Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/jqgYBLz_MlfODmHAkoo_skCdQXc.roa
File:                     jqgYBLz_MlfODmHAkoo_skCdQXc.roa (raw, json)
Hash identifier:          xYCaYqMbpxCg1cu4wWBY9OvKOLUVVo7UXgIUO7MoqmQ=
Subject key identifier:   8E:A8:18:04:BC:FF:32:57:CE:0E:61:C0:92:8A:3F:B2:40:9D:41:77
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A4D2FE1F6EDD2F7F23FE103DCA038
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/jqgYBLz_MlfODmHAkoo_skCdQXc.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202365
IP address blocks:        185.255.155.0/24 maxlen: 24
                          2a0c:da04::/38 maxlen: 128
                          2a0c:da04::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4d:2f:e1:f6:ed:d2:f7:f2:3f:e1:03:dc:a0:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ea81804bcff3257ce0e61c0928a3fb2409d4177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e0:dc:71:f9:18:dd:e7:73:fc:b4:ca:db:96:
                    7b:8b:1e:37:5a:65:4e:92:55:ba:c4:eb:80:65:08:
                    cc:f2:60:7c:9c:34:ff:f3:50:80:0e:d1:03:07:94:
                    27:86:8c:21:2d:b7:ef:49:ea:36:87:84:49:d7:8a:
                    10:77:35:4d:5a:5b:bd:e6:56:12:8a:52:cb:50:c0:
                    43:08:57:fc:d4:9e:c7:82:ff:8a:e5:d5:21:84:a3:
                    2d:a6:79:d3:fe:b5:9a:69:35:a5:48:b6:37:0f:f2:
                    cc:0c:77:e8:10:7d:33:93:f8:b8:3d:2c:77:34:78:
                    a8:3f:49:6d:3e:dc:be:66:1d:f5:83:c7:ff:aa:c2:
                    75:49:3d:bf:75:c0:eb:36:af:51:51:82:7e:0d:14:
                    4e:fb:8d:7b:a4:16:17:82:e0:21:13:d7:b6:7a:37:
                    7c:b2:c2:ed:3a:50:76:c5:2b:6f:e6:74:74:fa:41:
                    03:b9:8d:4c:15:5e:c2:40:ff:9e:e3:fc:54:0d:14:
                    c2:a6:32:93:23:c6:71:c9:45:15:84:7e:8c:f2:a0:
                    5f:90:3d:24:3e:7d:b9:81:a4:2c:8f:ce:41:78:aa:
                    8b:c7:dd:9f:c8:35:0f:5c:b7:2f:38:f0:a8:ed:77:
                    5d:3f:e3:15:79:17:55:ad:b8:a5:ac:74:df:72:6e:
                    b5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A8:18:04:BC:FF:32:57:CE:0E:61:C0:92:8A:3F:B2:40:9D:41:77
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/jqgYBLz_MlfODmHAkoo_skCdQXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.155.0/24
                IPv6:
                  2a0c:da04::/38

    Signature Algorithm: sha256WithRSAEncryption
         7d:04:62:6a:2a:a9:3e:0e:e4:b9:36:fd:99:c8:68:6b:c5:bb:
         dd:6b:8d:e2:b6:8c:52:8d:fc:7e:36:87:55:5f:21:f2:f0:f6:
         9c:86:15:98:4b:89:65:d8:54:3d:a0:a8:00:5a:5a:bf:f2:05:
         a1:99:50:ec:d1:27:94:ad:bb:5f:b4:e0:b4:90:3a:e7:cc:b4:
         4d:ee:7c:64:82:80:30:40:2b:24:c3:3d:0d:cb:0a:52:84:c9:
         11:6a:48:24:74:33:fc:4b:5d:b1:eb:6e:ab:ee:a0:1b:3f:ca:
         66:e8:b3:d7:1d:d1:d7:1c:d8:99:f6:ba:a0:d7:9a:16:1b:3d:
         cf:4e:9e:1b:e4:7d:44:cb:f6:ab:3d:6b:50:70:de:78:e3:92:
         d5:70:1a:e5:e8:58:29:fe:4d:4e:b3:9a:42:9a:37:47:b5:42:
         54:20:77:5f:3c:44:1c:e1:3b:a7:67:16:79:1a:a4:b0:2d:4c:
         95:ec:4c:e7:31:55:af:99:2b:f3:38:5e:08:4e:c8:eb:b3:f6:
         b5:b9:bd:e7:ab:72:df:d2:7a:4e:37:b8:8e:6e:ea:9c:8a:10:
         57:f1:d8:84:6c:f6:29:4e:38:36:99:6d:67:7c:b9:37:5a:29:
         6f:89:0f:0e:a3:94:86:8f:5b:25:2c:f5:0a:09:82:95:ee:4e:
         aa:e5:a7:d2
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQjak0v4fbt0vfyP+ED3KA4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWE4MTgwNGJjZmYzMjU3Y2UwZTYxYzA5MjhhM2ZiMjQwOWQ0MTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseDccfkY3edz/LTK25Z7ix43WmVO
klW6xOuAZQjM8mB8nDT/81CADtEDB5QnhowhLbfvSeo2h4RJ14oQdzVNWlu95lYS
ilLLUMBDCFf81J7Hgv+K5dUhhKMtpnnT/rWaaTWlSLY3D/LMDHfoEH0zk/i4PSx3
NHioP0ltPty+Zh31g8f/qsJ1ST2/dcDrNq9RUYJ+DRRO+417pBYXguAhE9e2ejd8
ssLtOlB2xStv5nR0+kEDuY1MFV7CQP+e4/xUDRTCpjKTI8ZxyUUVhH6M8qBfkD0k
Pn25gaQsj85BeKqLx92fyDUPXLcvOPCo7XddP+MVeRdVrbilrHTfcm61nwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFI6oGAS8/zJXzg5hwJKKP7JAnUF3MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvanFnWUJMel9NbGZPRG1IQWtvb19za0NkUVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuf+bMA4E
AgACMAgDBgIqDNoEADANBgkqhkiG9w0BAQsFAAOCAQEAfQRiaiqpPg7kuTb9mcho
a8W73WuN4raMUo38fjaHVV8h8vD2nIYVmEuJZdhUPaCoAFpav/IFoZlQ7NEnlK27
X7TgtJA658y0Te58ZIKAMEArJMM9DcsKUoTJEWpIJHQz/Etdsetuq+6gGz/KZuiz
1x3R1xzYmfa6oNeaFhs9z06eG+R9RMv2qz1rUHDeeOOS1XAa5ehYKf5NTrOaQpo3
R7VCVCB3XzxEHOE7p2cWeRqksC1MlexM5zFVr5kr8zheCE7I67P2tbm956ty39J6
Tje4jm7qnIoQV/HYhGz2KU44NpltZ3y5N1opb4kPDqOUho9bJSz1CgmCle5OquWn
0g==
-----END CERTIFICATE-----