Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JxXSbZ6HT7laCXRdd2EK-jIUs4E.roa
File:                     JxXSbZ6HT7laCXRdd2EK-jIUs4E.roa (raw, json)
Hash identifier:          aLMPoYJZoVTJzH2d/9Vn/y4td9ZecG4GW8TNFilH/gs=
Subject key identifier:   27:15:D2:6D:9E:87:4F:B9:5A:09:74:5D:77:61:0A:FA:32:14:B3:81
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018F0A7DD1EB47A3C3DA13C503752B21E284
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JxXSbZ6HT7laCXRdd2EK-jIUs4E.roa
Signing time:             Tue 23 Apr 2024 10:26:08 +0000
ROA not before:           Tue 23 Apr 2024 10:26:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1680
IP address blocks:        185.126.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:7d:d1:eb:47:a3:c3:da:13:c5:03:75:2b:21:e2:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 23 10:26:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2715d26d9e874fb95a09745d77610afa3214b381
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:10:00:0e:59:f0:30:6d:93:70:df:86:98:0b:
                    4d:d0:1e:8b:06:6f:09:3d:f7:1d:71:e6:ab:d7:a3:
                    74:75:70:4e:db:14:fa:13:67:c4:27:8f:f5:1c:10:
                    74:20:33:d4:36:40:7a:7c:72:ed:e4:75:fb:67:a1:
                    d4:8a:d0:dd:11:6c:ee:21:fa:66:50:44:1a:38:ef:
                    f4:ea:90:f0:e8:21:0f:db:18:81:a2:03:ba:f9:1e:
                    ce:be:7b:53:0b:37:7b:bd:7f:13:e9:6c:af:55:a3:
                    5a:c5:a4:7b:54:68:0b:67:6a:9b:37:85:a0:d5:30:
                    06:4b:64:8e:df:c1:e3:90:3f:be:86:c9:dd:b2:b8:
                    96:27:02:9e:b7:f5:eb:c0:04:a4:ea:44:1e:2a:f2:
                    92:e6:24:73:dd:14:dc:d8:a8:44:7b:1e:ab:29:23:
                    cf:09:a6:b2:b4:12:b2:db:53:05:b8:66:10:57:7c:
                    ef:6a:0d:96:1c:34:2b:70:dc:11:89:3e:e3:88:b1:
                    3d:bc:45:a1:e7:74:e9:28:5b:34:1c:bb:1f:2e:e9:
                    31:de:64:ee:ca:f9:64:2a:f6:27:35:f3:f9:3c:82:
                    ae:43:6d:fd:28:94:68:15:c4:c2:83:12:14:8f:60:
                    85:6d:e6:ce:8f:56:99:a8:eb:0f:ba:d1:61:8f:6d:
                    f4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:15:D2:6D:9E:87:4F:B9:5A:09:74:5D:77:61:0A:FA:32:14:B3:81
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JxXSbZ6HT7laCXRdd2EK-jIUs4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:4e:fd:08:8f:2b:d9:ad:a0:a1:6d:16:57:ad:54:4e:9f:97:
         d1:06:27:c7:90:7c:06:3a:e0:92:d1:93:40:39:76:c7:4a:37:
         a2:89:27:3d:f5:6e:55:9f:ca:b5:0c:62:29:5f:12:3a:25:8b:
         1d:25:be:37:82:be:e6:17:f4:fe:83:14:00:20:e6:42:04:4d:
         b3:05:23:5a:ef:65:ff:67:9e:98:3e:25:c2:cd:70:ec:c7:7b:
         93:b3:1c:26:8c:37:52:e3:94:57:00:00:8b:72:2f:9a:54:85:
         42:fd:92:b3:ff:b5:83:40:a8:bd:60:12:ec:a2:e9:ff:c7:ca:
         ee:a6:60:ed:fa:9d:3f:0b:90:63:1e:c4:bf:da:99:7c:54:2c:
         c3:29:29:fa:88:54:90:d2:6d:ca:ab:9d:62:d4:ab:2b:39:cb:
         44:b0:75:45:49:b8:87:e7:87:ce:61:e8:7a:41:21:ed:3a:41:
         c4:fe:db:47:17:54:b4:01:06:a0:da:6d:a7:e0:57:1f:21:a9:
         21:92:91:90:a7:49:28:a9:0a:9d:26:b0:a5:ed:b7:54:5b:bf:
         c3:25:76:95:9c:d9:95:4c:88:f1:0f:50:6d:a5:bd:a6:e5:a7:
         e9:2d:d2:5e:90:54:32:44:ec:8f:67:87:c7:35:df:05:34:78:
         85:d6:b3:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8KfdHrR6PD2hPFA3UrIeKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNDIzMTAyNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzE1ZDI2ZDllODc0ZmI5NWEwOTc0NWQ3NzYxMGFmYTMyMTRiMzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhAADlnwMG2TcN+GmAtN0B6LBm8J
Pfcdcear16N0dXBO2xT6E2fEJ4/1HBB0IDPUNkB6fHLt5HX7Z6HUitDdEWzuIfpm
UEQaOO/06pDw6CEP2xiBogO6+R7OvntTCzd7vX8T6WyvVaNaxaR7VGgLZ2qbN4Wg
1TAGS2SO38HjkD++hsndsriWJwKet/XrwASk6kQeKvKS5iRz3RTc2KhEex6rKSPP
CaaytBKy21MFuGYQV3zvag2WHDQrcNwRiT7jiLE9vEWh53TpKFs0HLsfLukx3mTu
yvlkKvYnNfP5PIKuQ239KJRoFcTCgxIUj2CFbebOj1aZqOsPutFhj230KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcV0m2eh0+5Wgl0XXdhCvoyFLOBMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSnhYU2JaNkhUN2xhQ1hSZGQyRUstaklVczRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX5RMA0G
CSqGSIb3DQEBCwUAA4IBAQChTv0IjyvZraChbRZXrVROn5fRBifHkHwGOuCS0ZNA
OXbHSjeiiSc99W5Vn8q1DGIpXxI6JYsdJb43gr7mF/T+gxQAIOZCBE2zBSNa72X/
Z56YPiXCzXDsx3uTsxwmjDdS45RXAACLci+aVIVC/ZKz/7WDQKi9YBLsoun/x8ru
pmDt+p0/C5BjHsS/2pl8VCzDKSn6iFSQ0m3Kq51i1KsrOctEsHVFSbiH54fOYeh6
QSHtOkHE/ttHF1S0AQag2m2n4FcfIakhkpGQp0koqQqdJrCl7bdUW7/DJXaVnNmV
TIjxD1Btpb2m5afpLdJekFQyROyPZ4fHNd8FNHiF1rO0
-----END CERTIFICATE-----