Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/2860c9-ab5f-4440-8312-9fb8e2545d73/1/8ozFi_ngNbBcUsrtfLaskZw55DU.roa
File:                     8ozFi_ngNbBcUsrtfLaskZw55DU.roa (raw, json)
Hash identifier:          AcAjY9LI2YBaM/nw3G75BQBg77tPW6Kud5OMlTLeXcI=
Subject key identifier:   F2:8C:C5:8B:F9:E0:35:B0:5C:52:CA:ED:7C:B6:AC:91:9C:39:E4:35
Certificate issuer:       /CN=ce8e9be248c741ba6a26ac8cfe2c2bb7c2d7a3b1
Certificate serial:       018CC726CD41F58E48394F9F9C06FB57698D
Authority key identifier: CE:8E:9B:E2:48:C7:41:BA:6A:26:AC:8C:FE:2C:2B:B7:C2:D7:A3:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zo6b4kjHQbpqJqyM_iwrt8LXo7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/2860c9-ab5f-4440-8312-9fb8e2545d73/1/8ozFi_ngNbBcUsrtfLaskZw55DU.roa
Signing time:             Mon 01 Jan 2024 22:30:57 +0000
ROA not before:           Mon 01 Jan 2024 22:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21060
IP address blocks:        185.126.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/2860c9-ab5f-4440-8312-9fb8e2545d73/1/zo6b4kjHQbpqJqyM_iwrt8LXo7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/2860c9-ab5f-4440-8312-9fb8e2545d73/1/zo6b4kjHQbpqJqyM_iwrt8LXo7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zo6b4kjHQbpqJqyM_iwrt8LXo7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:cd:41:f5:8e:48:39:4f:9f:9c:06:fb:57:69:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce8e9be248c741ba6a26ac8cfe2c2bb7c2d7a3b1
        Validity
            Not Before: Jan  1 22:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f28cc58bf9e035b05c52caed7cb6ac919c39e435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:88:4f:95:aa:de:31:c6:b5:99:12:d5:60:c4:
                    dc:28:47:8b:e0:7e:00:20:65:4d:29:6c:73:33:a2:
                    98:f3:d1:8c:fb:64:62:1c:18:4f:fd:02:0e:ba:f7:
                    7a:a5:2d:ae:be:e6:08:3a:4d:00:66:1f:ad:44:20:
                    d7:84:9f:04:d8:92:b3:b0:bf:d1:6e:cc:ef:7b:47:
                    1e:c8:5f:b7:84:7e:5f:ba:44:28:c1:3f:08:b7:5c:
                    ff:48:57:9f:df:30:d3:b9:63:b7:60:e8:4c:01:d5:
                    f3:b3:69:ea:4e:84:a7:20:76:21:8d:de:ba:62:f7:
                    3b:92:0b:48:d8:f6:60:a8:78:c4:03:02:16:17:0c:
                    68:e6:61:0f:93:12:5e:65:5f:28:28:be:bf:21:79:
                    bb:2f:6e:59:cc:ec:67:cc:23:8d:f0:0c:c7:a0:47:
                    64:8c:a8:9b:4f:47:24:14:5c:2f:2f:b3:fa:3c:b3:
                    a5:6a:9f:64:e5:97:e5:4a:a5:b2:b6:d4:ae:b0:23:
                    8a:cf:29:03:95:7e:ef:88:a4:e7:75:ee:95:01:80:
                    1f:5c:dc:f8:85:ed:2e:3f:59:a2:1f:44:6e:81:bd:
                    4b:57:d8:72:e9:6b:df:26:6a:8e:fd:fc:3c:82:2a:
                    f7:53:95:6f:c4:4a:6c:69:a7:bd:88:71:1e:37:b3:
                    c7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:8C:C5:8B:F9:E0:35:B0:5C:52:CA:ED:7C:B6:AC:91:9C:39:E4:35
            X509v3 Authority Key Identifier:
