Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/jZRFaTH4RD8wvVgpd105nCfvAYg.roa
File:                     jZRFaTH4RD8wvVgpd105nCfvAYg.roa (raw, json)
Hash identifier:          eKPQJl+/5exxk+b1PxjJ+qOSa4U7JXpnYw7Q+80loN4=
Subject key identifier:   8D:94:45:69:31:F8:44:3F:30:BD:58:29:77:5D:39:9C:27:EF:01:88
Certificate issuer:       /CN=19b105d148de996036fdf21cb208a338a158ceda
Certificate serial:       018DB2360943079FE90CDE7B7777B915DE81
Authority key identifier: 19:B1:05:D1:48:DE:99:60:36:FD:F2:1C:B2:08:A3:38:A1:58:CE:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/jZRFaTH4RD8wvVgpd105nCfvAYg.roa
Signing time:             Fri 16 Feb 2024 13:58:22 +0000
ROA not before:           Fri 16 Feb 2024 13:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.138.242.0/24 maxlen: 24
                          2a07:10c0:c57::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:36:09:43:07:9f:e9:0c:de:7b:77:77:b9:15:de:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19b105d148de996036fdf21cb208a338a158ceda
        Validity
            Not Before: Feb 16 13:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d94456931f8443f30bd5829775d399c27ef0188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2d:7d:c2:59:9a:77:5c:d8:7c:ed:a0:40:83:
                    1f:9d:31:61:cb:46:67:b2:9c:0e:d2:a3:17:9b:7d:
                    65:56:e1:7e:44:0c:73:0c:6d:7f:df:91:72:fc:12:
                    12:bd:d1:11:5e:df:ff:a1:80:6e:5d:03:3c:7f:12:
                    17:b6:b1:f6:0c:5d:1f:93:ec:42:60:d6:20:19:8c:
                    9a:7b:83:ea:a9:70:a0:f8:8b:2a:7d:1d:b0:e9:3c:
                    65:8a:82:80:fd:f9:d6:cc:32:d8:eb:01:8e:8f:5e:
                    e9:c9:38:3b:23:26:c6:29:12:9e:99:bf:5b:7f:2d:
                    8a:ab:a5:a5:11:47:27:e6:a3:ff:92:dd:00:6f:05:
                    c0:3d:ef:1f:4e:d8:12:5f:b5:54:c8:db:25:d4:9e:
                    47:29:3a:a0:28:df:2d:2d:9c:d6:a4:20:e1:b2:b2:
                    86:e2:f0:ca:98:68:d7:9c:54:59:fa:e1:b9:b4:0b:
                    cd:cf:9e:d4:b7:61:05:91:55:cf:fd:52:b6:35:06:
                    f9:d4:6d:66:5e:4a:f3:a7:81:05:db:ab:8c:9a:26:
                    4a:6c:86:aa:c6:93:71:2d:b4:2a:d7:58:97:05:02:
                    a8:3b:a7:30:ee:fa:a6:59:d1:44:96:f7:de:db:e5:
                    34:b4:d2:a3:ad:34:a1:44:77:56:be:d5:62:bc:78:
                    0b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:94:45:69:31:F8:44:3F:30:BD:58:29:77:5D:39:9C:27:EF:01:88
            X509v3 Authority Key Identifier:
                keyid:19:B1:05:D1:48:DE:99:60:36:FD:F2:1C:B2:08:A3:38:A1:58:CE:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/jZRFaTH4RD8wvVgpd105nCfvAYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.242.0/24
