Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/808be1-a690-45e9-900e-5390f9f83620/1/CJJrX73mXKENnNKZQDg3UVZ3PGQ.roa
File:                     CJJrX73mXKENnNKZQDg3UVZ3PGQ.roa (raw, json)
Hash identifier:          eP6092MtMfF2z0Yq6XJQvPTckyTSRSa8aSBqouEfjhc=
Subject key identifier:   08:92:6B:5F:BD:E6:5C:A1:0D:9C:D2:99:40:38:37:51:56:77:3C:64
Certificate issuer:       /CN=b87bbf8e5c74a526baaf6185abd949dafa8f6dcb
Certificate serial:       018E9E98E929EA0525DB97A0F957A016E3B8
Authority key identifier: B8:7B:BF:8E:5C:74:A5:26:BA:AF:61:85:AB:D9:49:DA:FA:8F:6D:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uHu_jlx0pSa6r2GFq9lJ2vqPbcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/808be1-a690-45e9-900e-5390f9f83620/1/CJJrX73mXKENnNKZQDg3UVZ3PGQ.roa
Signing time:             Tue 02 Apr 2024 11:36:44 +0000
ROA not before:           Tue 02 Apr 2024 11:36:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        85.158.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/808be1-a690-45e9-900e-5390f9f83620/1/uHu_jlx0pSa6r2GFq9lJ2vqPbcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/808be1-a690-45e9-900e-5390f9f83620/1/uHu_jlx0pSa6r2GFq9lJ2vqPbcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uHu_jlx0pSa6r2GFq9lJ2vqPbcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:98:e9:29:ea:05:25:db:97:a0:f9:57:a0:16:e3:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b87bbf8e5c74a526baaf6185abd949dafa8f6dcb
        Validity
            Not Before: Apr  2 11:36:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08926b5fbde65ca10d9cd2994038375156773c64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ce:b8:ed:12:61:c3:e6:ff:2f:b6:d1:12:2c:
                    b0:18:60:d6:e8:7b:68:49:cf:a7:d0:04:4a:30:c7:
                    88:76:c6:12:5f:c7:27:33:7f:c3:4d:1b:2e:40:76:
                    d8:91:36:ab:a6:5e:1a:86:4e:a9:b9:0d:8d:e3:5d:
                    94:fb:c2:54:cd:54:cd:09:a2:11:be:88:b0:73:31:
                    60:64:9a:06:f3:d3:7c:3c:b3:dc:da:2f:f0:6a:89:
                    2e:b4:1f:5c:53:43:a5:40:5f:0f:59:d9:a9:66:fd:
                    90:76:4f:b6:b6:1c:f0:8e:7d:ad:4b:5f:3b:56:83:
                    9a:b6:2d:4c:1b:df:be:9f:50:cd:96:f0:34:2a:91:
                    80:2b:7f:22:f2:2a:30:b2:41:8a:9d:a2:5e:8a:73:
                    f0:1d:03:36:02:0f:3b:b2:ba:cc:a4:2d:72:35:e6:
                    d0:c5:66:29:a7:e7:66:a2:24:20:be:a6:04:ea:61:
                    e1:f6:89:95:7d:8d:62:5d:b0:38:3d:58:17:15:5f:
                    a5:fd:4f:08:ab:41:26:2b:56:48:02:e8:76:c6:56:
                    e6:c0:f4:c5:71:3c:99:49:c0:9f:a7:eb:27:ae:1a:
                    82:5a:44:08:d6:e9:70:28:2a:ef:37:67:c0:9b:f8:
                    de:f3:09:04:79:d1:66:81:bb:f0:88:5a:09:eb:35:
                    50:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:92:6B:5F:BD:E6:5C:A1:0D:9C:D2:99:40:38:37:51:56:77:3C:64
            X509v3 Authority Key Identifier:
                keyid:B8:7B:BF:8E:5C:74:A5:26:BA:AF:61:85:AB:D9:49:DA:FA:8F:6D:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uHu_jlx0pSa6r2GFq9lJ2vqPbcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/808be1-a690-45e9-900e-5390f9f83620/1/CJJrX73mXKENnNKZQDg3UVZ3PGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/808be1-a690-45e9-900e-5390f9f83620/1/uHu_jlx0pSa6r2GFq9lJ2vqPbcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         90:53:5f:26:9f:9c:cc:e6:ad:ab:fe:18:7c:51:e1:47:1c:1a:
         38:fb:bd:8f:37:5c:bf:d2:e3:2c:a8:a6:b7:1e:85:34:ac:e8:
         60:8e:77:28:2e:94:f1:1e:a9:16:da:b3:8a:e5:dd:ab:df:7c:
         e3:e2:1a:36:c1:76:95:97:48:98:94:51:98:fc:0d:0c:c6:03:
         e7:a1:8f:e1:4d:d5:54:cc:f9:78:a9:a3:76:4c:36:08:a0:3a:
         39:b5:2e:54:c2:6b:75:5d:a3:1a:69:e2:6d:d5:05:ba:40:30:
         f6:c5:88:19:2b:75:20:2e:8a:d3:98:ef:10:71:93:95:33:53:
         09:5e:35:83:85:60:bf:1d:69:d5:b5:f6:86:53:48:18:b5:a1:
         eb:27:e1:03:56:ad:c8:47:5a:c6:81:a7:b9:ab:e7:7b:df:32:
         01:32:7d:c3:dc:06:9a:78:39:ec:ea:cb:a4:a6:6d:9c:de:93:
         b6:61:cf:22:a8:cf:76:ac:90:65:35:9b:a5:83:74:b3:09:32:
         e8:59:8e:f6:b4:56:ec:3b:c7:7b:05:76:6c:e7:40:4f:03:ed:
         15:ac:15:60:9c:7e:d6:d4:d8:2b:96:1b:7b:ff:90:e2:4c:89:
         08:a0:3c:86:ae:f5:e9:15:31:ae:99:13:59:f1:5a:ea:ac:e1:
         e3:4f:07:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6emOkp6gUl25eg+VegFuO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4N2JiZjhlNWM3NGE1MjZiYWFmNjE4NWFiZDk0OWRhZmE4
ZjZkY2IwHhcNMjQwNDAyMTEzNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODkyNmI1ZmJkZTY1Y2ExMGQ5Y2QyOTk0MDM4Mzc1MTU2NzczYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc647RJhw+b/L7bREiywGGDW6Hto
Sc+n0ARKMMeIdsYSX8cnM3/DTRsuQHbYkTarpl4ahk6puQ2N412U+8JUzVTNCaIR
voiwczFgZJoG89N8PLPc2i/waokutB9cU0OlQF8PWdmpZv2Qdk+2thzwjn2tS187
VoOati1MG9++n1DNlvA0KpGAK38i8iowskGKnaJeinPwHQM2Ag87srrMpC1yNebQ
xWYpp+dmoiQgvqYE6mHh9omVfY1iXbA4PVgXFV+l/U8Iq0EmK1ZIAuh2xlbmwPTF
cTyZScCfp+snrhqCWkQI1ulwKCrvN2fAm/je8wkEedFmgbvwiFoJ6zVQmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiSa1+95lyhDZzSmUA4N1FWdzxkMB8GA1UdIwQY
MBaAFLh7v45cdKUmuq9hhavZSdr6j23LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUh1X2pseDBwU2E2cjJHRnE5bEoydnFQYmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84MDhiZTEtYTY5MC00NWU5LTkwMGUt
NTM5MGY5ZjgzNjIwLzEvQ0pKclg3M21YS0VObk5LWlFEZzNVVlozUEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84MDhiZTEtYTY5MC00NWU5LTkwMGUtNTM5MGY5ZjgzNjIw
LzEvdUh1X2pseDBwU2E2cjJHRnE5bEoydnFQYmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVZ7oMA0G
CSqGSIb3DQEBCwUAA4IBAQCQU18mn5zM5q2r/hh8UeFHHBo4+72PN1y/0uMsqKa3
HoU0rOhgjncoLpTxHqkW2rOK5d2r33zj4ho2wXaVl0iYlFGY/A0MxgPnoY/hTdVU
zPl4qaN2TDYIoDo5tS5Uwmt1XaMaaeJt1QW6QDD2xYgZK3UgLorTmO8QcZOVM1MJ
XjWDhWC/HWnVtfaGU0gYtaHrJ+EDVq3IR1rGgae5q+d73zIBMn3D3AaaeDns6suk
pm2c3pO2Yc8iqM92rJBlNZulg3SzCTLoWY72tFbsO8d7BXZs50BPA+0VrBVgnH7W
1Ngrlht7/5DiTIkIoDyGrvXpFTGumRNZ8VrqrOHjTweQ
-----END CERTIFICATE-----