Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Jwg4Il_uk1pNeJbsJFm-nkPwTeM.roa
File:                     Jwg4Il_uk1pNeJbsJFm-nkPwTeM.roa (raw, json)
Hash identifier:          xUOMItZqEQ+iJoHizryoPIWE4y+WV8PzpUzxGWAAi5k=
Subject key identifier:   27:08:38:22:5F:EE:93:5A:4D:78:96:EC:24:59:BE:9E:43:F0:4D:E3
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD0B02535B391A9FEF35F77F3AD5F
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Jwg4Il_uk1pNeJbsJFm-nkPwTeM.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205759
IP address blocks:        185.207.144.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d0:b0:25:35:b3:91:a9:fe:f3:5f:77:f3:ad:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=270838225fee935a4d7896ec2459be9e43f04de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a5:fc:d5:2e:3a:3d:ac:31:99:29:ca:bd:7d:
                    61:31:2a:b5:30:aa:67:b9:3f:2c:cc:4f:67:f5:7f:
                    23:a8:90:8b:16:fb:e5:97:a4:ca:00:26:c0:10:d1:
                    62:88:21:46:11:a5:d1:64:ad:af:54:84:26:20:fa:
                    24:59:bd:db:9c:12:87:5e:59:a7:4c:73:1b:11:2b:
                    ca:ee:66:86:b7:f1:25:d2:9f:ba:e1:33:7c:c5:03:
                    79:9f:fa:d4:46:8e:cf:37:cb:c2:78:ec:a8:87:9c:
                    eb:da:4e:90:22:8e:6a:51:05:09:03:91:08:82:24:
                    37:d4:7a:55:e3:37:b7:b2:c8:fc:8a:4d:26:c7:c2:
                    43:07:f5:80:64:b1:29:68:fa:41:96:fa:fe:19:ea:
                    c9:2c:2c:18:45:12:8b:f7:2a:9e:24:6b:91:99:7a:
                    8f:07:28:1b:8d:36:fa:80:33:28:d0:7a:32:8c:7d:
                    13:0d:76:39:de:4a:8a:5d:9f:31:cc:eb:9f:cf:6f:
                    03:94:75:d4:f8:87:88:a6:5d:66:7a:77:af:82:06:
                    ea:23:20:c5:33:5e:21:45:4a:b2:b1:33:8c:7b:90:
                    30:21:e9:ec:2b:ca:73:9e:e4:74:9f:82:50:ee:ae:
                    cc:7b:bf:26:e8:ce:45:a0:71:b1:09:3c:64:6c:24:
                    7c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:08:38:22:5F:EE:93:5A:4D:78:96:EC:24:59:BE:9E:43:F0:4D:E3
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Jwg4Il_uk1pNeJbsJFm-nkPwTeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:54:ab:d5:db:0a:49:65:a8:6e:b5:c8:18:64:39:f3:53:c9:
         94:43:c9:35:d4:bd:4b:60:c0:cc:67:ea:e9:36:48:3f:70:04:
         3a:bf:f9:00:4d:81:32:cb:3b:94:5c:88:0b:56:9e:bf:18:b1:
         f5:ce:e4:75:f3:65:cb:13:3c:79:e6:22:92:8b:58:97:e8:c7:
         cf:7d:9c:65:4b:05:59:d3:1b:2e:65:19:10:72:e4:3a:d9:21:
         23:a1:cd:d6:ce:92:7e:04:16:5f:cc:22:20:28:c7:e6:13:1b:
         eb:bc:00:b8:8c:28:0b:e9:0b:0b:0a:28:59:3d:c6:9e:ac:58:
         48:ac:90:ff:c0:8c:df:80:42:5b:02:fe:b2:bb:90:b7:65:51:
         6e:f4:86:20:e8:80:d4:d2:92:d5:08:ab:93:43:25:ef:c6:47:
         10:49:0b:c7:a3:a6:e0:6c:ab:87:03:15:44:24:0a:22:58:ff:
         e5:4c:ab:1c:8b:1f:4f:42:10:4b:8f:89:fb:92:7d:07:9b:b9:
         d8:19:b9:38:2d:8f:c7:c2:33:85:b0:8a:bd:12:20:f3:a1:a8:
         4e:07:e2:e5:6a:22:ab:9a:00:ff:28:6c:cc:db:82:8a:92:79:
         54:1c:20:65:57:45:d2:76:4e:b2:2f:81:a8:93:08:c2:ba:67:
         58:e7:00:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tCwJTWzkan+8193861fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzA4MzgyMjVmZWU5MzVhNGQ3ODk2ZWMyNDU5YmU5ZTQzZjA0ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaX81S46PawxmSnKvX1hMSq1MKpn
uT8szE9n9X8jqJCLFvvll6TKACbAENFiiCFGEaXRZK2vVIQmIPokWb3bnBKHXlmn
THMbESvK7maGt/El0p+64TN8xQN5n/rURo7PN8vCeOyoh5zr2k6QIo5qUQUJA5EI
giQ31HpV4ze3ssj8ik0mx8JDB/WAZLEpaPpBlvr+GerJLCwYRRKL9yqeJGuRmXqP
BygbjTb6gDMo0HoyjH0TDXY53kqKXZ8xzOufz28DlHXU+IeIpl1menevggbqIyDF
M14hRUqysTOMe5AwIensK8pznuR0n4JQ7q7Me78m6M5FoHGxCTxkbCR8uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcIOCJf7pNaTXiW7CRZvp5D8E3jMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvSndnNElsX3VrMXBOZUpic0pGbS1ua1B3VGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVKvV2wpJZahutcgYZDnzU8mUQ8k11L1LYMDMZ+rp
Nkg/cAQ6v/kATYEyyzuUXIgLVp6/GLH1zuR182XLEzx55iKSi1iX6MfPfZxlSwVZ
0xsuZRkQcuQ62SEjoc3WzpJ+BBZfzCIgKMfmExvrvAC4jCgL6QsLCihZPcaerFhI
rJD/wIzfgEJbAv6yu5C3ZVFu9IYg6IDU0pLVCKuTQyXvxkcQSQvHo6bgbKuHAxVE
JAoiWP/lTKscix9PQhBLj4n7kn0Hm7nYGbk4LY/HwjOFsIq9EiDzoahOB+LlaiKr
mgD/KGzM24KKknlUHCBlV0XSdk6yL4GokwjCumdY5wAL
-----END CERTIFICATE-----