Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/JOJ9b2WkEIXJpzQl9CDXk_CHY94.roa
File:                     JOJ9b2WkEIXJpzQl9CDXk_CHY94.roa (raw, json)
Hash identifier:          SAmYAd0xvQRGMk1x62ICIfIVJyfWTunRcVeOhZ1E3l0=
Subject key identifier:   24:E2:7D:6F:65:A4:10:85:C9:A7:34:25:F4:20:D7:93:F0:87:63:DE
Certificate issuer:       /CN=38a8550659bb68e770d8b0126b7261fb87d8240b
Certificate serial:       01942521438729E5E2A82362970F6BFD39C7
Authority key identifier: 38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/JOJ9b2WkEIXJpzQl9CDXk_CHY94.roa
Signing time:             Thu 02 Jan 2025 03:48:44 +0000
ROA not before:           Thu 02 Jan 2025 03:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44277
IP address blocks:        86.107.180.0/24 maxlen: 24
                          188.213.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:43:87:29:e5:e2:a8:23:62:97:0f:6b:fd:39:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a8550659bb68e770d8b0126b7261fb87d8240b
        Validity
            Not Before: Jan  2 03:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24e27d6f65a41085c9a73425f420d793f08763de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:76:a7:16:25:d9:18:fa:33:59:d6:f1:ab:1b:
                    b2:9f:07:6e:af:4b:57:a4:07:6d:bf:f8:ed:dc:0c:
                    3c:4f:5e:f8:81:00:18:cb:6d:9e:38:3a:0a:9c:6f:
                    3c:da:e1:f1:b4:88:39:ee:77:96:4f:62:3f:b5:6a:
                    df:83:94:5a:db:ad:1a:90:22:5c:26:89:fc:ee:f6:
                    59:a4:bf:f9:ac:bb:90:b9:f5:a3:32:fc:39:52:9d:
                    1f:07:7e:c8:ae:38:64:3e:83:5a:eb:54:df:53:3c:
                    b9:f6:2a:52:a8:72:f3:10:f7:0e:68:e3:f0:53:0b:
                    00:84:96:5e:dc:4a:a3:d2:6d:46:b6:35:f3:60:3f:
                    4f:2b:06:79:90:9b:37:f8:86:84:e1:d3:1f:97:2c:
                    27:6f:04:c4:e0:eb:ae:8d:59:ed:fd:58:6c:62:a4:
                    db:b6:0f:db:f5:b9:6a:7e:72:d5:2b:ff:89:e8:c5:
                    f1:f6:bc:7c:5c:08:f7:7b:67:db:76:1a:e5:6f:20:
                    6e:9c:fc:fe:2f:78:8a:17:e3:7b:55:09:a5:6c:50:
                    e2:19:9b:7e:96:44:b8:42:93:a4:27:72:47:07:db:
                    e9:9b:97:3d:92:13:69:3f:a0:a8:9b:65:01:b3:11:
                    3b:54:39:24:19:aa:ff:14:15:bb:ee:fa:41:23:70:
                    d7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E2:7D:6F:65:A4:10:85:C9:A7:34:25:F4:20:D7:93:F0:87:63:DE
            X509v3 Authority Key Identifier:
                keyid:38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/JOJ9b2WkEIXJpzQl9CDXk_CHY94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.180.0/24
                  188.213.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:41:82:f0:f8:c3:93:81:28:2a:f3:9f:b5:4c:30:2d:ef:99:
         4a:c0:50:1d:98:ef:d0:4b:05:76:7d:17:a4:d5:a9:fe:bc:5a:
         de:49:a7:3c:bc:08:c4:ec:a5:51:7b:31:af:b8:ba:2a:2e:f5:
         2c:dd:31:f9:8e:ae:e6:48:84:9f:65:5c:1f:e6:41:2e:5e:c6:
         fe:66:01:f1:cb:dd:7e:fe:91:eb:1e:1d:c9:5a:38:70:48:a0:
         7d:2b:06:ef:79:c9:19:fe:00:4f:bb:a1:58:14:91:dd:f7:40:
         7f:d8:ba:34:7d:c5:ab:fc:e4:d1:1b:4b:90:63:84:ea:6d:b2:
         b6:4c:42:5e:4a:d1:70:4b:0d:a5:2e:55:81:7a:03:1b:9d:2b:
         ce:b8:36:87:83:ad:f7:53:e2:eb:cb:65:bb:87:30:63:bf:07:
         be:b3:aa:04:74:54:cd:ae:94:96:8f:0b:7f:b6:c3:2b:b9:da:
         2c:b3:3b:30:21:b8:b3:83:b9:2c:3d:33:c8:d8:f8:6f:67:d1:
         eb:49:9c:2f:6f:39:c0:15:e1:5e:25:91:64:6f:09:3c:17:0e:
         a9:c6:75:59:94:63:08:0e:24:33:e8:b0:cb:db:8a:d9:87:a8:
         fd:90:d7:01:e1:1c:b3:63:d1:f6:08:ff:59:9a:64:b6:37:a7:
         e8:98:cd:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIUOHKeXiqCNilw9r/TnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTg1NTA2NTliYjY4ZTc3MGQ4YjAxMjZiNzI2MWZiODdk
ODI0MGIwHhcNMjUwMTAyMDM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGUyN2Q2ZjY1YTQxMDg1YzlhNzM0MjVmNDIwZDc5M2YwODc2M2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33anFiXZGPozWdbxqxuynwdur0tX
pAdtv/jt3Aw8T174gQAYy22eODoKnG882uHxtIg57neWT2I/tWrfg5Ra260akCJc
Jon87vZZpL/5rLuQufWjMvw5Up0fB37IrjhkPoNa61TfUzy59ipSqHLzEPcOaOPw
UwsAhJZe3Eqj0m1GtjXzYD9PKwZ5kJs3+IaE4dMflywnbwTE4OuujVnt/VhsYqTb
tg/b9blqfnLVK/+J6MXx9rx8XAj3e2fbdhrlbyBunPz+L3iKF+N7VQmlbFDiGZt+
lkS4QpOkJ3JHB9vpm5c9khNpP6Com2UBsxE7VDkkGar/FBW77vpBI3DXSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCTifW9lpBCFyac0JfQg15Pwh2PeMB8GA1UdIwQY
MBaAFDioVQZZu2jncNiwEmtyYfuH2CQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEt
MWQ3MDNiNDk2NjM0LzEvSk9KOWIyV2tFSVhKcHpRbDlDRFhrX0NIWTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEtMWQ3MDNiNDk2NjM0
LzEvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmu0AwQA
vNUzMA0GCSqGSIb3DQEBCwUAA4IBAQDDQYLw+MOTgSgq85+1TDAt75lKwFAdmO/Q
SwV2fRek1an+vFreSac8vAjE7KVRezGvuLoqLvUs3TH5jq7mSISfZVwf5kEuXsb+
ZgHxy91+/pHrHh3JWjhwSKB9KwbveckZ/gBPu6FYFJHd90B/2Lo0fcWr/OTRG0uQ
Y4TqbbK2TEJeStFwSw2lLlWBegMbnSvOuDaHg633U+Lry2W7hzBjvwe+s6oEdFTN
rpSWjwt/tsMrudosszswIbizg7ksPTPI2PhvZ9HrSZwvbznAFeFeJZFkbwk8Fw6p
xnVZlGMIDiQz6LDL24rZh6j9kNcB4RyzY9H2CP9ZmmS2N6fomM0u
-----END CERTIFICATE-----