Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/088a21-6214-49fa-a8f7-912e78c2f2eb/1/jhw7BmvJ9pdPWLtAi1mTZAViLrE.roa
File:                     jhw7BmvJ9pdPWLtAi1mTZAViLrE.roa (raw, json)
Hash identifier:          z6+a8tFTEAQ4+Ydh1AtV64RM/5NN2HVyeSGMoqbSjFI=
Subject key identifier:   8E:1C:3B:06:6B:C9:F6:97:4F:58:BB:40:8B:59:93:64:05:62:2E:B1
Certificate issuer:       /CN=0f784ebe35e41b610be154473bc219d0ad25278f
Certificate serial:       018F577B1AB47F3E179E8143EAF8BC71FE10
Authority key identifier: 0F:78:4E:BE:35:E4:1B:61:0B:E1:54:47:3B:C2:19:D0:AD:25:27:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D3hOvjXkG2EL4VRHO8IZ0K0lJ48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/088a21-6214-49fa-a8f7-912e78c2f2eb/1/jhw7BmvJ9pdPWLtAi1mTZAViLrE.roa
Signing time:             Wed 08 May 2024 09:13:56 +0000
ROA not before:           Wed 08 May 2024 09:13:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215252
IP address blocks:        194.62.44.0/24 maxlen: 24
                          2001:67c:13a8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/088a21-6214-49fa-a8f7-912e78c2f2eb/1/D3hOvjXkG2EL4VRHO8IZ0K0lJ48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/088a21-6214-49fa-a8f7-912e78c2f2eb/1/D3hOvjXkG2EL4VRHO8IZ0K0lJ48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D3hOvjXkG2EL4VRHO8IZ0K0lJ48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:7b:1a:b4:7f:3e:17:9e:81:43:ea:f8:bc:71:fe:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f784ebe35e41b610be154473bc219d0ad25278f
        Validity
            Not Before: May  8 09:13:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e1c3b066bc9f6974f58bb408b59936405622eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d3:a0:52:49:04:99:41:55:eb:ed:30:04:b3:
                    8c:da:2e:6e:e1:58:8c:ad:13:83:85:01:72:2d:15:
                    4f:5a:4b:86:7a:97:bd:c8:30:27:77:c2:24:42:29:
                    47:0c:a2:67:5d:22:7a:83:31:c9:70:e5:41:64:62:
                    49:41:14:84:02:d8:7b:7b:01:59:b4:85:91:e6:37:
                    3d:d1:4a:c6:e0:43:04:a9:a9:5d:f2:09:36:17:45:
                    35:58:f1:75:e0:f3:58:c5:48:b8:31:61:3c:b6:b2:
                    3a:cc:9c:05:9e:0a:95:c3:40:30:b3:e8:ef:8f:49:
                    8c:db:d4:8d:cf:48:85:95:1d:f2:90:4f:9b:6e:77:
                    a2:26:33:57:af:50:27:8d:26:40:d8:9b:35:49:39:
                    86:ff:8e:7d:5f:fe:dc:12:70:5a:8d:91:5c:7b:b9:
                    b6:01:ea:fa:f1:60:af:93:08:f5:2c:dd:18:ec:db:
                    dc:8d:ce:ea:80:60:33:ba:16:06:db:a0:e4:a5:78:
                    86:fe:e4:8b:99:30:63:b4:10:d0:ac:52:86:1f:12:
                    e2:66:7f:0b:28:a6:97:13:02:a0:f7:99:a2:b5:26:
                    d9:eb:33:13:cf:0c:7c:9c:6e:c8:5a:8c:72:3c:5f:
                    82:dd:ba:99:a7:77:46:9b:cc:db:95:28:51:0d:bc:
                    c7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:1C:3B:06:6B:C9:F6:97:4F:58:BB:40:8B:59:93:64:05:62:2E:B1
            X509v3 Authority Key Identifier:
