Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/Jj-HlKAdwX8Rqd39yN366lk7ugs.roa
File:                     Jj-HlKAdwX8Rqd39yN366lk7ugs.roa (raw, json)
Hash identifier:          rW6rh9puwjEdTcyAZdqOLnerYu65S/bSJw/xJXOXNNc=
Subject key identifier:   26:3F:87:94:A0:1D:C1:7F:11:A9:DD:FD:C8:DD:FA:EA:59:3B:BA:0B
Certificate issuer:       /CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
Certificate serial:       018CC348C5658F8A6EA45E9C50826CA6F2BC
Authority key identifier: 88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/Jj-HlKAdwX8Rqd39yN366lk7ugs.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29208
IP address blocks:        194.145.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:65:8f:8a:6e:a4:5e:9c:50:82:6c:a6:f2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=263f8794a01dc17f11a9ddfdc8ddfaea593bba0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fb:f9:39:08:6b:95:42:ad:8e:43:13:5c:15:
                    bb:cc:a1:2c:2c:83:a2:9e:71:6b:cf:97:90:17:d1:
                    17:b6:0f:24:89:21:ae:a6:b1:15:90:05:d5:3b:9b:
                    d4:3a:93:fa:97:c4:b3:c3:34:74:b1:84:fb:af:d5:
                    01:f0:4b:36:f3:c8:f4:13:9b:08:49:4e:49:02:42:
                    a6:f0:30:3a:f9:2f:6e:ad:81:9f:7d:44:51:09:65:
                    f3:cc:f7:e3:45:cf:8f:92:e6:b7:6e:a0:25:8e:75:
                    a3:de:63:8b:b6:26:71:a2:b5:78:ab:2e:6b:32:13:
                    5c:d0:97:a5:2a:81:b5:3a:ff:9d:18:b7:4a:e0:62:
                    6f:3b:76:6b:f2:f3:35:8d:87:89:7a:1f:b0:2c:47:
                    b5:b0:d7:99:eb:87:b1:ea:17:8d:c4:52:19:c2:27:
                    c5:4f:d5:0b:3c:f0:12:c1:95:96:79:41:74:5f:07:
                    f1:15:87:24:bd:9e:9c:76:11:90:76:4f:ce:d6:d5:
                    33:6b:a1:58:45:fe:fd:c7:de:72:de:25:c0:4b:2f:
                    dd:07:cd:b1:08:52:61:8d:0b:f2:7b:45:ac:bd:23:
                    aa:17:3b:3a:a3:32:18:27:74:9c:a5:4e:70:fe:68:
                    5c:b4:a4:35:7c:05:72:4c:db:2d:55:5c:a2:cd:03:
                    7a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:3F:87:94:A0:1D:C1:7F:11:A9:DD:FD:C8:DD:FA:EA:59:3B:BA:0B
            X509v3 Authority Key Identifier:
                keyid:88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/Jj-HlKAdwX8Rqd39yN366lk7ugs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:a7:74:dd:38:08:3a:74:fb:78:5c:9a:e1:bc:76:ce:58:fb:
         7e:5e:eb:c4:9c:2a:21:fb:bd:e6:c0:b0:b6:ea:81:39:6c:3c:
         93:c4:eb:1f:47:45:9d:b1:40:7d:cf:07:59:bf:d5:63:0b:de:
         08:96:23:b4:44:e7:f3:79:cc:7e:81:ee:f6:4c:ab:ab:0d:80:
         b3:60:e5:0e:15:54:c5:a7:be:62:09:79:24:ea:36:98:32:2c:
         c6:15:1b:b0:9e:ed:a4:6d:a9:bc:9d:a8:f1:91:eb:d1:72:94:
         5c:be:0b:4d:8b:3f:84:df:e0:b0:93:44:36:47:d8:2f:ba:bc:
         02:2a:14:40:e7:13:66:5a:4b:c9:e2:ab:e8:9d:cc:7a:39:45:
         da:bc:64:69:80:dc:2c:bf:9c:ed:75:54:72:e7:40:54:21:54:
         bc:84:f2:f7:da:88:fd:68:f8:db:a0:7f:78:8f:a4:96:de:ab:
         05:8b:e7:e4:28:d6:29:19:e8:8b:a9:2e:df:ae:d6:3e:83:b0:
         a6:f7:05:5f:0d:ad:1c:92:23:29:92:5c:c6:5d:2b:cf:32:63:
         40:fa:80:a9:80:6e:97:e2:69:48:58:2b:93:f3:ff:36:52:26:
         38:51:1a:38:0b:95:f2:4f:56:98:b1:ea:06:e3:8d:8b:79:cb:
         4d:bb:85:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMVlj4pupF6cUIJspvK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmY0ZWU2MjNkOGZhYjczYzkwMWQwY2JkYzkzYTMyMWU5
Y2NmYjcwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjNmODc5NGEwMWRjMTdmMTFhOWRkZmRjOGRkZmFlYTU5M2JiYTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPv5OQhrlUKtjkMTXBW7zKEsLIOi
nnFrz5eQF9EXtg8kiSGuprEVkAXVO5vUOpP6l8SzwzR0sYT7r9UB8Es288j0E5sI
SU5JAkKm8DA6+S9urYGffURRCWXzzPfjRc+Pkua3bqAljnWj3mOLtiZxorV4qy5r
MhNc0JelKoG1Ov+dGLdK4GJvO3Zr8vM1jYeJeh+wLEe1sNeZ64ex6heNxFIZwifF
T9ULPPASwZWWeUF0XwfxFYckvZ6cdhGQdk/O1tUza6FYRf79x95y3iXASy/dB82x
CFJhjQvye0WsvSOqFzs6ozIYJ3ScpU5w/mhctKQ1fAVyTNstVVyizQN6swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCY/h5SgHcF/Eand/cjd+upZO7oLMB8GA1UdIwQY
MBaAFIj/TuYj2Pq3PJAdDL3JOjIenM+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgt
MjUwN2RiMzJjMWM0LzEvSmotSGxLQWR3WDhScWQzOXlOMzY2bGs3dWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgtMjUwN2RiMzJjMWM0
LzEvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGcMA0G
CSqGSIb3DQEBCwUAA4IBAQAbp3TdOAg6dPt4XJrhvHbOWPt+XuvEnCoh+73mwLC2
6oE5bDyTxOsfR0WdsUB9zwdZv9VjC94IliO0ROfzecx+ge72TKurDYCzYOUOFVTF
p75iCXkk6jaYMizGFRuwnu2kbam8najxkevRcpRcvgtNiz+E3+Cwk0Q2R9gvurwC
KhRA5xNmWkvJ4qvoncx6OUXavGRpgNwsv5ztdVRy50BUIVS8hPL32oj9aPjboH94
j6SW3qsFi+fkKNYpGeiLqS7frtY+g7Cm9wVfDa0ckiMpklzGXSvPMmNA+oCpgG6X
4mlIWCuT8/82UiY4URo4C5XyT1aYseoG442LectNu4Vw
-----END CERTIFICATE-----