Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/jhZ7_mCRX57QUbnIcrSnYHZPQgg.roa
File:                     jhZ7_mCRX57QUbnIcrSnYHZPQgg.roa (raw, json)
Hash identifier:          q7wMIF+1g+NPKcxOz+H1iwr1RLtWBRLOtlY2QNZ3Occ=
Subject key identifier:   8E:16:7B:FE:60:91:5F:9E:D0:51:B9:C8:72:B4:A7:60:76:4F:42:08
Certificate issuer:       /CN=c66dc60d16dfe1649d86c1693e17858c2306387f
Certificate serial:       018CC9BC4964A23E4C4FE4C01D3C873D9E5B
Authority key identifier: C6:6D:C6:0D:16:DF:E1:64:9D:86:C1:69:3E:17:85:8C:23:06:38:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm3GDRbf4WSdhsFpPheFjCMGOH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/jhZ7_mCRX57QUbnIcrSnYHZPQgg.roa
Signing time:             Tue 02 Jan 2024 10:33:29 +0000
ROA not before:           Tue 02 Jan 2024 10:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200569
IP address blocks:        185.99.204.0/22 maxlen: 22
                          2a06:1480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/xm3GDRbf4WSdhsFpPheFjCMGOH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/xm3GDRbf4WSdhsFpPheFjCMGOH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm3GDRbf4WSdhsFpPheFjCMGOH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:49:64:a2:3e:4c:4f:e4:c0:1d:3c:87:3d:9e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66dc60d16dfe1649d86c1693e17858c2306387f
        Validity
            Not Before: Jan  2 10:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e167bfe60915f9ed051b9c872b4a760764f4208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d4:37:fd:06:3c:1c:0f:d2:e8:bd:50:ec:5a:
                    dc:55:a5:6c:8a:3a:d6:e2:b1:24:c9:10:64:b8:55:
                    a1:5a:94:c0:1d:71:70:85:bb:bc:5f:57:49:57:10:
                    ac:f2:c6:f0:07:da:6f:83:d1:c5:f2:0b:a4:18:d5:
                    8f:22:f6:e1:46:2d:61:a9:e3:9c:3d:cd:b9:91:60:
                    f6:ca:aa:dc:99:fc:39:d2:a3:c3:cc:2e:47:4c:15:
                    15:26:0e:2e:99:4d:db:2d:41:6d:fe:4a:b2:91:9f:
                    94:f9:91:a0:48:8b:a2:70:a1:65:5c:7a:75:22:2c:
                    12:ad:62:f1:bd:96:7b:9e:d3:a1:71:39:fa:e5:47:
                    cc:0e:af:ae:fc:63:3e:3f:6c:ed:6b:7e:a2:07:c5:
                    d9:bb:68:e0:d9:ac:95:c0:91:4e:8b:21:0e:c2:85:
                    ff:87:fe:33:fd:59:55:5c:da:ec:82:ed:e6:14:29:
                    2c:b7:9f:17:fa:01:6b:dd:e7:25:01:36:8d:ec:94:
                    f7:eb:f6:a1:3c:bc:f3:e1:8f:3c:4b:8a:b1:30:2e:
                    c4:5a:f1:53:74:cd:ee:1b:39:8d:e1:cc:cd:da:de:
                    5f:0b:73:1f:5c:2c:4b:cc:a0:67:aa:b8:d6:c8:fc:
                    c9:00:a7:cf:8d:cc:07:78:60:a2:62:87:61:40:97:
                    73:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:16:7B:FE:60:91:5F:9E:D0:51:B9:C8:72:B4:A7:60:76:4F:42:08
            X509v3 Authority Key Identifier:
                keyid:C6:6D:C6:0D:16:DF:E1:64:9D:86:C1:69:3E:17:85:8C:23:06:38:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm3GDRbf4WSdhsFpPheFjCMGOH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/jhZ7_mCRX57QUbnIcrSnYHZPQgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/xm3GDRbf4WSdhsFpPheFjCMGOH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.204.0/22
                IPv6:
                  2a06:1480::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:fc:d9:7e:bf:4d:86:ee:56:55:47:1a:a9:e9:8d:89:8d:8b:
         83:14:75:21:2c:7e:9c:57:cc:27:e4:cb:a0:e0:85:21:dc:e7:
         27:26:24:d0:77:3c:2d:ee:e7:b0:2a:d0:27:b1:06:fb:d4:16:
         ce:d1:14:d7:b6:96:9a:90:75:25:74:a2:96:58:4b:b1:34:29:
         df:6b:82:13:b6:17:0d:f1:db:47:d3:e6:d6:d9:85:ef:1f:c9:
         cc:64:7d:58:4b:9b:75:44:5f:33:a5:40:80:69:88:39:c6:53:
         77:c3:c6:05:cd:42:d5:2b:0b:61:8f:36:ec:2a:6d:d8:43:f0:
         eb:d5:43:65:b8:b6:7d:10:ab:bd:41:d5:6d:5e:92:07:47:7f:
         61:38:68:ad:14:d4:88:a5:3d:04:e2:14:7a:2c:7b:bb:b7:2e:
         28:6d:74:91:7d:11:0d:7f:3c:a6:58:eb:02:e9:31:cd:de:c0:
         9e:95:77:9d:c6:7d:72:87:98:d9:f6:b9:08:cc:ee:db:3d:e8:
         55:7a:e8:57:68:24:b3:10:f3:c9:26:a7:17:2e:59:dc:1b:94:
         41:c6:61:6d:a6:00:27:38:98:6f:74:f3:a4:ce:b5:06:0b:f7:
         65:0b:1e:0b:7f:a5:62:25:d7:0a:bf:5a:54:5d:f7:27:92:21:
         f3:8d:2d:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvElkoj5MT+TAHTyHPZ5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmRjNjBkMTZkZmUxNjQ5ZDg2YzE2OTNlMTc4NThjMjMw
NjM4N2YwHhcNMjQwMTAyMTAzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTE2N2JmZTYwOTE1ZjllZDA1MWI5Yzg3MmI0YTc2MDc2NGY0MjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9Q3/QY8HA/S6L1Q7FrcVaVsijrW
4rEkyRBkuFWhWpTAHXFwhbu8X1dJVxCs8sbwB9pvg9HF8gukGNWPIvbhRi1hqeOc
Pc25kWD2yqrcmfw50qPDzC5HTBUVJg4umU3bLUFt/kqykZ+U+ZGgSIuicKFlXHp1
IiwSrWLxvZZ7ntOhcTn65UfMDq+u/GM+P2zta36iB8XZu2jg2ayVwJFOiyEOwoX/
h/4z/VlVXNrsgu3mFCkst58X+gFr3eclATaN7JT36/ahPLzz4Y88S4qxMC7EWvFT
dM3uGzmN4czN2t5fC3MfXCxLzKBnqrjWyPzJAKfPjcwHeGCiYodhQJdz2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI4We/5gkV+e0FG5yHK0p2B2T0IIMB8GA1UdIwQY
MBaAFMZtxg0W3+FknYbBaT4XhYwjBjh/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0zR0RSYmY0V1NkaHNGcFBoZUZqQ01HT0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9mMGUxNjEtYTQzYy00ZDMxLWI2NWQt
ZDRmZWQ1MDg1MzkyLzEvamhaN19tQ1JYNTdRVWJuSWNyU25ZSFpQUWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9mMGUxNjEtYTQzYy00ZDMxLWI2NWQtZDRmZWQ1MDg1Mzky
LzEveG0zR0RSYmY0V1NkaHNGcFBoZUZqQ01HT0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWPMMA0E
AgACMAcDBQMqBhSAMA0GCSqGSIb3DQEBCwUAA4IBAQAn/Nl+v02G7lZVRxqp6Y2J
jYuDFHUhLH6cV8wn5Mug4IUh3OcnJiTQdzwt7uewKtAnsQb71BbO0RTXtpaakHUl
dKKWWEuxNCnfa4ITthcN8dtH0+bW2YXvH8nMZH1YS5t1RF8zpUCAaYg5xlN3w8YF
zULVKwthjzbsKm3YQ/Dr1UNluLZ9EKu9QdVtXpIHR39hOGitFNSIpT0E4hR6LHu7
ty4obXSRfRENfzymWOsC6THN3sCelXedxn1yh5jZ9rkIzO7bPehVeuhXaCSzEPPJ
JqcXLlncG5RBxmFtpgAnOJhvdPOkzrUGC/dlCx4Lf6ViJdcKv1pUXfcnkiHzjS0R
-----END CERTIFICATE-----