                IPv6:
                  2a07:10c0:c57::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:c2:3c:c0:72:3b:18:f9:7f:63:fb:47:4f:8c:43:ea:f1:72:
         36:1d:98:21:f9:fa:bb:ae:7c:4f:ab:fe:43:2e:3d:4e:1b:ba:
         03:43:99:dc:a0:e8:37:b2:18:c9:d8:de:5b:9b:c6:0a:5b:e9:
         21:fd:f0:a7:16:11:ab:b7:e3:0c:2d:8e:aa:3b:07:52:1d:24:
         b5:74:c6:af:1f:14:21:0d:52:6a:74:f3:15:ba:24:69:f4:22:
         d5:94:cf:ed:3c:0f:39:e8:6d:b7:a9:0a:12:40:bb:da:3b:d5:
         a0:42:84:cd:66:79:9a:85:b5:8c:79:64:53:c4:f0:7f:20:be:
         43:36:ed:e7:4d:81:bc:53:47:2d:e7:99:16:7e:87:34:50:8a:
         4b:e8:ca:67:d8:4b:3d:dd:88:66:aa:96:cc:8e:14:2f:cd:f0:
         9a:f2:62:90:91:bf:39:74:c8:43:7d:32:65:e7:c2:4b:5f:05:
         af:06:f0:da:d2:c1:f4:67:04:7f:ae:2d:72:43:5b:36:21:00:
         84:9b:09:e8:4c:5a:43:9e:b8:7d:e9:bc:43:2f:24:a5:52:37:
         32:9f:39:60:06:5f:38:67:7b:40:7c:c4:11:8f:57:8c:3f:5d:
         d6:15:a5:a8:00:12:fc:d0:18:08:e0:2c:34:2a:1c:d8:98:f4:
         f4:16:a2:37
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY2yNglDB5/pDN57d3e5Fd6BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjEwNWQxNDhkZTk5NjAzNmZkZjIxY2IyMDhhMzM4YTE1
OGNlZGEwHhcNMjQwMjE2MTM1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDk0NDU2OTMxZjg0NDNmMzBiZDU4Mjk3NzVkMzk5YzI3ZWYwMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy19wlmad1zYfO2gQIMfnTFhy0Zn
spwO0qMXm31lVuF+RAxzDG1/35Fy/BISvdERXt//oYBuXQM8fxIXtrH2DF0fk+xC
YNYgGYyae4PqqXCg+IsqfR2w6TxlioKA/fnWzDLY6wGOj17pyTg7IybGKRKemb9b
fy2Kq6WlEUcn5qP/kt0AbwXAPe8fTtgSX7VUyNsl1J5HKTqgKN8tLZzWpCDhsrKG
4vDKmGjXnFRZ+uG5tAvNz57Ut2EFkVXP/VK2NQb51G1mXkrzp4EF26uMmiZKbIaq
xpNxLbQq11iXBQKoO6cw7vqmWdFElvfe2+U0tNKjrTShRHdWvtVivHgLiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI2URWkx+EQ/ML1YKXddOZwn7wGIMB8GA1UdIwQY
MBaAFBmxBdFI3plgNv3yHLIIozihWM7aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JFRjBVamVtV0EyX2ZJY3NnaWpPS0ZZenRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi81MmNiOGQtMTFkNC00ZjljLThmOTIt
MjZlNjRkNzhiMGM2LzEvalpSRmFUSDRSRDh3dlZncGQxMDVuQ2Z2QVlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi81MmNiOGQtMTFkNC00ZjljLThmOTItMjZlNjRkNzhiMGM2
LzEvR2JFRjBVamVtV0EyX2ZJY3NnaWpPS0ZZenRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYryMA8E
AgACMAkDBwAqBxDADFcwDQYJKoZIhvcNAQELBQADggEBACbCPMByOxj5f2P7R0+M
Q+rxcjYdmCH5+ruufE+r/kMuPU4bugNDmdyg6DeyGMnY3lubxgpb6SH98KcWEau3
4wwtjqo7B1IdJLV0xq8fFCENUmp08xW6JGn0ItWUz+08DznobbepChJAu9o71aBC
hM1meZqFtYx5ZFPE8H8gvkM27edNgbxTRy3nmRZ+hzRQikvoymfYSz3diGaqlsyO
FC/N8JryYpCRvzl0yEN9MmXnwktfBa8G8NrSwfRnBH+uLXJDWzYhAISbCehMWkOe
uH3pvEMvJKVSNzKfOWAGXzhne0B8xBGPV4w/XdYVpagAEvzQGAjgLDQqHNiY9PQW
ojc=
-----END CERTIFICATE-----