Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/SJns8OQHJ8A5ZA4uV89PYzO1QtQ.roa
File:                     SJns8OQHJ8A5ZA4uV89PYzO1QtQ.roa (raw, json)
Hash identifier:          84kouCWklfsqsHwiRsRsmOHC75HCLYNDMJoewtBjB7k=
Subject key identifier:   48:99:EC:F0:E4:07:27:C0:39:64:0E:2E:57:CF:4F:63:33:B5:42:D4
Certificate issuer:       /CN=e5cbde75d536e91b28a23469349d1cf28b884a3b
Certificate serial:       018CC7958CFF1AD6D24F06B2D6499728A22D
Authority key identifier: E5:CB:DE:75:D5:36:E9:1B:28:A2:34:69:34:9D:1C:F2:8B:88:4A:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5cveddU26RsoojRpNJ0c8ouISjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/SJns8OQHJ8A5ZA4uV89PYzO1QtQ.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394354
IP address blocks:        185.159.198.0/24 maxlen: 24
                          185.159.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/5cveddU26RsoojRpNJ0c8ouISjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/5cveddU26RsoojRpNJ0c8ouISjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5cveddU26RsoojRpNJ0c8ouISjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 09:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8c:ff:1a:d6:d2:4f:06:b2:d6:49:97:28:a2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5cbde75d536e91b28a23469349d1cf28b884a3b
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4899ecf0e40727c039640e2e57cf4f6333b542d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:71:3c:a1:ff:c1:db:bd:f7:e7:cc:b7:7f:1d:
                    e8:89:ee:db:f0:a8:3a:a1:dd:70:17:e6:40:ae:cd:
                    6d:c4:c9:e7:58:22:97:c9:2e:82:d0:67:ad:ca:cc:
                    e0:37:c5:da:25:fa:02:53:83:03:ed:5f:1b:77:87:
                    8f:19:e9:30:d7:9f:92:df:4c:2b:06:7a:be:a0:e5:
                    3a:73:81:61:55:9b:9a:be:de:d7:d5:47:95:df:d4:
                    ac:15:17:60:5e:23:8b:1a:54:59:84:ce:6b:fa:80:
                    30:8c:7d:16:42:b1:4f:ca:00:38:5a:c9:bd:b1:de:
                    93:3d:6a:cc:7c:72:89:bd:60:1f:91:6e:81:96:2c:
                    0f:89:24:5b:b8:d3:d5:7b:1b:be:2b:7d:22:43:3b:
                    31:a0:07:44:0d:76:d4:a7:7e:7a:34:55:38:d4:66:
                    a8:cb:95:dd:ba:b4:3a:e1:d5:54:e2:48:78:70:9f:
                    da:38:14:03:10:af:04:d4:7f:ba:41:2a:26:59:5d:
                    14:a3:ef:fd:f1:96:c6:a1:a9:09:20:24:06:d1:3b:
                    db:f3:b0:8d:41:c5:48:fd:4d:05:66:da:35:de:b1:
                    28:8c:9b:9d:57:0a:b7:c3:81:50:45:c6:ca:ba:91:
                    8e:51:eb:14:ea:9b:6c:bf:75:21:0b:8e:b1:0d:ad:
                    f5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:99:EC:F0:E4:07:27:C0:39:64:0E:2E:57:CF:4F:63:33:B5:42:D4
            X509v3 Authority Key Identifier:
                keyid:E5:CB:DE:75:D5:36:E9:1B:28:A2:34:69:34:9D:1C:F2:8B:88:4A:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cveddU26RsoojRpNJ0c8ouISjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/SJns8OQHJ8A5ZA4uV89PYzO1QtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/5cveddU26RsoojRpNJ0c8ouISjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.196.0/24
                  185.159.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e2:d9:10:f9:b0:9f:ae:b6:bd:47:10:7d:9a:4b:99:b1:e2:
         66:c6:50:5f:ee:00:78:aa:1b:da:e1:e5:b7:f5:13:b1:c5:c5:
         ad:a4:71:04:ac:b1:d9:db:de:50:f1:c7:1e:61:89:1b:04:6c:
         bc:ec:4a:45:3d:5d:59:29:7d:ea:41:dc:de:53:2e:19:96:b5:
         60:9b:ef:30:00:dd:13:b0:c5:c8:83:d0:77:d1:b0:52:7f:9d:
         c1:b8:20:de:2b:60:c3:12:5b:b0:f7:bd:bb:24:4e:f6:f7:a6:
         e9:05:ad:22:35:66:20:88:8f:a9:19:e3:59:fd:36:dd:a8:1f:
         55:82:51:19:dd:81:97:93:36:d6:c3:e4:1b:00:d1:1a:33:ac:
         48:92:f0:78:89:9f:a3:9c:70:04:ce:a4:20:79:ca:27:94:14:
         2b:e1:12:6f:83:6f:79:bc:c1:66:96:64:ab:78:7d:78:a4:cb:
         77:70:09:8a:e7:56:38:0c:d5:65:4e:d3:60:36:1e:17:52:0d:
         79:35:8d:ef:98:63:31:6c:1d:f0:5d:85:a3:18:82:c8:f4:80:
         53:ca:0d:50:7a:a9:e8:43:f4:1b:54:7f:4a:6d:ed:18:94:f8:
         2b:9f:85:a4:06:2e:b2:82:10:ac:b0:6a:b3:9e:0e:4d:0f:63:
         de:fa:00:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlYz/GtbSTway1kmXKKItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Y2JkZTc1ZDUzNmU5MWIyOGEyMzQ2OTM0OWQxY2YyOGI4
ODRhM2IwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODk5ZWNmMGU0MDcyN2MwMzk2NDBlMmU1N2NmNGY2MzMzYjU0MmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHE8of/B273358y3fx3oie7b8Kg6
od1wF+ZArs1txMnnWCKXyS6C0GetyszgN8XaJfoCU4MD7V8bd4ePGekw15+S30wr
Bnq+oOU6c4FhVZuavt7X1UeV39SsFRdgXiOLGlRZhM5r+oAwjH0WQrFPygA4Wsm9
sd6TPWrMfHKJvWAfkW6BliwPiSRbuNPVexu+K30iQzsxoAdEDXbUp356NFU41Gao
y5XdurQ64dVU4kh4cJ/aOBQDEK8E1H+6QSomWV0Uo+/98ZbGoakJICQG0Tvb87CN
QcVI/U0FZto13rEojJudVwq3w4FQRcbKupGOUesU6ptsv3UhC46xDa31lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEiZ7PDkByfAOWQOLlfPT2MztULUMB8GA1UdIwQY
MBaAFOXL3nXVNukbKKI0aTSdHPKLiEo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWN2ZWRkVTI2UnNvb2pScE5KMGM4b3VJU2pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wMTVlOTAtNTIwNC00ZDA5LThiMjYt
ZmNlYWNiZDczODQ1LzEvU0puczhPUUhKOEE1WkE0dVY4OVBZek8xUXRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wMTVlOTAtNTIwNC00ZDA5LThiMjYtZmNlYWNiZDczODQ1
LzEvNWN2ZWRkVTI2UnNvb2pScE5KMGM4b3VJU2pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZ/EAwQA
uZ/GMA0GCSqGSIb3DQEBCwUAA4IBAQB/4tkQ+bCfrra9RxB9mkuZseJmxlBf7gB4
qhva4eW39ROxxcWtpHEErLHZ295Q8cceYYkbBGy87EpFPV1ZKX3qQdzeUy4ZlrVg
m+8wAN0TsMXIg9B30bBSf53BuCDeK2DDEluw9727JE7296bpBa0iNWYgiI+pGeNZ
/TbdqB9VglEZ3YGXkzbWw+QbANEaM6xIkvB4iZ+jnHAEzqQgeconlBQr4RJvg295
vMFmlmSreH14pMt3cAmK51Y4DNVlTtNgNh4XUg15NY3vmGMxbB3wXYWjGILI9IBT
yg1QeqnoQ/QbVH9Kbe0YlPgrn4WkBi6yghCssGqzng5ND2Pe+gBJ
-----END CERTIFICATE-----