Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/5645cb-f0ba-44fc-ba93-7369f2ca5b3b/1/jFu7plISJ6kq64ftCm2AfeQUqkE.roa
File:                     jFu7plISJ6kq64ftCm2AfeQUqkE.roa (raw, json)
Hash identifier:          nrHJDzVES4WqS+e4Hy6MKGe04BqgGDM4gsu1hlvclNM=
Subject key identifier:   8C:5B:BB:A6:52:12:27:A9:2A:EB:87:ED:0A:6D:80:7D:E4:14:AA:41
Certificate issuer:       /CN=3fdf08459119969d4b9c17f5a85e92732c5517d1
Certificate serial:       018CC56EDA579252F613E88E818CBE1E17A3
Authority key identifier: 3F:DF:08:45:91:19:96:9D:4B:9C:17:F5:A8:5E:92:73:2C:55:17:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P98IRZEZlp1LnBf1qF6ScyxVF9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/5645cb-f0ba-44fc-ba93-7369f2ca5b3b/1/jFu7plISJ6kq64ftCm2AfeQUqkE.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207143
IP address blocks:        185.178.192.0/22 maxlen: 22
                          185.178.192.0/24 maxlen: 24
                          185.178.193.0/24 maxlen: 24
                          185.178.195.0/24 maxlen: 24
                          185.178.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/5645cb-f0ba-44fc-ba93-7369f2ca5b3b/1/P98IRZEZlp1LnBf1qF6ScyxVF9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/5645cb-f0ba-44fc-ba93-7369f2ca5b3b/1/P98IRZEZlp1LnBf1qF6ScyxVF9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P98IRZEZlp1LnBf1qF6ScyxVF9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:da:57:92:52:f6:13:e8:8e:81:8c:be:1e:17:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fdf08459119969d4b9c17f5a85e92732c5517d1
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c5bbba6521227a92aeb87ed0a6d807de414aa41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a6:83:99:0b:41:1a:59:73:c4:47:56:e6:21:
                    d9:c4:d5:74:4e:46:2a:f3:73:ae:64:94:e5:4e:6c:
                    92:01:2d:8a:4a:fe:71:8d:b1:92:ce:b1:c1:b7:0d:
                    fd:52:66:b4:83:e6:3c:a9:43:d6:f3:72:a1:1f:49:
                    fa:a8:f4:38:5c:27:e4:ce:a2:70:e9:54:25:1f:78:
                    9c:6e:9e:26:65:ab:d7:d9:91:d1:2e:c9:94:8a:7f:
                    11:1a:3b:60:d5:5a:01:05:9d:5d:54:20:f3:cf:f9:
                    16:7c:69:ed:ea:23:8b:39:39:0b:1d:f5:03:b9:8f:
                    97:81:59:cf:4e:04:84:91:5b:60:37:b7:34:32:6f:
                    a0:88:93:50:cc:f4:37:46:b8:f6:60:20:fa:ac:03:
                    1c:f3:a0:b8:0f:2f:52:ac:c5:66:c2:7d:67:34:46:
                    48:9b:df:b8:f2:e3:9c:e1:d5:d4:ad:6d:4e:f8:3e:
                    f9:91:b6:5f:c7:43:f1:cc:5b:2d:2d:8b:34:f9:20:
                    44:84:bf:05:6e:a5:5f:12:f6:66:ba:77:de:a1:8b:
                    d7:91:82:29:ba:35:ba:7f:ed:3b:37:1f:6a:2e:96:
                    87:bf:51:c3:46:e3:85:3c:1c:81:1a:f3:7b:d5:8a:
                    ce:57:79:e8:ea:dd:98:5e:ef:4b:f0:a5:99:a3:65:
                    88:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:5B:BB:A6:52:12:27:A9:2A:EB:87:ED:0A:6D:80:7D:E4:14:AA:41
            X509v3 Authority Key Identifier:
