Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/45c981-1780-4c66-9f98-dc10d5d3bd80/1/cJXcuuH08yXzuqoTBJKo2P0HQms.roa
File:                     cJXcuuH08yXzuqoTBJKo2P0HQms.roa (raw, json)
Hash identifier:          Zji1pnqz46tz1W2QZ5EjctxAwNHc3tEVun9b8yK2New=
Subject key identifier:   70:95:DC:BA:E1:F4:F3:25:F3:BA:AA:13:04:92:A8:D8:FD:07:42:6B
Certificate issuer:       /CN=c679522eb892589d7364af579a724040e929f0aa
Certificate serial:       018CC5006EBAFD2059812E78A57242CE8A3C
Authority key identifier: C6:79:52:2E:B8:92:58:9D:73:64:AF:57:9A:72:40:40:E9:29:F0:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xnlSLriSWJ1zZK9XmnJAQOkp8Ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/45c981-1780-4c66-9f98-dc10d5d3bd80/1/cJXcuuH08yXzuqoTBJKo2P0HQms.roa
Signing time:             Mon 01 Jan 2024 12:29:49 +0000
ROA not before:           Mon 01 Jan 2024 12:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206524
IP address blocks:        185.248.76.0/24 maxlen: 24
                          185.248.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/45c981-1780-4c66-9f98-dc10d5d3bd80/1/xnlSLriSWJ1zZK9XmnJAQOkp8Ko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/45c981-1780-4c66-9f98-dc10d5d3bd80/1/xnlSLriSWJ1zZK9XmnJAQOkp8Ko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xnlSLriSWJ1zZK9XmnJAQOkp8Ko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6e:ba:fd:20:59:81:2e:78:a5:72:42:ce:8a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c679522eb892589d7364af579a724040e929f0aa
        Validity
            Not Before: Jan  1 12:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7095dcbae1f4f325f3baaa130492a8d8fd07426b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:56:00:87:05:85:30:ab:55:09:2f:1e:09:b5:
                    63:32:1f:3f:f9:20:0b:08:80:e6:11:f2:85:dc:a0:
                    cb:55:c2:55:6d:b4:42:8c:e1:a4:2b:b0:98:7b:67:
                    43:5d:55:25:f8:b1:3a:b9:49:35:80:f4:04:5c:0f:
                    e1:74:12:d2:6d:b9:66:4c:51:5a:8d:24:f3:24:31:
                    e8:46:90:d1:88:a3:a2:94:57:10:76:5f:93:db:50:
                    17:07:98:0c:27:73:36:09:02:85:44:22:8f:f4:8e:
                    9b:31:35:3d:b5:c8:b8:0a:fc:2d:25:21:8c:40:56:
                    cb:02:ae:86:fd:07:c9:d0:d1:f7:62:ef:90:54:82:
                    ee:71:2c:68:fe:20:05:52:9c:cf:9e:5a:97:21:ad:
                    95:5b:41:13:92:6d:8b:89:4e:f4:e4:49:61:44:22:
                    c0:53:36:2a:b4:f2:f2:6f:ab:62:f2:35:a1:fb:e5:
                    bf:8f:33:07:7e:60:ec:66:6d:9f:3a:e3:da:eb:34:
                    c2:3e:d3:7b:5c:ad:6c:ac:44:49:99:87:c0:d9:3c:
                    54:c4:75:75:03:96:bd:48:5c:85:69:36:a4:b4:d5:
                    00:4a:3f:c2:b7:86:07:ee:28:43:ef:a5:2c:b9:87:
                    40:b0:44:af:90:c7:9d:81:c6:a3:53:49:81:b4:15:
                    41:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:95:DC:BA:E1:F4:F3:25:F3:BA:AA:13:04:92:A8:D8:FD:07:42:6B
            X509v3 Authority Key Identifier:
                keyid:C6:79:52:2E:B8:92:58:9D:73:64:AF:57:9A:72:40:40:E9:29:F0:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xnlSLriSWJ1zZK9XmnJAQOkp8Ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/45c981-1780-4c66-9f98-dc10d5d3bd80/1/cJXcuuH08yXzuqoTBJKo2P0HQms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/45c981-1780-4c66-9f98-dc10d5d3bd80/1/xnlSLriSWJ1zZK9XmnJAQOkp8Ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:36:d0:f2:c6:f4:2c:1d:ce:4c:11:ea:f4:7c:3d:84:8c:12:
         fb:9f:27:f1:ff:3d:0c:58:9c:fd:d3:99:87:92:36:d2:27:f3:
         fa:c2:2b:4b:e2:03:a7:da:e3:17:15:a9:e4:51:df:05:ce:fd:
         e2:9b:ef:01:6f:72:f3:d9:47:4b:79:2f:8c:f3:6f:db:93:59:
         80:cc:df:1f:13:b2:ff:d0:1c:43:67:99:82:0a:6a:8b:cc:a0:
         58:51:a2:08:a4:c2:5f:62:2f:95:4b:73:70:f6:5c:c7:28:e9:
         ae:67:b7:4f:7d:10:f6:f9:bd:63:41:80:ab:64:f0:bc:ad:fe:
         f9:00:8d:ae:9c:d1:c3:79:37:34:66:f5:2d:bd:56:e5:ec:7d:
         70:11:16:50:74:97:d5:b3:2c:09:b0:21:ae:53:d4:cb:0d:f8:
         65:e8:28:9c:f6:5a:90:68:81:c6:8f:49:0e:41:e4:80:b9:b5:
         06:19:fd:f6:b6:79:8d:e6:4f:0a:db:6e:d6:ce:6a:eb:e1:d3:
         92:a9:54:51:9a:4a:ef:59:5c:0e:9b:3a:ab:b4:42:fa:77:f6:
         5d:b8:46:14:c7:77:83:9a:56:fb:96:44:40:3d:1a:5f:2a:1a:
         21:dd:08:10:e9:03:3b:e0:70:f3:53:9e:56:89:63:9f:e7:1d:
         55:a0:c5:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAG66/SBZgS54pXJCzoo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Nzk1MjJlYjg5MjU4OWQ3MzY0YWY1NzlhNzI0MDQwZTky
OWYwYWEwHhcNMjQwMTAxMTIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk1ZGNiYWUxZjRmMzI1ZjNiYWFhMTMwNDkyYThkOGZkMDc0MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFYAhwWFMKtVCS8eCbVjMh8/+SAL
CIDmEfKF3KDLVcJVbbRCjOGkK7CYe2dDXVUl+LE6uUk1gPQEXA/hdBLSbblmTFFa
jSTzJDHoRpDRiKOilFcQdl+T21AXB5gMJ3M2CQKFRCKP9I6bMTU9tci4CvwtJSGM
QFbLAq6G/QfJ0NH3Yu+QVILucSxo/iAFUpzPnlqXIa2VW0ETkm2LiU705ElhRCLA
UzYqtPLyb6ti8jWh++W/jzMHfmDsZm2fOuPa6zTCPtN7XK1srERJmYfA2TxUxHV1
A5a9SFyFaTaktNUASj/Ct4YH7ihD76UsuYdAsESvkMedgcajU0mBtBVBaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCV3Lrh9PMl87qqEwSSqNj9B0JrMB8GA1UdIwQY
MBaAFMZ5Ui64klidc2SvV5pyQEDpKfCqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG5sU0xyaVNXSjF6Wks5WG1uSkFRT2twOEtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy80NWM5ODEtMTc4MC00YzY2LTlmOTgt
ZGMxMGQ1ZDNiZDgwLzEvY0pYY3V1SDA4eVh6dXFvVEJKS28yUDBIUW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy80NWM5ODEtMTc4MC00YzY2LTlmOTgtZGMxMGQ1ZDNiZDgw
LzEveG5sU0xyaVNXSjF6Wks5WG1uSkFRT2twOEtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufhMMA0G
CSqGSIb3DQEBCwUAA4IBAQCGNtDyxvQsHc5MEer0fD2EjBL7nyfx/z0MWJz905mH
kjbSJ/P6witL4gOn2uMXFankUd8Fzv3im+8Bb3Lz2UdLeS+M82/bk1mAzN8fE7L/
0BxDZ5mCCmqLzKBYUaIIpMJfYi+VS3Nw9lzHKOmuZ7dPfRD2+b1jQYCrZPC8rf75
AI2unNHDeTc0ZvUtvVbl7H1wERZQdJfVsywJsCGuU9TLDfhl6Cic9lqQaIHGj0kO
QeSAubUGGf32tnmN5k8K227Wzmrr4dOSqVRRmkrvWVwOmzqrtEL6d/ZduEYUx3eD
mlb7lkRAPRpfKhoh3QgQ6QM74HDzU55WiWOf5x1VoMWl
-----END CERTIFICATE-----