Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/STPjaz1_TKgGCsl-ElE-62AoIm4.roa
File:                     STPjaz1_TKgGCsl-ElE-62AoIm4.roa (raw, json)
Hash identifier:          drsFrbz7SfprXxeVoFWFYWOlwoT3h1eKFSRX5z8bfXY=
Subject key identifier:   49:33:E3:6B:3D:7F:4C:A8:06:0A:C9:7E:12:51:3E:EB:60:28:22:6E
Certificate issuer:       /CN=f6090b4db06a4d65935141bac98098127a8b8f5a
Certificate serial:       018CC4936AAA7CC306551D09D75F31656711
Authority key identifier: F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/STPjaz1_TKgGCsl-ElE-62AoIm4.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262287
IP address blocks:        185.192.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6a:aa:7c:c3:06:55:1d:09:d7:5f:31:65:67:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6090b4db06a4d65935141bac98098127a8b8f5a
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4933e36b3d7f4ca8060ac97e12513eeb6028226e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:85:8f:ba:a2:24:9a:cd:43:f4:f1:12:7f:ca:
                    74:ad:2d:b5:01:a7:ec:4b:40:a9:0d:d4:f9:67:e1:
                    06:13:2a:4b:56:cb:07:2d:13:66:ed:ef:c9:c9:20:
                    a5:d9:c2:be:9d:67:f6:4f:fd:b8:e5:26:6e:f7:5c:
                    25:f2:c8:e3:ce:24:cf:35:d1:f6:8d:89:15:1e:26:
                    46:35:05:98:13:7b:c3:88:d7:d3:64:d4:24:9f:95:
                    e5:2d:f3:24:b2:60:7c:24:a0:60:8f:51:fd:9a:91:
                    d7:31:49:25:e8:19:a8:af:36:2d:a1:3a:61:8a:4a:
                    89:58:48:4f:e8:2c:6b:c6:76:1d:92:8a:06:b2:e5:
                    02:a3:1c:9a:e5:e3:01:2b:57:44:b9:7d:e3:6c:35:
                    9e:13:51:3c:39:3b:79:40:d9:8a:ad:89:2b:82:dc:
                    88:10:04:f8:0a:11:5c:3d:02:92:bd:ec:47:7d:bb:
                    22:2d:9f:0e:71:7c:da:ba:cd:eb:0c:46:15:79:f8:
                    37:b5:36:b5:0b:bf:7f:12:67:20:51:e0:73:c9:33:
                    e1:02:f2:e0:f4:88:1a:d2:2a:ad:fb:f1:b5:95:25:
                    11:95:8c:d7:ca:03:64:46:13:f5:84:03:24:85:1c:
                    e3:45:e8:d7:87:e8:06:02:12:34:e1:de:cb:62:56:
                    fa:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:33:E3:6B:3D:7F:4C:A8:06:0A:C9:7E:12:51:3E:EB:60:28:22:6E
            X509v3 Authority Key Identifier:
                keyid:F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/STPjaz1_TKgGCsl-ElE-62AoIm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:52:ce:7b:5a:6b:0b:71:71:3f:e3:1a:cb:7a:d6:24:63:7e:
         e4:95:c9:45:84:18:bb:8d:f7:5e:ba:25:fc:1a:95:1c:18:52:
         27:7c:df:6d:9d:70:2a:7f:0b:78:d2:22:79:d5:b3:16:d1:da:
         dc:a9:d1:e9:da:64:9d:09:78:77:13:d4:be:8a:be:61:00:ae:
         6c:48:24:8a:9c:e1:1f:71:0c:45:c4:77:2d:00:ea:54:bf:f6:
         2a:2f:df:c0:a1:93:59:5d:22:dd:25:35:c3:69:48:85:63:9e:
         ec:a3:a5:d3:19:33:83:63:21:bd:3f:1f:33:b1:1d:3d:b3:53:
         b0:a3:8c:c7:52:f9:81:42:99:8a:e0:1c:54:3d:eb:e8:17:b4:
         73:bd:f3:7d:2d:7b:88:27:b8:a2:4e:c1:71:d3:5c:e0:80:23:
         b2:41:ff:e5:7c:09:fa:fa:06:68:4e:9b:b0:a3:04:9d:39:3e:
         96:dd:4b:ec:b5:ab:00:a6:08:16:65:db:56:7b:03:8a:c7:f9:
         8f:dd:33:6b:1e:dc:ca:25:42:3a:99:3d:9c:22:5d:88:dd:84:
         47:f0:ef:25:19:c4:bc:cc:de:76:11:af:77:a5:3c:3e:02:5e:
         df:b0:a1:82:86:1a:0d:dc:54:8a:ef:4c:9c:1c:0d:13:77:af:
         d2:b5:47:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2qqfMMGVR0J118xZWcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDkwYjRkYjA2YTRkNjU5MzUxNDFiYWM5ODA5ODEyN2E4
YjhmNWEwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMzZTM2YjNkN2Y0Y2E4MDYwYWM5N2UxMjUxM2VlYjYwMjgyMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIWPuqIkms1D9PESf8p0rS21Aafs
S0CpDdT5Z+EGEypLVssHLRNm7e/JySCl2cK+nWf2T/245SZu91wl8sjjziTPNdH2
jYkVHiZGNQWYE3vDiNfTZNQkn5XlLfMksmB8JKBgj1H9mpHXMUkl6BmorzYtoTph
ikqJWEhP6CxrxnYdkooGsuUCoxya5eMBK1dEuX3jbDWeE1E8OTt5QNmKrYkrgtyI
EAT4ChFcPQKSvexHfbsiLZ8OcXzaus3rDEYVefg3tTa1C79/EmcgUeBzyTPhAvLg
9Iga0iqt+/G1lSURlYzXygNkRhP1hAMkhRzjRejXh+gGAhI04d7LYlb6yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkz42s9f0yoBgrJfhJRPutgKCJuMB8GA1UdIwQY
MBaAFPYJC02wak1lk1FBusmAmBJ6i49aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAt
NGUxZGMxNTA1MjYwLzEvU1RQamF6MV9US2dHQ3NsLUVsRS02MkFvSW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAtNGUxZGMxNTA1MjYw
LzEvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucB8MA0G
CSqGSIb3DQEBCwUAA4IBAQA+Us57WmsLcXE/4xrLetYkY37klclFhBi7jfdeuiX8
GpUcGFInfN9tnXAqfwt40iJ51bMW0drcqdHp2mSdCXh3E9S+ir5hAK5sSCSKnOEf
cQxFxHctAOpUv/YqL9/AoZNZXSLdJTXDaUiFY57so6XTGTODYyG9Px8zsR09s1Ow
o4zHUvmBQpmK4BxUPevoF7RzvfN9LXuIJ7iiTsFx01zggCOyQf/lfAn6+gZoTpuw
owSdOT6W3UvstasApggWZdtWewOKx/mP3TNrHtzKJUI6mT2cIl2I3YRH8O8lGcS8
zN52Ea93pTw+Al7fsKGChhoN3FSK70ycHA0Td6/StUc1
-----END CERTIFICATE-----