Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/jeZWbJHlesOQs5t5O7qVybC9M9k.roa
File:                     jeZWbJHlesOQs5t5O7qVybC9M9k.roa (raw, json)
Hash identifier:          J94VtexBNSXOlZ98RyVjw3l9T3/7OclAoyf8AKsaW7k=
Subject key identifier:   8D:E6:56:6C:91:E5:7A:C3:90:B3:9B:79:3B:BA:95:C9:B0:BD:33:D9
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348F7B4C76C157299B5AF3C75B06787
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/jeZWbJHlesOQs5t5O7qVybC9M9k.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8991
IP address blocks:        83.212.250.0/24 maxlen: 24
                          83.212.249.0/24 maxlen: 24
                          195.251.36.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f7:b4:c7:6c:15:72:99:b5:af:3c:75:b0:67:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8de6566c91e57ac390b39b793bba95c9b0bd33d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2b:08:bf:ad:6f:91:28:d5:01:18:54:bd:91:
                    76:5f:38:50:44:bb:a5:ca:c7:da:4a:02:69:39:23:
                    79:4f:b2:2d:cb:9e:49:2c:a5:26:8a:cf:05:5c:0a:
                    2d:23:c7:b8:7b:b9:b8:c1:ca:83:7e:86:7c:15:18:
                    69:75:22:06:79:67:ad:44:2a:71:81:80:47:cb:5d:
                    19:96:7c:4a:52:f3:8a:ce:80:2c:3f:32:42:a1:db:
                    59:15:37:d5:75:a1:bc:d3:b7:1c:0e:2b:e3:cd:be:
                    a3:dc:9d:e8:46:ba:76:ac:da:3e:77:d7:34:91:b0:
                    3b:0b:86:2a:47:b3:98:76:0c:6a:81:47:2c:26:89:
                    3e:5e:74:ef:04:da:e7:c5:49:17:a9:dc:31:94:86:
                    a1:94:a7:54:2a:58:bd:91:98:e6:ee:f8:24:48:53:
                    54:60:54:9a:40:72:3f:3d:36:19:88:0a:bc:f8:69:
                    30:b0:30:bf:2b:ed:fe:6d:3d:2c:27:38:7f:a2:a5:
                    74:ab:6f:a2:50:c3:3d:52:b3:c4:cd:d3:8d:2f:32:
                    e1:0a:c4:90:5c:03:90:19:48:b4:26:90:e5:66:bc:
                    3a:89:0e:2b:7b:14:2d:80:2d:b9:3f:b3:da:26:7e:
                    54:5d:d1:93:e1:6f:f3:18:bb:cc:ee:08:e4:72:cc:
                    32:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E6:56:6C:91:E5:7A:C3:90:B3:9B:79:3B:BA:95:C9:B0:BD:33:D9
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/jeZWbJHlesOQs5t5O7qVybC9M9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.212.249.0-83.212.250.255
                  195.251.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:3a:c3:14:f7:bf:2f:1c:f9:75:6d:4e:75:82:c2:db:0b:38:
         ff:d5:04:3c:47:8f:35:b8:0f:e3:22:52:e3:47:b3:8d:9e:06:
         d3:78:6a:3f:a5:52:ab:fd:18:6b:e4:fa:b6:e4:98:af:79:d9:
         0e:d0:23:c9:10:62:db:db:19:96:d2:34:6e:0b:e3:b8:d4:a2:
         7a:52:54:5c:fb:ce:1d:be:b3:56:9a:e1:0a:2e:87:49:00:a6:
         9d:d9:92:7b:25:5a:fc:7b:99:66:80:e9:8d:7a:42:65:f2:17:
         4d:b0:83:63:72:9b:97:91:b0:36:c5:17:3f:66:79:b6:d3:61:
         01:8c:16:49:29:32:2d:c1:88:f2:82:f8:c5:89:5c:41:f8:22:
         5c:05:ce:83:51:ca:66:fc:29:b6:99:87:58:4f:fd:d0:4f:b3:
         dd:d6:05:60:4c:8d:fe:d6:ac:f3:1d:a8:2c:76:29:8a:c8:59:
         1f:cd:b5:7e:30:9a:b8:86:e7:af:ce:3f:70:37:a3:65:6d:3e:
         c2:d7:ca:92:f6:e0:11:52:32:52:02:09:6a:04:95:4d:7d:14:
         d3:a8:7c:0b:cb:84:00:57:bb:03:9b:7e:86:ee:4d:c2:d4:64:
         c1:5a:4b:a3:38:1f:7e:e5:43:6f:c8:92:58:0e:42:eb:73:6a:
         45:d4:67:f7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDSPe0x2wVcpm1rzx1sGeHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGU2NTY2YzkxZTU3YWMzOTBiMzliNzkzYmJhOTVjOWIwYmQzM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SsIv61vkSjVARhUvZF2XzhQRLul
ysfaSgJpOSN5T7Ity55JLKUmis8FXAotI8e4e7m4wcqDfoZ8FRhpdSIGeWetRCpx
gYBHy10ZlnxKUvOKzoAsPzJCodtZFTfVdaG807ccDivjzb6j3J3oRrp2rNo+d9c0
kbA7C4YqR7OYdgxqgUcsJok+XnTvBNrnxUkXqdwxlIahlKdUKli9kZjm7vgkSFNU
YFSaQHI/PTYZiAq8+GkwsDC/K+3+bT0sJzh/oqV0q2+iUMM9UrPEzdONLzLhCsSQ
XAOQGUi0JpDlZrw6iQ4rexQtgC25P7PaJn5UXdGT4W/zGLvM7gjkcswy5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFI3mVmyR5XrDkLObeTu6lcmwvTPZMB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvamVaV2JKSGxlc09RczV0NU83cVZ5YkM5TTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABT1PkD
BABT1PoDBAHD+yQwDQYJKoZIhvcNAQELBQADggEBADg6wxT3vy8c+XVtTnWCwtsL
OP/VBDxHjzW4D+MiUuNHs42eBtN4aj+lUqv9GGvk+rbkmK952Q7QI8kQYtvbGZbS
NG4L47jUonpSVFz7zh2+s1aa4Qouh0kApp3ZknslWvx7mWaA6Y16QmXyF02wg2Ny
m5eRsDbFFz9mebbTYQGMFkkpMi3BiPKC+MWJXEH4IlwFzoNRymb8KbaZh1hP/dBP
s93WBWBMjf7WrPMdqCx2KYrIWR/NtX4wmriG56/OP3A3o2VtPsLXypL24BFSMlIC
CWoElU19FNOofAvLhABXuwObfobuTcLUZMFaS6M4H37lQ2/IklgOQutzakXUZ/c=
-----END CERTIFICATE-----