                keyid:CE:8E:9B:E2:48:C7:41:BA:6A:26:AC:8C:FE:2C:2B:B7:C2:D7:A3:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zo6b4kjHQbpqJqyM_iwrt8LXo7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2860c9-ab5f-4440-8312-9fb8e2545d73/1/8ozFi_ngNbBcUsrtfLaskZw55DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2860c9-ab5f-4440-8312-9fb8e2545d73/1/zo6b4kjHQbpqJqyM_iwrt8LXo7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:92:1a:22:fd:74:5f:85:2f:33:78:17:bd:c8:99:9d:e8:66:
         f8:f7:18:5d:4f:b4:4c:e0:44:56:d6:21:c1:d4:08:d1:67:24:
         1e:35:e4:40:b8:50:fc:29:f7:eb:e3:3c:cb:34:ff:67:55:89:
         2a:2f:06:a4:d4:d9:a4:1c:20:46:6a:9d:ab:00:68:a1:f9:da:
         6b:33:9c:02:38:ee:76:ff:95:45:86:ea:11:b7:5a:68:c5:53:
         1b:73:89:00:29:cc:45:b8:46:26:1d:39:56:0f:3a:eb:de:6c:
         0c:23:d3:6b:0b:fd:cd:8e:2a:4a:93:fa:c0:a5:29:58:ad:57:
         da:88:84:11:64:59:22:38:db:f0:77:be:57:46:25:ca:8b:c6:
         ff:9f:1e:cb:d0:38:e6:48:76:cd:80:9f:ff:ab:d4:7a:35:86:
         93:5f:39:4c:66:e9:27:ac:a0:c1:75:66:60:3c:3a:84:c8:e4:
         6f:ee:8e:66:cb:b5:01:97:c6:ba:1d:f6:8f:78:f2:92:6c:9f:
         a2:b4:67:40:6e:c8:95:21:90:d2:18:a5:56:38:ec:af:8e:56:
         0b:3a:0a:15:3b:20:fa:3a:32:64:2c:8c:29:89:35:08:9f:01:
         ab:23:25:35:72:62:4b:84:8b:63:04:b5:6a:16:c6:25:a1:7b:
         39:65:fd:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJs1B9Y5IOU+fnAb7V2mNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOGU5YmUyNDhjNzQxYmE2YTI2YWM4Y2ZlMmMyYmI3YzJk
N2EzYjEwHhcNMjQwMTAxMjIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjhjYzU4YmY5ZTAzNWIwNWM1MmNhZWQ3Y2I2YWM5MTljMzllNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4hPlareMca1mRLVYMTcKEeL4H4A
IGVNKWxzM6KY89GM+2RiHBhP/QIOuvd6pS2uvuYIOk0AZh+tRCDXhJ8E2JKzsL/R
bszve0ceyF+3hH5fukQowT8It1z/SFef3zDTuWO3YOhMAdXzs2nqToSnIHYhjd66
Yvc7kgtI2PZgqHjEAwIWFwxo5mEPkxJeZV8oKL6/IXm7L25ZzOxnzCON8AzHoEdk
jKibT0ckFFwvL7P6PLOlap9k5ZflSqWyttSusCOKzykDlX7viKTnde6VAYAfXNz4
he0uP1miH0Rugb1LV9hy6WvfJmqO/fw8gir3U5VvxEpsaae9iHEeN7PHSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKMxYv54DWwXFLK7Xy2rJGcOeQ1MB8GA1UdIwQY
MBaAFM6Om+JIx0G6aiasjP4sK7fC16OxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem82YjRrakhRYnBxSnF5TV9pd3J0OExYbzdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8yODYwYzktYWI1Zi00NDQwLTgzMTIt
OWZiOGUyNTQ1ZDczLzEvOG96RmlfbmdOYkJjVXNydGZMYXNrWnc1NURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8yODYwYzktYWI1Zi00NDQwLTgzMTItOWZiOGUyNTQ1ZDcz
LzEvem82YjRrakhRYnBxSnF5TV9pd3J0OExYbzdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX40MA0G
CSqGSIb3DQEBCwUAA4IBAQAokhoi/XRfhS8zeBe9yJmd6Gb49xhdT7RM4ERW1iHB
1AjRZyQeNeRAuFD8Kffr4zzLNP9nVYkqLwak1NmkHCBGap2rAGih+dprM5wCOO52
/5VFhuoRt1poxVMbc4kAKcxFuEYmHTlWDzrr3mwMI9NrC/3NjipKk/rApSlYrVfa
iIQRZFkiONvwd75XRiXKi8b/nx7L0DjmSHbNgJ//q9R6NYaTXzlMZuknrKDBdWZg
PDqEyORv7o5my7UBl8a6HfaPePKSbJ+itGdAbsiVIZDSGKVWOOyvjlYLOgoVOyD6
OjJkLIwpiTUInwGrIyU1cmJLhItjBLVqFsYloXs5Zf0y
-----END CERTIFICATE-----