Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/JFbRTwrN8TW_19bYxLW2yCRV4I4.roa
File:                     JFbRTwrN8TW_19bYxLW2yCRV4I4.roa (raw, json)
Hash identifier:          seEdq0+Wzb8UFJRE05a8kifb/mDfrz1pG8aZKmvwW4Y=
Subject key identifier:   24:56:D1:4F:0A:CD:F1:35:BF:D7:D6:D8:C4:B5:B6:C8:24:55:E0:8E
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       018CC64B2C76474687FEFE65610ADABEE86C
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/JFbRTwrN8TW_19bYxLW2yCRV4I4.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210392
IP address blocks:        185.112.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2c:76:47:46:87:fe:fe:65:61:0a:da:be:e8:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2456d14f0acdf135bfd7d6d8c4b5b6c82455e08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7e:f4:af:fb:43:e5:37:6c:8c:7f:c6:c2:d8:
                    ab:ef:b6:33:fe:12:12:13:a5:0d:c4:b2:d6:28:bb:
                    3d:24:d5:80:16:71:7c:84:39:8b:45:0b:c9:ab:88:
                    51:a9:c9:fd:a0:9e:e9:89:df:02:10:e4:c0:b4:7f:
                    a9:d5:09:c5:54:ff:b5:66:70:a6:c4:50:5f:48:1b:
                    fc:ac:e1:c0:f9:09:1e:77:52:c2:09:4a:1c:82:5c:
                    28:99:8d:e8:49:ce:0e:84:37:f6:e6:79:ac:e9:18:
                    11:18:0e:29:bf:4d:eb:73:5f:c2:35:fa:50:a8:fe:
                    98:94:18:13:66:bd:04:cc:f3:2c:1b:34:d1:18:ea:
                    06:76:82:91:7a:8b:3b:56:c4:1c:43:65:ad:e9:29:
                    ce:fc:7b:76:b0:88:43:90:9a:b1:72:57:9e:4a:1e:
                    7e:8f:d7:8a:44:be:50:37:80:d3:1e:e2:9d:38:56:
                    1c:d2:05:c3:81:d9:7c:c5:62:69:33:26:5c:1e:8c:
                    00:34:f6:9f:11:38:4f:f7:7b:ca:8d:91:6b:0f:1c:
                    6c:ef:07:ae:a9:90:e1:40:1d:29:36:a6:d6:6c:df:
                    37:ff:3e:9b:83:2f:0a:1a:eb:83:59:07:df:b1:af:
                    fb:4b:90:e7:44:cd:d3:5d:ec:81:53:94:5f:26:3c:
                    20:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:56:D1:4F:0A:CD:F1:35:BF:D7:D6:D8:C4:B5:B6:C8:24:55:E0:8E
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/JFbRTwrN8TW_19bYxLW2yCRV4I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:b9:f2:bf:91:3e:ad:ee:9c:00:2d:14:a6:04:4a:10:64:7c:
         de:df:4c:9a:cf:cb:11:f4:a9:29:26:b2:08:9e:e5:25:39:ca:
         a3:70:2f:e6:47:79:72:c4:c1:40:41:37:25:f5:d6:91:0e:74:
         73:79:f9:73:7f:ed:99:9e:d8:6c:9b:7f:e9:81:ae:75:53:fa:
         d6:3e:6d:0b:c4:fe:45:a7:59:3d:b2:5b:a7:1f:10:8f:8a:72:
         f2:72:6b:fe:b3:3b:92:b3:e7:d7:18:54:0f:ea:7c:d4:63:ae:
         2f:23:97:36:91:44:a2:a0:65:37:c7:59:bb:59:b3:4a:47:a0:
         97:32:26:13:cc:a9:2d:0c:17:21:db:d3:80:61:a7:24:cb:74:
         0b:97:e3:10:12:5d:d4:a0:6a:fa:ff:56:8a:d5:49:85:64:e3:
         70:6c:16:07:d5:62:33:13:14:6d:52:ac:ee:78:72:0d:e0:96:
         aa:87:1c:17:3e:c8:92:73:e3:e0:0f:42:b8:aa:a4:42:1b:5f:
         cc:da:a4:6d:dc:0a:b9:68:a4:26:e0:17:1a:2e:60:34:fe:49:
         a2:d4:35:92:31:e9:2a:55:0c:d0:c4:cb:4c:52:59:5b:e6:bc:
         a0:27:1b:bf:d7:3e:7f:53:2d:c5:69:5b:8d:17:53:e5:f0:28:
         db:bf:18:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyx2R0aH/v5lYQravuhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDU2ZDE0ZjBhY2RmMTM1YmZkN2Q2ZDhjNGI1YjZjODI0NTVlMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiH70r/tD5TdsjH/Gwtir77Yz/hIS
E6UNxLLWKLs9JNWAFnF8hDmLRQvJq4hRqcn9oJ7pid8CEOTAtH+p1QnFVP+1ZnCm
xFBfSBv8rOHA+Qked1LCCUocglwomY3oSc4OhDf25nms6RgRGA4pv03rc1/CNfpQ
qP6YlBgTZr0EzPMsGzTRGOoGdoKReos7VsQcQ2Wt6SnO/Ht2sIhDkJqxcleeSh5+
j9eKRL5QN4DTHuKdOFYc0gXDgdl8xWJpMyZcHowANPafEThP93vKjZFrDxxs7weu
qZDhQB0pNqbWbN83/z6bgy8KGuuDWQffsa/7S5DnRM3TXeyBU5RfJjwgxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRW0U8KzfE1v9fW2MS1tsgkVeCOMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvSkZiUlR3ck44VFdfMTliWXhMVzJ5Q1JWNEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXCUMA0G
CSqGSIb3DQEBCwUAA4IBAQBFufK/kT6t7pwALRSmBEoQZHze30yaz8sR9KkpJrII
nuUlOcqjcC/mR3lyxMFAQTcl9daRDnRzeflzf+2Znthsm3/pga51U/rWPm0LxP5F
p1k9slunHxCPinLycmv+szuSs+fXGFQP6nzUY64vI5c2kUSioGU3x1m7WbNKR6CX
MiYTzKktDBch29OAYacky3QLl+MQEl3UoGr6/1aK1UmFZONwbBYH1WIzExRtUqzu
eHIN4JaqhxwXPsiSc+PgD0K4qqRCG1/M2qRt3Aq5aKQm4BcaLmA0/kmi1DWSMekq
VQzQxMtMUllb5rygJxu/1z5/Uy3FaVuNF1Pl8Cjbvxi9
-----END CERTIFICATE-----