                keyid:3F:DF:08:45:91:19:96:9D:4B:9C:17:F5:A8:5E:92:73:2C:55:17:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P98IRZEZlp1LnBf1qF6ScyxVF9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5645cb-f0ba-44fc-ba93-7369f2ca5b3b/1/jFu7plISJ6kq64ftCm2AfeQUqkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5645cb-f0ba-44fc-ba93-7369f2ca5b3b/1/P98IRZEZlp1LnBf1qF6ScyxVF9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:6a:3b:df:73:c1:7b:06:ff:3e:e4:db:4b:36:67:0d:0c:66:
         f9:4e:0f:e9:f2:19:01:ef:ca:72:30:49:84:95:66:8b:5d:b5:
         51:dc:86:e1:da:87:bc:a2:d7:c6:fa:ae:6a:f3:ba:c9:df:96:
         c3:5e:13:76:47:ea:dd:39:88:6b:aa:45:87:6c:33:7c:17:db:
         99:c6:e0:57:c8:3a:96:a7:cf:c9:1e:be:f5:b3:63:c1:8e:6c:
         78:31:24:c7:89:4a:da:92:46:39:27:93:8c:27:b2:4d:c9:06:
         49:0f:9c:bf:77:69:7d:22:85:fa:d8:f2:61:08:15:40:15:f8:
         b9:72:6f:92:97:2c:10:df:44:b7:4d:27:49:d1:0d:f7:a3:71:
         da:0d:cf:dd:4c:7b:1c:d2:a2:68:0d:62:06:c1:9a:35:82:3f:
         7e:b2:67:bd:91:07:f7:8e:36:f3:f5:28:84:d6:e4:f0:15:31:
         16:90:94:93:33:30:ed:36:d4:db:4e:cd:99:d9:f9:06:b3:8e:
         c5:65:60:a9:4c:29:1d:d0:8f:b9:b8:1b:68:64:78:f5:04:01:
         69:74:c9:72:10:07:53:8d:1f:35:3c:8c:ff:67:11:3e:9f:59:
         6b:bb:c4:47:20:b3:32:01:de:da:57:0d:cf:20:13:cb:26:d0:
         da:25:1e:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtpXklL2E+iOgYy+HhejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZGYwODQ1OTExOTk2OWQ0YjljMTdmNWE4NWU5MjczMmM1
NTE3ZDEwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzViYmJhNjUyMTIyN2E5MmFlYjg3ZWQwYTZkODA3ZGU0MTRhYTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6aDmQtBGllzxEdW5iHZxNV0TkYq
83OuZJTlTmySAS2KSv5xjbGSzrHBtw39Uma0g+Y8qUPW83KhH0n6qPQ4XCfkzqJw
6VQlH3icbp4mZavX2ZHRLsmUin8RGjtg1VoBBZ1dVCDzz/kWfGnt6iOLOTkLHfUD
uY+XgVnPTgSEkVtgN7c0Mm+giJNQzPQ3Rrj2YCD6rAMc86C4Dy9SrMVmwn1nNEZI
m9+48uOc4dXUrW1O+D75kbZfx0PxzFstLYs0+SBEhL8FbqVfEvZmunfeoYvXkYIp
ujW6f+07Nx9qLpaHv1HDRuOFPByBGvN71YrOV3no6t2YXu9L8KWZo2WI1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxbu6ZSEiepKuuH7QptgH3kFKpBMB8GA1UdIwQY
MBaAFD/fCEWRGZadS5wX9aheknMsVRfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDk4SVJaRVpscDFMbkJmMXFGNlNjeXhWRjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81NjQ1Y2ItZjBiYS00NGZjLWJhOTMt
NzM2OWYyY2E1YjNiLzEvakZ1N3BsSVNKNmtxNjRmdENtMkFmZVFVcWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81NjQ1Y2ItZjBiYS00NGZjLWJhOTMtNzM2OWYyY2E1YjNi
LzEvUDk4SVJaRVpscDFMbkJmMXFGNlNjeXhWRjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubLAMA0G
CSqGSIb3DQEBCwUAA4IBAQA6ajvfc8F7Bv8+5NtLNmcNDGb5Tg/p8hkB78pyMEmE
lWaLXbVR3Ibh2oe8otfG+q5q87rJ35bDXhN2R+rdOYhrqkWHbDN8F9uZxuBXyDqW
p8/JHr71s2PBjmx4MSTHiUrakkY5J5OMJ7JNyQZJD5y/d2l9IoX62PJhCBVAFfi5
cm+SlywQ30S3TSdJ0Q33o3HaDc/dTHsc0qJoDWIGwZo1gj9+sme9kQf3jjbz9SiE
1uTwFTEWkJSTMzDtNtTbTs2Z2fkGs47FZWCpTCkd0I+5uBtoZHj1BAFpdMlyEAdT
jR81PIz/ZxE+n1lru8RHILMyAd7aVw3PIBPLJtDaJR69
-----END CERTIFICATE-----