Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/4b4748-5af0-4513-aca9-0b41234cb0ce/1/jflriOIWtJ0usNwQqKc8yv2Vqx4.roa
File:                     jflriOIWtJ0usNwQqKc8yv2Vqx4.roa (raw, json)
Hash identifier:          EltEH73j2kV0bMzkQS5yzjkog7gFZCD+oK59vFnS15c=
Subject key identifier:   8D:F9:6B:88:E2:16:B4:9D:2E:B0:DC:10:A8:A7:3C:CA:FD:95:AB:1E
Certificate issuer:       /CN=e85b21afe1b0916f55eea6d5bdc1dbf2e73a3c68
Certificate serial:       018E17D4A26AD808B1B52A969CA1F15F0146
Authority key identifier: E8:5B:21:AF:E1:B0:91:6F:55:EE:A6:D5:BD:C1:DB:F2:E7:3A:3C:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Fshr-GwkW9V7qbVvcHb8uc6PGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/4b4748-5af0-4513-aca9-0b41234cb0ce/1/jflriOIWtJ0usNwQqKc8yv2Vqx4.roa
Signing time:             Thu 07 Mar 2024 07:33:14 +0000
ROA not before:           Thu 07 Mar 2024 07:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50102
IP address blocks:        195.225.58.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/4b4748-5af0-4513-aca9-0b41234cb0ce/1/6Fshr-GwkW9V7qbVvcHb8uc6PGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/4b4748-5af0-4513-aca9-0b41234cb0ce/1/6Fshr-GwkW9V7qbVvcHb8uc6PGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Fshr-GwkW9V7qbVvcHb8uc6PGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:17:d4:a2:6a:d8:08:b1:b5:2a:96:9c:a1:f1:5f:01:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e85b21afe1b0916f55eea6d5bdc1dbf2e73a3c68
        Validity
            Not Before: Mar  7 07:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8df96b88e216b49d2eb0dc10a8a73ccafd95ab1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b7:c5:83:e6:07:91:4a:b9:a0:79:b0:df:fb:
                    db:a8:e2:25:f7:90:ca:9b:7f:8e:34:9d:1b:6f:a7:
                    5a:9f:41:96:e8:94:c2:18:12:75:85:05:2f:36:48:
                    58:dc:c5:1d:37:fa:3a:d1:ce:49:de:7a:d8:62:60:
                    9a:09:c7:f7:a4:49:68:cf:31:1e:a8:fe:31:82:7a:
                    a8:ec:6d:3c:01:ef:09:a1:8e:01:5a:12:1c:30:de:
                    2d:63:12:05:7d:94:55:86:83:92:17:73:b3:d9:4a:
                    9a:04:d1:48:00:c5:df:9f:3b:f4:fa:6d:e4:89:ab:
                    55:fd:04:6f:b0:9b:65:dc:4c:9e:92:a1:f6:49:b4:
                    b0:26:24:9b:7d:eb:36:e3:c2:d7:d4:2d:88:30:4d:
                    5b:88:c5:76:f4:93:cd:1e:8b:4d:43:a3:7c:d1:44:
                    6b:ce:41:78:67:45:f2:a6:28:80:22:07:a5:e2:23:
                    25:27:ed:87:ac:7b:83:91:2c:2c:b5:2d:af:a7:9f:
                    b9:01:29:56:c6:af:dd:25:b1:9f:c4:ed:f8:93:7d:
                    4b:d0:a5:e4:80:c0:f7:ac:52:8c:77:90:2c:b5:38:
                    0f:b7:e6:42:54:15:21:a0:e5:45:a7:a5:e4:6e:b7:
                    27:94:62:84:b0:b5:9b:99:80:f7:1d:7b:47:90:26:
                    0b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:F9:6B:88:E2:16:B4:9D:2E:B0:DC:10:A8:A7:3C:CA:FD:95:AB:1E
            X509v3 Authority Key Identifier:
                keyid:E8:5B:21:AF:E1:B0:91:6F:55:EE:A6:D5:BD:C1:DB:F2:E7:3A:3C:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Fshr-GwkW9V7qbVvcHb8uc6PGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/4b4748-5af0-4513-aca9-0b41234cb0ce/1/jflriOIWtJ0usNwQqKc8yv2Vqx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/4b4748-5af0-4513-aca9-0b41234cb0ce/1/6Fshr-GwkW9V7qbVvcHb8uc6PGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:9c:1c:3e:88:b1:20:9d:b3:bc:50:76:64:d5:26:21:12:1a:
         04:79:1d:a7:9e:45:3a:99:3d:ea:0f:d7:4a:5a:c9:b7:8c:38:
         29:3f:85:cd:fd:d7:c4:cf:7d:f3:66:17:df:66:eb:47:a5:4e:
         d6:5f:96:dd:ee:c1:f8:a9:8c:5e:e7:55:c0:dc:9e:fa:70:e9:
         71:ae:54:6f:f8:87:ed:de:93:c8:53:f8:c9:13:f4:1a:81:be:
         5b:7a:9a:40:52:41:74:3f:80:8d:91:ae:1c:8f:53:56:60:83:
         2a:09:b1:06:1f:1f:d6:72:01:d7:64:ec:ba:80:27:cb:ac:96:
         67:28:fd:24:f8:b3:60:9f:b0:06:0c:21:bb:78:a7:9d:15:e3:
         cc:f4:40:20:84:4f:c5:9f:6f:d3:75:e4:75:99:6e:9d:4f:9e:
         d1:ed:8c:75:98:2b:79:85:57:42:64:a7:83:1c:e9:2a:d2:14:
         e3:c5:f1:57:a2:56:fa:46:7c:65:a4:e0:41:30:e0:f4:17:ab:
         97:06:07:47:4f:a0:44:65:a4:98:c5:6b:f7:53:c5:ec:69:48:
         ae:82:aa:4a:63:15:b4:38:99:e2:54:2e:4b:91:1e:f2:bb:1f:
         80:6b:a7:a4:8d:ef:8a:27:83:b6:e4:5e:83:55:e2:a6:81:6e:
         51:70:bc:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4X1KJq2AixtSqWnKHxXwFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NWIyMWFmZTFiMDkxNmY1NWVlYTZkNWJkYzFkYmYyZTcz
YTNjNjgwHhcNMjQwMzA3MDczMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGY5NmI4OGUyMTZiNDlkMmViMGRjMTBhOGE3M2NjYWZkOTVhYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LfFg+YHkUq5oHmw3/vbqOIl95DK
m3+ONJ0bb6dan0GW6JTCGBJ1hQUvNkhY3MUdN/o60c5J3nrYYmCaCcf3pElozzEe
qP4xgnqo7G08Ae8JoY4BWhIcMN4tYxIFfZRVhoOSF3Oz2UqaBNFIAMXfnzv0+m3k
iatV/QRvsJtl3EyekqH2SbSwJiSbfes248LX1C2IME1biMV29JPNHotNQ6N80URr
zkF4Z0XypiiAIgel4iMlJ+2HrHuDkSwstS2vp5+5ASlWxq/dJbGfxO34k31L0KXk
gMD3rFKMd5AstTgPt+ZCVBUhoOVFp6XkbrcnlGKEsLWbmYD3HXtHkCYLTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI35a4jiFrSdLrDcEKinPMr9laseMB8GA1UdIwQY
MBaAFOhbIa/hsJFvVe6m1b3B2/LnOjxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkZzaHItR3drVzlWN3FiVnZjSGI4dWM2UEdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC80YjQ3NDgtNWFmMC00NTEzLWFjYTkt
MGI0MTIzNGNiMGNlLzEvamZscmlPSVd0SjB1c053UXFLYzh5djJWcXg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC80YjQ3NDgtNWFmMC00NTEzLWFjYTktMGI0MTIzNGNiMGNl
LzEvNkZzaHItR3drVzlWN3FiVnZjSGI4dWM2UEdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+E6MA0G
CSqGSIb3DQEBCwUAA4IBAQARnBw+iLEgnbO8UHZk1SYhEhoEeR2nnkU6mT3qD9dK
Wsm3jDgpP4XN/dfEz33zZhffZutHpU7WX5bd7sH4qYxe51XA3J76cOlxrlRv+Ift
3pPIU/jJE/Qagb5beppAUkF0P4CNka4cj1NWYIMqCbEGHx/WcgHXZOy6gCfLrJZn
KP0k+LNgn7AGDCG7eKedFePM9EAghE/Fn2/TdeR1mW6dT57R7Yx1mCt5hVdCZKeD
HOkq0hTjxfFXolb6RnxlpOBBMOD0F6uXBgdHT6BEZaSYxWv3U8XsaUiugqpKYxW0
OJniVC5LkR7yux+Aa6ekje+KJ4O25F6DVeKmgW5RcLw/
-----END CERTIFICATE-----