Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cb537d-d7ef-409c-823c-eae4f6d33ca6/1/jHJi2SE0kVi1s4qBbqBpBKsiFVM.roa
File:                     jHJi2SE0kVi1s4qBbqBpBKsiFVM.roa (raw, json)
Hash identifier:          SBSPw52zX2BgK2sleJZjksZDS+nERJn9HU7lTLjL+Hw=
Subject key identifier:   8C:72:62:D9:21:34:91:58:B5:B3:8A:81:6E:A0:69:04:AB:22:15:53
Certificate issuer:       /CN=c7da82e877933d9c2c952cb376c93aaa337dd7d2
Certificate serial:       018CC64A4924C92D86ECF1B56EB07D14DB3E
Authority key identifier: C7:DA:82:E8:77:93:3D:9C:2C:95:2C:B3:76:C9:3A:AA:33:7D:D7:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x9qC6HeTPZwslSyzdsk6qjN919I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/cb537d-d7ef-409c-823c-eae4f6d33ca6/1/jHJi2SE0kVi1s4qBbqBpBKsiFVM.roa
Signing time:             Mon 01 Jan 2024 18:30:06 +0000
ROA not before:           Mon 01 Jan 2024 18:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198024
IP address blocks:        185.124.88.0/22 maxlen: 22
                          2a05:b080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/cb537d-d7ef-409c-823c-eae4f6d33ca6/1/x9qC6HeTPZwslSyzdsk6qjN919I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/cb537d-d7ef-409c-823c-eae4f6d33ca6/1/x9qC6HeTPZwslSyzdsk6qjN919I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x9qC6HeTPZwslSyzdsk6qjN919I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:49:24:c9:2d:86:ec:f1:b5:6e:b0:7d:14:db:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7da82e877933d9c2c952cb376c93aaa337dd7d2
        Validity
            Not Before: Jan  1 18:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c7262d921349158b5b38a816ea06904ab221553
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0f:4b:ce:1a:9a:27:9f:b9:46:76:20:73:47:
                    75:e8:20:0d:7b:b2:5f:da:09:50:2d:e6:c9:83:85:
                    65:e4:43:22:85:61:c5:10:0a:f9:52:f4:04:d1:43:
                    45:9d:20:42:f7:29:df:f2:92:ab:96:91:d7:a5:76:
                    3c:7f:22:0e:e2:7e:d4:64:55:86:4c:b3:aa:e6:f7:
                    b0:c5:ee:97:c2:2c:85:45:64:69:4c:a4:01:8f:df:
                    10:74:86:26:05:e5:6f:a8:f0:36:b8:fb:b6:37:f0:
                    5f:20:5a:6d:3a:5f:34:78:71:4b:2b:02:66:c2:e0:
                    fb:d5:db:8a:ae:cc:8a:af:4b:72:37:5a:7b:61:82:
                    03:cc:c1:c8:ea:e5:ff:ae:76:57:77:70:1f:56:65:
                    34:e3:2a:49:86:67:a2:43:a4:9e:68:22:34:60:87:
                    ce:73:ae:0f:de:a6:7e:80:7f:44:c3:31:f6:a8:f3:
                    77:e7:9c:eb:a4:db:d0:78:56:ae:1b:05:37:48:81:
                    de:b6:0b:19:7f:f3:dc:b6:cb:df:00:b6:bf:b6:07:
                    a1:c5:5d:6e:85:01:44:69:d9:8e:e2:5b:1c:5e:66:
                    85:d0:83:ab:cc:b9:54:e6:9d:a9:0d:ee:19:c0:59:
                    c9:83:7f:d0:bd:3a:c6:46:d1:7b:2b:de:04:8c:e6:
                    f4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:72:62:D9:21:34:91:58:B5:B3:8A:81:6E:A0:69:04:AB:22:15:53
            X509v3 Authority Key Identifier:
                keyid:C7:DA:82:E8:77:93:3D:9C:2C:95:2C:B3:76:C9:3A:AA:33:7D:D7:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9qC6HeTPZwslSyzdsk6qjN919I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cb537d-d7ef-409c-823c-eae4f6d33ca6/1/jHJi2SE0kVi1s4qBbqBpBKsiFVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cb537d-d7ef-409c-823c-eae4f6d33ca6/1/x9qC6HeTPZwslSyzdsk6qjN919I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.88.0/22
                IPv6:
                  2a05:b080::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:6c:7c:32:32:e9:8e:20:88:3e:48:8d:05:fc:b5:6a:50:20:
         bb:9b:96:5a:19:6d:ad:9c:bd:aa:2c:67:17:0e:ec:25:0c:8a:
         4d:d1:b4:c2:b1:ae:2c:27:90:ab:78:d8:3c:11:2a:9a:4a:e4:
         be:0e:34:b3:37:de:cb:d1:70:4f:f5:db:80:28:3c:58:57:0e:
         c5:30:4b:08:5a:53:60:52:c5:e1:f7:64:fc:ee:a9:be:be:df:
         f9:9c:3e:94:a1:7f:56:00:2f:c9:7d:7e:51:55:a8:9a:02:de:
         93:fd:b9:4f:a6:d7:d3:8f:1a:ac:c2:7b:ec:1d:96:11:4a:00:
         4d:e7:c9:b6:d5:b6:bc:b5:f6:5a:61:43:74:2c:43:53:6c:5f:
         57:37:76:86:47:27:84:45:72:af:c7:24:f9:0d:40:02:d1:e8:
         df:9e:f7:9a:b8:99:d8:8f:66:62:fc:7c:c5:0c:66:80:f4:35:
         6e:94:37:13:eb:0b:8d:d5:4f:48:ad:a5:a0:a2:b6:67:36:35:
         e0:4f:fb:97:96:6c:dd:08:08:47:3d:46:24:28:57:d5:a7:92:
         64:67:d0:c6:74:e3:94:6e:6c:5f:48:e9:43:96:d5:4a:f9:46:
         eb:e4:a2:d7:86:ef:5d:86:ce:12:21:e2:2a:78:e8:cb:61:2c:
         35:29:12:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSkkkyS2G7PG1brB9FNs+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZGE4MmU4Nzc5MzNkOWMyYzk1MmNiMzc2YzkzYWFhMzM3
ZGQ3ZDIwHhcNMjQwMTAxMTgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzcyNjJkOTIxMzQ5MTU4YjViMzhhODE2ZWEwNjkwNGFiMjIxNTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnA9LzhqaJ5+5RnYgc0d16CANe7Jf
2glQLebJg4Vl5EMihWHFEAr5UvQE0UNFnSBC9ynf8pKrlpHXpXY8fyIO4n7UZFWG
TLOq5vewxe6XwiyFRWRpTKQBj98QdIYmBeVvqPA2uPu2N/BfIFptOl80eHFLKwJm
wuD71duKrsyKr0tyN1p7YYIDzMHI6uX/rnZXd3AfVmU04ypJhmeiQ6SeaCI0YIfO
c64P3qZ+gH9EwzH2qPN355zrpNvQeFauGwU3SIHetgsZf/PctsvfALa/tgehxV1u
hQFEadmO4lscXmaF0IOrzLlU5p2pDe4ZwFnJg3/QvTrGRtF7K94EjOb04QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIxyYtkhNJFYtbOKgW6gaQSrIhVTMB8GA1UdIwQY
MBaAFMfaguh3kz2cLJUss3bJOqozfdfSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDlxQzZIZVRQWndzbFN5emRzazZxak45MTlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jYjUzN2QtZDdlZi00MDljLTgyM2Mt
ZWFlNGY2ZDMzY2E2LzEvakhKaTJTRTBrVmkxczRxQmJxQnBCS3NpRlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jYjUzN2QtZDdlZi00MDljLTgyM2MtZWFlNGY2ZDMzY2E2
LzEveDlxQzZIZVRQWndzbFN5emRzazZxak45MTlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXxYMA0E
AgACMAcDBQMqBbCAMA0GCSqGSIb3DQEBCwUAA4IBAQC2bHwyMumOIIg+SI0F/LVq
UCC7m5ZaGW2tnL2qLGcXDuwlDIpN0bTCsa4sJ5CreNg8ESqaSuS+DjSzN97L0XBP
9duAKDxYVw7FMEsIWlNgUsXh92T87qm+vt/5nD6UoX9WAC/JfX5RVaiaAt6T/blP
ptfTjxqswnvsHZYRSgBN58m21ba8tfZaYUN0LENTbF9XN3aGRyeERXKvxyT5DUAC
0ejfnveauJnYj2Zi/HzFDGaA9DVulDcT6wuN1U9IraWgorZnNjXgT/uXlmzdCAhH
PUYkKFfVp5JkZ9DGdOOUbmxfSOlDltVK+Ubr5KLXhu9dhs4SIeIqeOjLYSw1KRKT
-----END CERTIFICATE-----