
                    95:29:1f:d7:dd:34:77:5f:38:6b:62:f7:e2:bb:4d:
                    db:74:02:ff:36:92:20:20:fd:6b:c1:6a:10:a9:6b:
                    cf:f2:16:96:8c:56:f1:d7:6f:e4:8a:e7:ea:c0:84:
                    b8:32:28:af:ef:b6:6b:85:12:32:6f:ce:ef:33:1d:
                    c4:88:48:cf:82:ce:be:6e:aa:e2:27:c5:fc:17:a3:
                    d4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:36:B4:B5:7C:5C:8B:09:E1:93:82:B3:5A:3F:8C:9A:08:9B:0C:43
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/cja0tXxciwnhk4KzWj-MmgibDEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:fb:2f:8a:fa:47:6f:f2:3f:48:50:cd:5a:66:73:bd:20:e0:
         21:4e:77:81:d3:8f:e8:fe:57:eb:3b:0e:00:be:12:bf:dc:ca:
         24:ae:72:a9:d1:05:07:a8:b7:3a:c3:60:2f:a5:c3:d6:25:8e:
         d8:a4:5c:8a:a7:0b:91:82:2d:35:ed:4b:75:1e:03:65:6b:c1:
         a4:15:0a:ca:9e:52:ac:07:17:86:50:b7:35:b3:02:f3:04:15:
         c3:0c:1b:32:c5:b5:ed:24:fa:3e:b6:5e:60:82:7b:4f:9e:ce:
         69:74:47:fb:3e:2a:c6:cf:94:e4:03:1d:c2:e7:11:66:5d:9a:
         98:06:ec:8b:6f:3c:a0:7a:ff:4a:b7:3d:77:75:82:56:eb:2c:
         4c:2b:51:54:f7:4d:e1:40:7b:7c:51:84:cf:12:b1:4e:99:9d:
         f0:f3:03:ad:5e:ef:5a:77:14:bf:9a:47:53:e4:b5:34:b1:9e:
         c3:0f:8f:37:96:0f:ad:8b:a3:d0:39:e6:46:82:c6:7d:a2:c4:
         16:86:7d:01:48:96:91:dd:4c:92:ac:29:c8:30:a0:65:17:cd:
         5a:ae:0a:22:8a:98:92:7f:d8:10:07:07:7c:47:02:ef:25:79:
         58:4f:c7:f8:30:18:51:7d:df:57:23:38:16:d1:98:f4:ce:d2:
         db:7c:84:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2v8e8Sqi/6cYUqAWocThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjM2YjRiNTdjNWM4YjA5ZTE5MzgyYjM1YTNmOGM5YTA4OWIwYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVdMvsYkZJrLOGDkmh0GGcyTLcGZ
DRBkivWWQz+zCBY8klppfBEXjaT8rNL44aTzy3lZPhZBUDgbcf35XkEOXwl5B1PM
MHbhIbikkoL489aqFzRnNPzw6EGtBFkoNpyKMdbwW+tLm5uZD26Bwu9ee5S0ZQTH
4qcpszawXwwucYozKccuCcJwR7vvZ0avDiTlC1sufQDRt+BMx54J9d55pvHMpRwy
iMl4wwLCMdDVVnmVprGVKR/X3TR3XzhrYvfiu03bdAL/NpIgIP1rwWoQqWvP8haW
jFbx12/kiufqwIS4Miiv77ZrhRIyb87vMx3EiEjPgs6+bqriJ8X8F6PUBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHI2tLV8XIsJ4ZOCs1o/jJoImwxDMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvY2phMHRYeGNpd25oazRLeldqLU1tZ2liREVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQGbMA0G
CSqGSIb3DQEBCwUAA4IBAQDA+y+K+kdv8j9IUM1aZnO9IOAhTneB04/o/lfrOw4A
vhK/3MokrnKp0QUHqLc6w2AvpcPWJY7YpFyKpwuRgi017Ut1HgNla8GkFQrKnlKs
BxeGULc1swLzBBXDDBsyxbXtJPo+tl5ggntPns5pdEf7PirGz5TkAx3C5xFmXZqY
BuyLbzygev9Ktz13dYJW6yxMK1FU903hQHt8UYTPErFOmZ3w8wOtXu9adxS/mkdT
5LU0sZ7DD483lg+ti6PQOeZGgsZ9osQWhn0BSJaR3UySrCnIMKBlF81argoiipiS
f9gQBwd8RwLvJXlYT8f4MBhRfd9XIzgW0Zj0ztLbfIQ0
-----END CERTIFICATE-----