Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/Juuq6NFlR_u0wegQ1mbet9E7950.roa
File:                     Juuq6NFlR_u0wegQ1mbet9E7950.roa (raw, json)
Hash identifier:          9BeXrWuMt1rSgHFDH8nilGY1NiIKTCNucFevlOidHs0=
Subject key identifier:   26:EB:AA:E8:D1:65:47:FB:B4:C1:E8:10:D6:66:DE:B7:D1:3B:F7:9D
Certificate issuer:       /CN=c1b050211219d18e996e086cb7f6309178804860
Certificate serial:       018CC6B8B43B7E36B89ABCCFB65D0B3D6A55
Authority key identifier: C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/Juuq6NFlR_u0wegQ1mbet9E7950.roa
Signing time:             Mon 01 Jan 2024 20:30:42 +0000
ROA not before:           Mon 01 Jan 2024 20:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60398
IP address blocks:        212.40.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b4:3b:7e:36:b8:9a:bc:cf:b6:5d:0b:3d:6a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1b050211219d18e996e086cb7f6309178804860
        Validity
            Not Before: Jan  1 20:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26ebaae8d16547fbb4c1e810d666deb7d13bf79d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:4e:a7:f6:88:57:ef:dd:77:2a:77:ec:7e:
                    97:1a:9d:08:10:0b:d4:bd:49:e1:7f:37:16:ce:b9:
                    6c:67:38:c2:5e:36:d2:6d:8d:a3:ef:00:61:40:ea:
                    8c:81:02:1b:86:7a:7c:69:8e:b4:89:06:61:75:74:
                    ab:9b:1c:06:4d:8c:38:9c:47:a4:29:f4:c5:45:ca:
                    1b:f3:bd:e3:41:99:dc:c6:e8:ec:e9:54:70:69:1b:
                    39:ca:b2:35:e8:4c:05:ea:51:02:a6:df:84:d4:c5:
                    0a:fe:57:e6:71:e2:c0:62:12:43:35:c3:44:45:44:
                    e6:fa:42:67:73:95:86:38:ab:3c:7d:b4:ca:28:b1:
                    89:ee:bf:81:f9:32:08:49:c9:99:16:96:35:7d:9d:
                    49:07:1e:30:03:8d:03:52:e4:0b:ae:d4:48:88:f4:
                    98:12:28:25:33:09:a0:fc:cb:46:28:80:47:7f:59:
                    83:c2:70:28:83:7c:64:00:3e:89:f9:49:3f:ee:50:
                    ab:fc:bb:8d:e5:60:ab:60:a5:1e:7e:ad:05:1e:86:
                    08:76:fa:c4:58:cd:cd:b9:39:32:88:f9:b5:56:c6:
                    e1:5a:64:a0:46:56:d5:14:4d:13:4b:f8:de:8f:63:
                    94:08:79:64:80:d1:eb:3d:b0:8e:f5:f6:46:43:96:
                    25:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:EB:AA:E8:D1:65:47:FB:B4:C1:E8:10:D6:66:DE:B7:D1:3B:F7:9D
            X509v3 Authority Key Identifier:
                keyid:C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/Juuq6NFlR_u0wegQ1mbet9E7950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.40.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c7:24:88:9c:76:f9:51:4f:c2:8e:d0:96:b7:cd:08:19:19:
         75:da:ac:84:e4:76:3a:0b:aa:8f:52:14:76:cf:46:25:06:4b:
         42:a5:7c:19:14:fa:92:69:0b:6a:c1:7a:31:9e:ba:1c:55:0f:
         96:7d:d4:45:be:06:30:7d:3c:73:3e:e3:bd:c9:6a:74:09:bd:
         e7:9b:73:5c:30:80:11:d1:80:14:f8:f0:90:ff:60:ac:fc:c9:
         21:61:b6:b8:9a:94:8b:bf:29:75:6f:8b:77:eb:6c:09:64:1d:
         a2:4f:7f:fc:b2:31:0f:a1:a2:95:12:d4:95:f1:e0:e5:88:3b:
         e9:fd:ba:b9:55:2d:d2:22:18:7e:10:e3:87:2b:4a:5b:06:2f:
         e7:3d:f7:bd:e7:7d:84:b2:1c:5c:c6:86:30:bb:b7:a1:26:9c:
         9a:64:6c:84:c9:d1:33:33:48:50:84:18:a6:a1:8c:57:60:1c:
         4c:61:45:7b:2c:6c:d9:09:c2:2c:ee:59:0c:35:71:60:b2:49:
         93:1a:d5:2f:ec:6c:78:b9:58:52:fe:e6:ae:9e:5e:f4:bf:62:
         7b:92:c8:44:6b:26:bc:ee:4d:cf:a5:88:90:df:48:6b:4d:30:
         1e:5e:93:c9:69:eb:ea:74:69:e5:5a:95:06:72:46:21:2e:84:
         27:20:0c:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLQ7fja4mrzPtl0LPWpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYjA1MDIxMTIxOWQxOGU5OTZlMDg2Y2I3ZjYzMDkxNzg4
MDQ4NjAwHhcNMjQwMTAxMjAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmViYWFlOGQxNjU0N2ZiYjRjMWU4MTBkNjY2ZGViN2QxM2JmNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnZOp/aIV+/ddyp37H6XGp0IEAvU
vUnhfzcWzrlsZzjCXjbSbY2j7wBhQOqMgQIbhnp8aY60iQZhdXSrmxwGTYw4nEek
KfTFRcob873jQZncxujs6VRwaRs5yrI16EwF6lECpt+E1MUK/lfmceLAYhJDNcNE
RUTm+kJnc5WGOKs8fbTKKLGJ7r+B+TIIScmZFpY1fZ1JBx4wA40DUuQLrtRIiPSY
EiglMwmg/MtGKIBHf1mDwnAog3xkAD6J+Uk/7lCr/LuN5WCrYKUefq0FHoYIdvrE
WM3NuTkyiPm1VsbhWmSgRlbVFE0TS/jej2OUCHlkgNHrPbCO9fZGQ5YlLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbrqujRZUf7tMHoENZm3rfRO/edMB8GA1UdIwQY
MBaAFMGwUCESGdGOmW4IbLf2MJF4gEhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUt
Y2UyMjUxODdmYzM4LzEvSnV1cTZORmxSX3Uwd2VnUTFtYmV0OUU3OTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUtY2UyMjUxODdmYzM4
LzEvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CiMMA0G
CSqGSIb3DQEBCwUAA4IBAQBBxySInHb5UU/CjtCWt80IGRl12qyE5HY6C6qPUhR2
z0YlBktCpXwZFPqSaQtqwXoxnrocVQ+WfdRFvgYwfTxzPuO9yWp0Cb3nm3NcMIAR
0YAU+PCQ/2Cs/MkhYba4mpSLvyl1b4t362wJZB2iT3/8sjEPoaKVEtSV8eDliDvp
/bq5VS3SIhh+EOOHK0pbBi/nPfe9532EshxcxoYwu7ehJpyaZGyEydEzM0hQhBim
oYxXYBxMYUV7LGzZCcIs7lkMNXFgskmTGtUv7Gx4uVhS/uaunl70v2J7kshEaya8
7k3PpYiQ30hrTTAeXpPJaevqdGnlWpUGckYhLoQnIAxr
-----END CERTIFICATE-----