Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/jXh3_TVn4AruNSbVz9vTtys9Z2c.roa
File:                     jXh3_TVn4AruNSbVz9vTtys9Z2c.roa (raw, json)
Hash identifier:          a/i/eKOMVFcIfaQU3lXi64F50NsiHg7y9jOlmcFaDcY=
Subject key identifier:   8D:78:77:FD:35:67:E0:0A:EE:35:26:D5:CF:DB:D3:B7:2B:3D:67:67
Certificate issuer:       /CN=002c8865bc2a07e4acfeb263b4d9cf62460fd523
Certificate serial:       018CC5003C3CA65938E44BF40456363BEC65
Authority key identifier: 00:2C:88:65:BC:2A:07:E4:AC:FE:B2:63:B4:D9:CF:62:46:0F:D5:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/jXh3_TVn4AruNSbVz9vTtys9Z2c.roa
Signing time:             Mon 01 Jan 2024 12:29:36 +0000
ROA not before:           Mon 01 Jan 2024 12:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47282
IP address blocks:        185.99.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3c:3c:a6:59:38:e4:4b:f4:04:56:36:3b:ec:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002c8865bc2a07e4acfeb263b4d9cf62460fd523
        Validity
            Not Before: Jan  1 12:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d7877fd3567e00aee3526d5cfdbd3b72b3d6767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ed:62:cf:e3:f9:72:fe:89:ef:60:93:10:13:
                    ae:50:fa:64:8f:fb:c0:1f:88:eb:34:f2:87:32:41:
                    71:7c:86:74:da:09:ca:80:3f:59:1d:6a:1f:ae:56:
                    35:10:f9:76:f0:67:9c:3f:95:44:3f:64:5b:fb:e1:
                    24:c1:01:f1:89:c5:6c:48:c3:58:b1:aa:ff:7f:a2:
                    08:56:b5:76:4c:bb:7d:bd:78:dd:c3:4e:e6:f7:2d:
                    23:03:18:b4:77:8c:47:0d:4b:8e:e4:97:76:68:d6:
                    1b:7c:a9:d3:d7:15:fd:1f:5c:a8:6e:0f:f6:e9:56:
                    c7:ee:24:b4:0b:ca:ea:a9:5c:89:cf:7f:44:a9:ce:
                    2b:25:fc:ee:a5:ca:00:e9:cd:e0:ef:40:2a:06:73:
                    c0:df:c7:3b:ca:c6:4b:f5:f1:f7:67:fb:bd:63:ef:
                    7c:f9:27:a5:f3:8b:e4:10:1b:3a:3d:83:5e:e5:da:
                    a2:60:4f:b0:a5:74:85:0f:1d:f9:41:c7:dc:e5:d8:
                    52:0f:87:c0:b8:d5:7e:9c:13:9d:42:7a:cf:c3:3e:
                    95:39:2d:34:31:22:1a:28:7b:9d:d7:5a:46:52:08:
                    3d:e7:34:b6:1d:56:d2:8c:e3:c9:02:70:c2:29:49:
                    16:2d:10:2b:e7:0a:11:7c:98:ff:b0:a5:68:dc:99:
                    67:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:78:77:FD:35:67:E0:0A:EE:35:26:D5:CF:DB:D3:B7:2B:3D:67:67
            X509v3 Authority Key Identifier:
                keyid:00:2C:88:65:BC:2A:07:E4:AC:FE:B2:63:B4:D9:CF:62:46:0F:D5:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/jXh3_TVn4AruNSbVz9vTtys9Z2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:c3:27:d1:32:6e:68:d1:4d:00:50:8e:ec:63:e5:0f:c9:2b:
