Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/JCd-scwBh6qpvyl_hdQF-dPpiBc.roa
File:                     JCd-scwBh6qpvyl_hdQF-dPpiBc.roa (raw, json)
Hash identifier:          ULDUO2Zos+Jg6EaFvXhnQMZwLOOliQ2GeJkKnmfrY+c=
Subject key identifier:   24:27:7E:B1:CC:01:87:AA:A9:BF:29:7F:85:D4:05:F9:D3:E9:88:17
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       018FD27227FBA2647A051F337EDB1F8A5AFD
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/JCd-scwBh6qpvyl_hdQF-dPpiBc.roa
Signing time:             Sat 01 Jun 2024 06:17:27 +0000
ROA not before:           Sat 01 Jun 2024 06:17:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49796
IP address blocks:        185.129.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 00:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d2:72:27:fb:a2:64:7a:05:1f:33:7e:db:1f:8a:5a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Jun  1 06:17:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24277eb1cc0187aaa9bf297f85d405f9d3e98817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:01:66:1e:78:4c:c6:24:40:4e:38:72:d0:19:
                    0c:dc:3e:4e:fc:45:d2:32:c5:a4:5b:bd:79:e6:a5:
                    f9:e6:13:78:2a:97:d5:93:49:74:2f:3e:16:45:18:
                    b2:78:99:47:36:18:10:97:72:d8:c4:bc:10:4a:29:
                    05:d5:b4:f9:44:a7:2a:96:c6:47:69:b1:16:1a:15:
                    52:7a:d8:5d:94:8d:61:16:78:94:9c:b8:62:89:70:
                    0d:dc:02:38:f5:eb:be:38:f8:5c:04:ca:b4:dc:43:
                    0b:f2:c0:ac:ce:93:5f:fd:02:20:15:ac:d0:10:74:
                    f2:18:70:c9:f4:74:f0:c4:4d:1c:2e:8a:d9:d7:6d:
                    d9:19:8b:25:84:1d:9f:be:28:98:67:24:f1:a4:b9:
                    2b:c0:73:0b:30:46:9c:f6:d3:11:2c:10:ff:f8:24:
                    71:9c:ad:3a:64:67:20:d4:9d:d3:10:ab:db:fa:a8:
                    6a:c6:55:06:3f:48:0a:4b:1a:d2:fc:3f:35:11:87:
                    8c:fd:20:e0:0d:26:e3:e2:39:0f:4b:25:13:9c:89:
                    78:ca:3a:1c:0a:a8:27:fc:f1:c4:a4:3a:60:95:1e:
                    d0:61:2a:ca:c6:44:8d:de:99:9c:39:b8:bb:51:13:
                    a4:e8:b8:3b:bb:50:c6:7d:d2:6b:92:0d:97:37:55:
                    db:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:27:7E:B1:CC:01:87:AA:A9:BF:29:7F:85:D4:05:F9:D3:E9:88:17
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/JCd-scwBh6qpvyl_hdQF-dPpiBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:03:d2:4c:84:f1:41:c3:29:ef:5f:37:fd:64:ea:6a:9c:3a:
         75:1a:58:50:0b:ef:44:89:02:34:f2:ba:c3:b6:7e:8b:3d:cc:
         d1:65:5b:ef:1b:cc:c6:6f:66:8c:73:b7:3c:9a:80:60:31:2a:
         d1:f1:0f:e4:82:ca:91:58:45:f9:0d:fa:e4:52:3d:f1:02:b3:
         e9:ee:fc:62:73:05:77:ed:f1:a7:d8:2d:2b:ef:fb:10:33:45:
         9a:89:f3:e6:f8:cd:c8:ba:19:71:50:49:38:2f:59:7b:98:45:
         7a:76:59:8c:c8:0b:d9:b1:f6:f5:3d:b9:88:ac:5c:d4:7f:e5:
         28:74:7a:58:1a:03:fd:9b:96:fd:6c:ef:2f:5a:37:be:28:78:
         1d:58:d5:a1:f6:0f:89:21:ce:a1:c3:ca:e4:c3:9f:46:5d:00:
         e7:f5:54:41:86:33:fc:cd:49:24:7c:e9:1d:ba:d9:05:f5:b6:
         dc:2d:73:21:8d:04:c4:c5:41:37:29:f0:68:91:2b:5e:f7:41:
         17:45:0a:63:e1:f6:58:2c:1c:6c:85:30:3c:e4:89:b1:2b:1e:
         c3:89:19:8b:81:ec:8c:15:d3:74:fb:a7:fb:c0:b4:ff:e1:0a:
         5b:3d:90:27:f1:3f:49:31:fb:8f:a8:9b:fb:5a:e1:b1:40:8a:
         bf:57:d7:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/Scif7omR6BR8zftsfilr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjQwNjAxMDYxNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDI3N2ViMWNjMDE4N2FhYTliZjI5N2Y4NWQ0MDVmOWQzZTk4ODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngFmHnhMxiRATjhy0BkM3D5O/EXS
MsWkW7155qX55hN4KpfVk0l0Lz4WRRiyeJlHNhgQl3LYxLwQSikF1bT5RKcqlsZH
abEWGhVSethdlI1hFniUnLhiiXAN3AI49eu+OPhcBMq03EML8sCszpNf/QIgFazQ
EHTyGHDJ9HTwxE0cLorZ123ZGYslhB2fviiYZyTxpLkrwHMLMEac9tMRLBD/+CRx
nK06ZGcg1J3TEKvb+qhqxlUGP0gKSxrS/D81EYeM/SDgDSbj4jkPSyUTnIl4yjoc
Cqgn/PHEpDpglR7QYSrKxkSN3pmcObi7UROk6Lg7u1DGfdJrkg2XN1XbEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQnfrHMAYeqqb8pf4XUBfnT6YgXMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvSkNkLXNjd0JoNnFwdnlsX2hkUUYtZFBwaUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYG9MA0G
CSqGSIb3DQEBCwUAA4IBAQCAA9JMhPFBwynvXzf9ZOpqnDp1GlhQC+9EiQI08rrD
tn6LPczRZVvvG8zGb2aMc7c8moBgMSrR8Q/kgsqRWEX5DfrkUj3xArPp7vxicwV3
7fGn2C0r7/sQM0WaifPm+M3IuhlxUEk4L1l7mEV6dlmMyAvZsfb1PbmIrFzUf+Uo
dHpYGgP9m5b9bO8vWje+KHgdWNWh9g+JIc6hw8rkw59GXQDn9VRBhjP8zUkkfOkd
utkF9bbcLXMhjQTExUE3KfBokSte90EXRQpj4fZYLBxshTA85ImxKx7DiRmLgeyM
FdN0+6f7wLT/4QpbPZAn8T9JMfuPqJv7WuGxQIq/V9cm
-----END CERTIFICATE-----