Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/RJw_F-p_qU2FrPRpcV3PQ0rH5nM.roa
File:                     RJw_F-p_qU2FrPRpcV3PQ0rH5nM.roa (raw, json)
Hash identifier:          AQjiZb2C7Rg4ggtKYtZJ1MXbSkPw0EA+bOXdZ11WvoA=
Subject key identifier:   44:9C:3F:17:EA:7F:A9:4D:85:AC:F4:69:71:5D:CF:43:4A:C7:E6:73
Certificate issuer:       /CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
Certificate serial:       018FECF4F5FE57B044318D8BF5C54CCFA260
Authority key identifier: B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/RJw_F-p_qU2FrPRpcV3PQ0rH5nM.roa
Signing time:             Thu 06 Jun 2024 09:50:27 +0000
ROA not before:           Thu 06 Jun 2024 09:50:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215133
IP address blocks:        194.9.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ec:f4:f5:fe:57:b0:44:31:8d:8b:f5:c5:4c:cf:a2:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
        Validity
            Not Before: Jun  6 09:50:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=449c3f17ea7fa94d85acf469715dcf434ac7e673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:65:c9:d8:14:50:aa:21:42:8b:fd:82:b9:9f:
                    da:0c:1a:85:3c:fa:c5:ba:3d:8f:5c:0e:72:63:c9:
                    b5:dc:c9:1a:82:4e:2b:89:dc:12:c7:9f:29:ce:6a:
                    b5:42:a6:d2:1e:02:b3:51:31:43:e9:3c:17:d0:a7:
                    33:64:4a:f5:2c:80:e4:8c:3e:d9:60:21:1c:50:04:
                    fc:16:6d:a0:31:82:5d:e3:ea:bc:3b:c1:b6:d2:59:
                    dc:b4:bd:03:a0:9c:e7:cb:3a:e4:e5:b4:9d:4a:d0:
                    99:dc:0d:46:9e:7a:be:bb:c1:a4:fb:75:bd:9e:39:
                    7b:7d:81:5a:69:6a:c6:59:d5:e8:30:e0:1a:4c:1c:
                    52:ae:07:d8:3a:07:97:cb:eb:d4:b9:01:34:fe:c3:
                    e2:6c:0b:86:be:e6:41:66:62:43:2e:8b:e4:0e:cd:
                    01:c4:aa:4f:6e:82:98:55:5c:5d:6e:45:4d:d5:73:
                    33:ed:87:d1:bf:fa:e1:1a:82:0e:a9:5e:ae:04:e5:
                    2a:cf:be:30:99:be:98:35:9b:ff:c7:85:58:bf:ef:
                    78:2b:6d:1d:b5:57:ee:17:36:12:a2:e0:d2:18:39:
                    74:bc:5f:58:b8:b7:1f:ea:63:6e:fa:8c:15:da:9e:
                    f4:b8:08:ec:8e:96:57:3f:11:7e:4a:96:2a:00:96:
                    9c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9C:3F:17:EA:7F:A9:4D:85:AC:F4:69:71:5D:CF:43:4A:C7:E6:73
            X509v3 Authority Key Identifier:
                keyid:B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/RJw_F-p_qU2FrPRpcV3PQ0rH5nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:4e:e9:88:2e:f2:cd:49:b8:46:8b:80:cb:ab:5d:1c:c5:89:
         3a:a8:55:15:2c:5e:4c:bf:cd:7a:b4:f0:2d:6b:8c:21:8a:03:
         37:d2:c1:97:9f:b4:b0:1f:d5:6a:41:8a:40:02:5f:4f:7c:7f:
         9b:00:6f:a4:07:67:1c:3a:24:4e:37:62:a7:68:94:5f:ab:23:
         62:39:b1:59:a6:4f:97:86:75:7f:e6:0c:24:9c:7d:5b:48:33:
         fc:6a:76:ba:2a:3e:1d:b1:37:b5:a2:f8:96:08:22:b3:da:c8:
         9b:04:73:a7:18:99:7d:6e:30:e3:1f:87:28:d2:01:ad:f7:01:
         5c:02:ca:37:6c:c0:fa:26:26:84:e8:68:c7:8e:2c:f3:7b:a6:
         2d:96:ff:a1:e1:0e:12:34:a0:79:a5:9c:de:d9:c6:1f:15:25:
         b4:80:a3:c9:a6:73:f2:ab:1a:f2:1b:91:51:2d:69:c5:74:5f:
         df:5f:76:2d:2b:a8:5b:d6:45:7d:93:69:78:fc:48:af:b7:3b:
         52:be:ba:42:85:a6:cb:5a:24:4f:d1:09:ca:ca:bb:87:91:6f:
         b9:5e:04:c4:1b:c2:ac:2c:bf:04:ca:aa:4b:b2:68:79:fe:53:
         45:05:83:ff:94:5b:48:31:bf:1b:96:5d:4f:96:7b:2b:79:a0:
         1d:54:a0:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/s9PX+V7BEMY2L9cVMz6JgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZGViMzc2NWY1MzlmMWVjM2YwMDIxM2ZmODM0MDg1Yjdj
OGM3NmYwHhcNMjQwNjA2MDk1MDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDljM2YxN2VhN2ZhOTRkODVhY2Y0Njk3MTVkY2Y0MzRhYzdlNjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmXJ2BRQqiFCi/2CuZ/aDBqFPPrF
uj2PXA5yY8m13Mkagk4ridwSx58pzmq1QqbSHgKzUTFD6TwX0KczZEr1LIDkjD7Z
YCEcUAT8Fm2gMYJd4+q8O8G20lnctL0DoJznyzrk5bSdStCZ3A1Gnnq+u8Gk+3W9
njl7fYFaaWrGWdXoMOAaTBxSrgfYOgeXy+vUuQE0/sPibAuGvuZBZmJDLovkDs0B
xKpPboKYVVxdbkVN1XMz7YfRv/rhGoIOqV6uBOUqz74wmb6YNZv/x4VYv+94K20d
tVfuFzYSouDSGDl0vF9YuLcf6mNu+owV2p70uAjsjpZXPxF+SpYqAJacMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEScPxfqf6lNhaz0aXFdz0NKx+ZzMB8GA1UdIwQY
MBaAFLLes3ZfU58ew/ACE/+DQIW3yMdvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYt
YzZmNmUzZjI4OTU2LzEvUkp3X0YtcF9xVTJGclBScGNWM1BRMHJINW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYtYzZmNmUzZjI4OTU2
LzEvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgl3MA0G
CSqGSIb3DQEBCwUAA4IBAQC4TumILvLNSbhGi4DLq10cxYk6qFUVLF5Mv816tPAt
a4whigM30sGXn7SwH9VqQYpAAl9PfH+bAG+kB2ccOiRON2KnaJRfqyNiObFZpk+X
hnV/5gwknH1bSDP8ana6Kj4dsTe1oviWCCKz2sibBHOnGJl9bjDjH4co0gGt9wFc
Aso3bMD6JiaE6GjHjizze6Ytlv+h4Q4SNKB5pZze2cYfFSW0gKPJpnPyqxryG5FR
LWnFdF/fX3YtK6hb1kV9k2l4/EivtztSvrpChabLWiRP0QnKyruHkW+5XgTEG8Ks
LL8EyqpLsmh5/lNFBYP/lFtIMb8bll1PlnsreaAdVKA9
-----END CERTIFICATE-----