         42:99:cb:e2:c9:9b:ce:b9:4b:46:8f:f7:3f:dc:11:e7:3a:95:
         a7:f9:55:6a:83:12:86:b6:94:ea:9e:e2:c8:d9:a1:5f:1d:45:
         bf:b1:21:b1:ea:78:8b:3a:56:4a:1d:9b:50:03:56:a7:24:e8:
         94:db:f0:aa:d0:ad:cf:ce:00:16:38:ec:67:94:ec:b1:7c:38:
         24:46:ca:5a:d1:a6:10:81:ac:a8:77:cd:ad:8a:9c:b9:41:13:
         92:ba:18:31:7b:e8:ab:27:fa:32:47:4d:81:ad:2d:4e:ae:d3:
         5c:d6:11:b7:90:7c:8a:11:c5:5e:41:8b:4f:01:aa:8c:6a:94:
         39:84:70:db:52:13:e9:17:3f:15:c4:9e:72:a8:83:86:79:32:
         34:0f:f5:0d:56:88:39:eb:e1:71:44:a2:2f:b9:b5:49:cf:70:
         81:cd:f1:79:99:df:ce:90:b0:7c:6d:ee:e1:bf:a6:c2:f9:2e:
         bd:01:f7:0b:cc:29:68:e6:67:4a:ca:2f:8b:c8:ec:0f:c7:84:
         03:69:72:2a:e8:58:01:bb:7c:08:41:7f:92:ab:03:7e:74:3d:
         ba:9d:6d:06:5d:72:50:f5:87:f7:d3:87:f4:60:84:63:05:27:
         6c:f5:df:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADw8plk45Ev0BFY2O+xlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMmM4ODY1YmMyYTA3ZTRhY2ZlYjI2M2I0ZDljZjYyNDYw
ZmQ1MjMwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDc4NzdmZDM1NjdlMDBhZWUzNTI2ZDVjZmRiZDNiNzJiM2Q2NzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO1iz+P5cv6J72CTEBOuUPpkj/vA
H4jrNPKHMkFxfIZ02gnKgD9ZHWofrlY1EPl28GecP5VEP2Rb++EkwQHxicVsSMNY
sar/f6IIVrV2TLt9vXjdw07m9y0jAxi0d4xHDUuO5Jd2aNYbfKnT1xX9H1yobg/2
6VbH7iS0C8rqqVyJz39Eqc4rJfzupcoA6c3g70AqBnPA38c7ysZL9fH3Z/u9Y+98
+Sel84vkEBs6PYNe5dqiYE+wpXSFDx35Qcfc5dhSD4fAuNV+nBOdQnrPwz6VOS00
MSIaKHud11pGUgg95zS2HVbSjOPJAnDCKUkWLRAr5woRfJj/sKVo3JlnHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI14d/01Z+AK7jUm1c/b07crPWdnMB8GA1UdIwQY
MBaAFAAsiGW8KgfkrP6yY7TZz2JGD9UjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUN5SVpid3FCLVNzX3JKanROblBZa1lQMVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9kN2ZhZGMtMWViZi00MmRhLTliMjIt
YTYwYzIwYzhmNzE3LzEvalhoM19UVm40QXJ1TlNiVno5dlR0eXM5WjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9kN2ZhZGMtMWViZi00MmRhLTliMjItYTYwYzIwYzhmNzE3
LzEvQUN5SVpid3FCLVNzX3JKanROblBZa1lQMVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWMHMA0G
CSqGSIb3DQEBCwUAA4IBAQCAwyfRMm5o0U0AUI7sY+UPyStCmcviyZvOuUtGj/c/
3BHnOpWn+VVqgxKGtpTqnuLI2aFfHUW/sSGx6niLOlZKHZtQA1anJOiU2/Cq0K3P
zgAWOOxnlOyxfDgkRspa0aYQgayod82tipy5QROSuhgxe+irJ/oyR02BrS1OrtNc
1hG3kHyKEcVeQYtPAaqMapQ5hHDbUhPpFz8VxJ5yqIOGeTI0D/UNVog56+FxRKIv
ubVJz3CBzfF5md/OkLB8be7hv6bC+S69AfcLzClo5mdKyi+LyOwPx4QDaXIq6FgB
u3wIQX+SqwN+dD26nW0GXXJQ9Yf304f0YIRjBSds9d+H
-----END CERTIFICATE-----