Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/jpJJ7_-7YwhRZREi--7BRFN9iIY.roa
File:                     jpJJ7_-7YwhRZREi--7BRFN9iIY.roa (raw, json)
Hash identifier:          px9ayINzzupcQOK1Y4TpKgvv2cLKPnCWqDYu7N/afls=
Subject key identifier:   8E:92:49:EF:FF:BB:63:08:51:65:11:22:FB:EE:C1:44:53:7D:88:86
Certificate issuer:       /CN=ce958f181fb507a0a2a821856b8be0d54b118b85
Certificate serial:       018CC56EF0F3E4978398F4BE01A413AFCDE5
Authority key identifier: CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/jpJJ7_-7YwhRZREi--7BRFN9iIY.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6282
IP address blocks:        185.168.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f0:f3:e4:97:83:98:f4:be:01:a4:13:af:cd:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce958f181fb507a0a2a821856b8be0d54b118b85
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e9249efffbb630851651122fbeec144537d8886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f9:87:c8:f3:85:e5:5f:3c:35:cc:75:77:7a:
                    50:70:c3:06:2e:b9:ab:d4:99:45:67:74:a7:8b:e9:
                    81:d1:dd:07:7d:de:0b:c5:49:a5:64:8b:99:94:34:
                    cb:16:a3:09:6a:13:ff:e8:29:b1:2d:da:6c:c1:b4:
                    02:04:ec:58:27:61:46:f8:0a:8b:a9:6a:92:32:25:
                    ee:de:2f:67:c0:41:94:7a:be:3f:bb:58:e3:80:db:
                    15:fc:fe:82:fa:b6:66:89:33:70:e2:74:ac:5b:64:
                    cd:7b:0d:f0:fe:06:f7:a2:05:0a:76:19:97:08:0c:
                    c5:0b:69:b1:2f:fa:1d:70:3f:89:32:c7:e0:07:59:
                    02:14:3e:c8:c9:ba:f3:ae:d4:4d:50:97:61:0c:a3:
                    76:5c:9d:cb:03:2f:c9:c1:39:c2:77:9f:e5:d6:68:
                    9a:cc:f4:cb:88:92:18:2c:14:27:0c:31:31:84:ce:
                    2c:ee:ab:14:8c:57:d1:a5:1c:b2:7c:b8:98:26:5c:
                    b1:4d:b5:be:49:88:6d:59:c5:cb:34:2f:e1:87:89:
                    75:3a:6c:14:f5:3c:47:c5:31:24:a9:be:ac:0a:4b:
                    a8:f5:45:cd:ec:a6:b3:92:ba:6d:60:66:6d:c7:93:
                    ca:24:28:20:37:20:ab:7d:55:5c:b2:90:61:93:5a:
                    c8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:92:49:EF:FF:BB:63:08:51:65:11:22:FB:EE:C1:44:53:7D:88:86
            X509v3 Authority Key Identifier:
                keyid:CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/jpJJ7_-7YwhRZREi--7BRFN9iIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:ff:44:f2:4d:4d:dd:aa:30:0c:cc:b8:f1:88:9e:71:ec:15:
         8f:8f:4a:30:5a:c6:23:c8:6b:3d:d5:d7:87:2e:b9:30:22:a2:
         e5:8a:52:31:8e:c5:e1:52:59:68:1b:f9:87:81:c2:85:4a:ab:
         99:7f:3c:7f:72:a1:e9:9a:7f:80:a7:f9:40:38:60:e8:81:3a:
         97:6e:02:23:e2:b4:98:a1:a6:e6:f6:52:9c:41:10:33:5b:38:
         ba:17:d2:b3:5c:f1:aa:63:53:fc:53:db:8d:48:42:58:d4:c3:
         2b:19:98:f7:29:bc:c5:5f:ba:1e:be:1c:b3:16:19:ec:c0:ee:
         1c:76:7e:3b:00:84:d1:b7:5e:19:cf:b9:2e:84:f5:3a:5a:1d:
         47:9f:2b:d7:3a:db:7d:8b:1b:e1:cb:3b:0e:f4:22:e8:4d:47:
         e3:9c:b6:0a:7c:06:29:94:51:ce:ff:0d:da:c0:e0:9e:05:81:
         01:7d:fc:75:a1:23:b7:3a:f5:e3:48:17:22:67:ba:ec:b8:15:
         0d:1f:70:61:70:1b:0a:f2:bc:8a:8c:1f:1e:a8:d1:e2:16:2f:
         8f:ac:bd:e5:2c:f1:de:bc:bc:4a:ba:fc:9b:2d:df:36:ff:cf:
         d1:69:ff:a6:e9:01:1c:a5:b4:70:e7:cc:bb:4a:17:c7:2b:c6:
         71:6a:ce:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvDz5JeDmPS+AaQTr83lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOTU4ZjE4MWZiNTA3YTBhMmE4MjE4NTZiOGJlMGQ1NGIx
MThiODUwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTkyNDllZmZmYmI2MzA4NTE2NTExMjJmYmVlYzE0NDUzN2Q4ODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/mHyPOF5V88Ncx1d3pQcMMGLrmr
1JlFZ3Sni+mB0d0Hfd4LxUmlZIuZlDTLFqMJahP/6CmxLdpswbQCBOxYJ2FG+AqL
qWqSMiXu3i9nwEGUer4/u1jjgNsV/P6C+rZmiTNw4nSsW2TNew3w/gb3ogUKdhmX
CAzFC2mxL/odcD+JMsfgB1kCFD7IybrzrtRNUJdhDKN2XJ3LAy/JwTnCd5/l1mia
zPTLiJIYLBQnDDExhM4s7qsUjFfRpRyyfLiYJlyxTbW+SYhtWcXLNC/hh4l1OmwU
9TxHxTEkqb6sCkuo9UXN7KazkrptYGZtx5PKJCggNyCrfVVcspBhk1rInwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6SSe//u2MIUWURIvvuwURTfYiGMB8GA1UdIwQY
MBaAFM6VjxgftQegoqghhWuL4NVLEYuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUt
MGRiYjNiOGRiMTVmLzEvanBKSjdfLTdZd2hSWlJFaS0tN0JSRk45aUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUtMGRiYjNiOGRiMTVm
LzEvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaidMA0G
CSqGSIb3DQEBCwUAA4IBAQBD/0TyTU3dqjAMzLjxiJ5x7BWPj0owWsYjyGs91deH
LrkwIqLlilIxjsXhUlloG/mHgcKFSquZfzx/cqHpmn+Ap/lAOGDogTqXbgIj4rSY
oabm9lKcQRAzWzi6F9KzXPGqY1P8U9uNSEJY1MMrGZj3KbzFX7oevhyzFhnswO4c
dn47AITRt14Zz7kuhPU6Wh1HnyvXOtt9ixvhyzsO9CLoTUfjnLYKfAYplFHO/w3a
wOCeBYEBffx1oSO3OvXjSBciZ7rsuBUNH3BhcBsK8ryKjB8eqNHiFi+PrL3lLPHe
vLxKuvybLd82/8/Raf+m6QEcpbRw58y7ShfHK8Zxas4c
-----END CERTIFICATE-----