Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/611a40-b444-490c-9dee-27d608d20873/1/jaEw1AsqgacAiiBJYASIrMM8Lb4.roa
File:                     jaEw1AsqgacAiiBJYASIrMM8Lb4.roa (raw, json)
Hash identifier:          +Ktl7fT0mJZfsu/U2l8V9zehp9roBmzOhZpILubCafM=
Subject key identifier:   8D:A1:30:D4:0B:2A:81:A7:00:8A:20:49:60:04:88:AC:C3:3C:2D:BE
Certificate issuer:       /CN=6044f6ea79e4e2a3e02a8b38ed0cd3a4059138ac
Certificate serial:       018CC4255D8340579BDCC4A4858E9B1C24A6
Authority key identifier: 60:44:F6:EA:79:E4:E2:A3:E0:2A:8B:38:ED:0C:D3:A4:05:91:38:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YET26nnk4qPgKos47QzTpAWROKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/611a40-b444-490c-9dee-27d608d20873/1/jaEw1AsqgacAiiBJYASIrMM8Lb4.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39534
IP address blocks:        194.50.38.0/24 maxlen: 24
                          185.151.68.0/24 maxlen: 24
                          185.151.70.0/24 maxlen: 24
                          185.151.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/611a40-b444-490c-9dee-27d608d20873/1/YET26nnk4qPgKos47QzTpAWROKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/611a40-b444-490c-9dee-27d608d20873/1/YET26nnk4qPgKos47QzTpAWROKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YET26nnk4qPgKos47QzTpAWROKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:83:40:57:9b:dc:c4:a4:85:8e:9b:1c:24:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6044f6ea79e4e2a3e02a8b38ed0cd3a4059138ac
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8da130d40b2a81a7008a2049600488acc33c2dbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:04:db:eb:7b:3b:65:b4:4a:34:e2:a5:a7:57:
                    3f:42:74:6c:15:79:d0:f6:f8:89:35:bd:c9:43:4e:
                    4f:e3:04:14:77:36:f9:4c:b2:36:9e:49:70:42:42:
                    23:34:e3:50:fc:11:49:8e:96:a1:4f:fd:24:08:be:
                    2b:c8:db:20:6b:fe:46:af:4f:c0:7b:15:7b:e7:dd:
                    e2:c6:f2:10:36:f6:53:cb:80:06:fa:3a:0f:76:70:
                    6a:3b:c7:b0:8a:47:b2:7b:1c:5b:d6:f9:bf:bc:5b:
                    58:c8:ec:c2:91:17:6b:9c:2d:4b:8e:15:5e:78:37:
                    1b:55:a6:3f:93:b7:e1:fc:13:f6:ff:54:0a:31:4a:
                    22:b1:67:a7:d8:88:0a:33:39:30:71:72:39:b7:2a:
                    bd:ec:fe:aa:c7:62:6e:9e:83:78:e1:be:2c:01:fc:
                    80:65:dc:5d:7e:f6:fa:f8:31:3d:58:ce:b8:fd:18:
                    c8:a1:47:50:87:5f:b0:92:54:ad:0b:20:1b:4d:b6:
                    97:57:d5:de:4d:af:8f:da:dc:4e:f8:0b:29:7b:62:
                    ae:02:79:42:97:78:f5:38:9d:f5:22:23:ab:cb:5e:
                    74:32:1a:5b:d5:43:64:d1:0b:6a:c4:8d:f9:d2:29:
                    64:44:d4:a2:7d:d0:d2:0a:e4:65:0f:53:cc:11:ea:
                    b9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A1:30:D4:0B:2A:81:A7:00:8A:20:49:60:04:88:AC:C3:3C:2D:BE
            X509v3 Authority Key Identifier:
                keyid:60:44:F6:EA:79:E4:E2:A3:E0:2A:8B:38:ED:0C:D3:A4:05:91:38:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YET26nnk4qPgKos47QzTpAWROKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/611a40-b444-490c-9dee-27d608d20873/1/jaEw1AsqgacAiiBJYASIrMM8Lb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/611a40-b444-490c-9dee-27d608d20873/1/YET26nnk4qPgKos47QzTpAWROKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.68.0-185.151.70.255
                  194.50.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:e8:1d:7b:1e:c1:93:8e:df:7d:ab:79:8a:9f:10:4f:d5:5a:
         33:54:f5:de:79:30:89:0b:57:26:62:40:65:56:78:b0:ef:d1:
         fa:c3:44:20:ed:e6:c1:4d:c1:85:dd:ac:4f:61:f2:60:7d:e9:
         a9:c6:6d:c0:41:c7:cf:df:51:32:9b:a7:f4:bc:86:72:1b:7f:
         7d:1d:29:91:7a:0d:a6:d6:8b:2c:fc:98:c2:75:7b:40:53:16:
         a7:58:d5:5b:37:fb:3b:cd:69:75:c3:e4:b2:8f:8d:f1:65:f3:
         8b:c0:f3:bb:69:71:93:4b:cf:7d:c8:c2:05:db:03:12:b1:23:
         1d:2d:8c:63:e5:ab:fd:cc:22:a1:d1:a6:bb:43:29:99:45:3f:
         f5:b2:c9:fa:10:ff:4d:51:f8:1a:f9:c4:d0:f6:a1:1c:3a:38:
         ac:02:d4:7a:9d:da:93:31:f7:1d:ec:70:11:60:03:18:40:18:
         7d:ed:8e:9e:25:21:b3:31:06:81:36:15:3d:0d:b7:fe:4f:7c:
         85:3b:94:2f:96:c5:95:69:fd:0a:0b:cb:3b:a5:bf:36:86:13:
         e1:a9:d1:43:fe:2b:be:b3:5b:2f:c3:17:cc:07:2b:0e:bc:e9:
         a5:fc:c5:67:d4:75:ad:8d:ef:26:d5:e0:e4:43:d1:ca:be:04:
         13:9a:9b:5c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEJV2DQFeb3MSkhY6bHCSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNDRmNmVhNzllNGUyYTNlMDJhOGIzOGVkMGNkM2E0MDU5
MTM4YWMwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGExMzBkNDBiMmE4MWE3MDA4YTIwNDk2MDA0ODhhY2MzM2MyZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQTb63s7ZbRKNOKlp1c/QnRsFXnQ
9viJNb3JQ05P4wQUdzb5TLI2nklwQkIjNONQ/BFJjpahT/0kCL4ryNsga/5Gr0/A
exV7593ixvIQNvZTy4AG+joPdnBqO8ewikeyexxb1vm/vFtYyOzCkRdrnC1LjhVe
eDcbVaY/k7fh/BP2/1QKMUoisWen2IgKMzkwcXI5tyq97P6qx2JunoN44b4sAfyA
Zdxdfvb6+DE9WM64/RjIoUdQh1+wklStCyAbTbaXV9XeTa+P2txO+Aspe2KuAnlC
l3j1OJ31IiOry150Mhpb1UNk0QtqxI350ilkRNSifdDSCuRlD1PMEeq5JwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFI2hMNQLKoGnAIogSWAEiKzDPC2+MB8GA1UdIwQY
MBaAFGBE9up55OKj4CqLOO0M06QFkTisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUVUMjZubms0cVBnS29zNDdRelRwQVdST0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS82MTFhNDAtYjQ0NC00OTBjLTlkZWUt
MjdkNjA4ZDIwODczLzEvamFFdzFBc3FnYWNBaWlCSllBU0lyTU04TGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS82MTFhNDAtYjQ0NC00OTBjLTlkZWUtMjdkNjA4ZDIwODcz
LzEvWUVUMjZubms0cVBnS29zNDdRelRwQVdST0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAK5l0QD
BAC5l0YDBADCMiYwDQYJKoZIhvcNAQELBQADggEBAG3oHXsewZOO332reYqfEE/V
WjNU9d55MIkLVyZiQGVWeLDv0frDRCDt5sFNwYXdrE9h8mB96anGbcBBx8/fUTKb
p/S8hnIbf30dKZF6DabWiyz8mMJ1e0BTFqdY1Vs3+zvNaXXD5LKPjfFl84vA87tp
cZNLz33IwgXbAxKxIx0tjGPlq/3MIqHRprtDKZlFP/WyyfoQ/01R+Br5xND2oRw6
OKwC1Hqd2pMx9x3scBFgAxhAGH3tjp4lIbMxBoE2FT0Nt/5PfIU7lC+WxZVp/QoL
yzulvzaGE+Gp0UP+K76zWy/DF8wHKw686aX8xWfUda2N7ybV4ORD0cq+BBOam1w=
-----END CERTIFICATE-----