                keyid:0F:78:4E:BE:35:E4:1B:61:0B:E1:54:47:3B:C2:19:D0:AD:25:27:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D3hOvjXkG2EL4VRHO8IZ0K0lJ48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/088a21-6214-49fa-a8f7-912e78c2f2eb/1/jhw7BmvJ9pdPWLtAi1mTZAViLrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/088a21-6214-49fa-a8f7-912e78c2f2eb/1/D3hOvjXkG2EL4VRHO8IZ0K0lJ48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.44.0/24
                IPv6:
                  2001:67c:13a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:7e:49:77:6c:c8:aa:09:33:92:45:3c:de:8a:0f:51:0b:be:
         6f:b7:23:a9:f2:16:02:e0:43:08:f0:a2:2c:79:80:1f:47:60:
         14:0e:8d:fa:75:c6:5b:dc:7e:bf:6b:7a:7a:c0:41:5b:ad:2c:
         5d:86:97:e7:1e:44:9c:e4:dc:9b:1d:3b:fb:b7:ca:77:4a:0f:
         56:da:84:85:fe:13:28:8f:b6:04:97:bb:af:67:60:56:a9:be:
         f3:8b:47:3a:5b:45:a9:b0:2e:47:6e:c4:d1:61:03:26:30:fe:
         a1:fd:40:34:14:61:0a:f8:18:b8:81:db:dc:de:b6:6e:a7:d1:
         1f:b8:a8:15:f0:68:6b:55:cc:3b:da:e6:a2:f7:0b:ab:1a:3b:
         5e:4c:70:31:62:af:34:d3:3e:a5:a7:94:06:e5:d5:14:9a:4e:
         bd:ad:7b:df:34:4f:44:51:af:c0:fc:14:e6:1c:a6:20:4f:1b:
         6d:50:0e:b7:70:3e:e4:b1:3f:1b:9d:e5:d9:cb:f9:d3:41:3a:
         98:a7:3e:34:ae:09:2d:b7:6d:e2:2e:5e:d5:7c:00:5c:67:93:
         69:78:1a:e8:3d:dd:b0:37:b2:01:0d:3c:0f:20:ed:2b:61:c1:
         48:ed:4f:d6:38:87:0f:c5:63:7f:f1:85:4a:ad:cf:af:ec:80:
         29:78:c0:5f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY9Xexq0fz4XnoFD6vi8cf4QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNzg0ZWJlMzVlNDFiNjEwYmUxNTQ0NzNiYzIxOWQwYWQy
NTI3OGYwHhcNMjQwNTA4MDkxMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTFjM2IwNjZiYzlmNjk3NGY1OGJiNDA4YjU5OTM2NDA1NjIyZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tOgUkkEmUFV6+0wBLOM2i5u4ViM
rRODhQFyLRVPWkuGepe9yDAnd8IkQilHDKJnXSJ6gzHJcOVBZGJJQRSEAth7ewFZ
tIWR5jc90UrG4EMEqald8gk2F0U1WPF14PNYxUi4MWE8trI6zJwFngqVw0Aws+jv
j0mM29SNz0iFlR3ykE+bbneiJjNXr1AnjSZA2Js1STmG/459X/7cEnBajZFce7m2
Aer68WCvkwj1LN0Y7Nvcjc7qgGAzuhYG26DkpXiG/uSLmTBjtBDQrFKGHxLiZn8L
KKaXEwKg95mitSbZ6zMTzwx8nG7IWoxyPF+C3bqZp3dGm8zblShRDbzHnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI4cOwZryfaXT1i7QItZk2QFYi6xMB8GA1UdIwQY
MBaAFA94Tr415BthC+FURzvCGdCtJSePMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDNoT3ZqWGtHMkVMNFZSSE84SVowSzBsSjQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8wODhhMjEtNjIxNC00OWZhLWE4Zjct
OTEyZTc4YzJmMmViLzEvamh3N0Jtdko5cGRQV0x0QWkxbVRaQVZpTHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8wODhhMjEtNjIxNC00OWZhLWE4ZjctOTEyZTc4YzJmMmVi
LzEvRDNoT3ZqWGtHMkVMNFZSSE84SVowSzBsSjQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwj4sMA8E
AgACMAkDBwAgAQZ8E6gwDQYJKoZIhvcNAQELBQADggEBAEV+SXdsyKoJM5JFPN6K
D1ELvm+3I6nyFgLgQwjwoix5gB9HYBQOjfp1xlvcfr9renrAQVutLF2Gl+ceRJzk
3JsdO/u3yndKD1bahIX+EyiPtgSXu69nYFapvvOLRzpbRamwLkduxNFhAyYw/qH9
QDQUYQr4GLiB29zetm6n0R+4qBXwaGtVzDva5qL3C6saO15McDFirzTTPqWnlAbl
1RSaTr2te980T0RRr8D8FOYcpiBPG21QDrdwPuSxPxud5dnL+dNBOpinPjSuCS23
beIuXtV8AFxnk2l4Gug93bA3sgENPA8g7SthwUjtT9Y4hw/FY3/xhUqtz6/sgCl4
wF8=
-----END CERTIFICATE-----