Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/jwr-AMkOm7z8Fmj6bZ_bQXXfck4.roa
File:                     jwr-AMkOm7z8Fmj6bZ_bQXXfck4.roa (raw, json)
Hash identifier:          6sQ+YZNAHVEwy/rsvEFPLWQVmEagP0UpRSVqnq295dw=
Subject key identifier:   8F:0A:FE:00:C9:0E:9B:BC:FC:16:68:FA:6D:9F:DB:41:75:DF:72:4E
Certificate issuer:       /CN=83a062525292a29e97fe6a055b9bd6084a771977
Certificate serial:       018CC79554C3DE261369D9CDBC548EA1B39E
Authority key identifier: 83:A0:62:52:52:92:A2:9E:97:FE:6A:05:5B:9B:D6:08:4A:77:19:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g6BiUlKSop6X_moFW5vWCEp3GXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/jwr-AMkOm7z8Fmj6bZ_bQXXfck4.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202691
IP address blocks:        185.157.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/g6BiUlKSop6X_moFW5vWCEp3GXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/g6BiUlKSop6X_moFW5vWCEp3GXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g6BiUlKSop6X_moFW5vWCEp3GXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:54:c3:de:26:13:69:d9:cd:bc:54:8e:a1:b3:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83a062525292a29e97fe6a055b9bd6084a771977
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f0afe00c90e9bbcfc1668fa6d9fdb4175df724e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:09:fd:88:0f:55:b8:c7:f5:18:9f:17:15:5e:
                    fc:65:e8:ea:37:75:bd:ec:00:1c:f9:b8:e9:27:21:
                    ae:72:75:25:69:35:d7:88:05:9a:ef:e6:0d:8e:95:
                    49:d4:6b:64:62:a5:b4:2a:04:f3:62:ed:ac:c7:b7:
                    db:ea:eb:3c:ae:f3:d2:86:04:07:1b:da:f8:aa:5c:
                    db:e1:9c:46:cc:1f:15:b4:4c:99:a3:e9:e8:4f:4d:
                    c0:33:2e:04:4e:e5:43:3e:a3:22:fd:53:17:82:f7:
                    37:34:ae:77:a8:dc:54:8c:e9:c6:49:f0:ab:25:32:
                    c6:b9:66:ef:a9:f6:3d:c2:e7:9e:99:e6:c6:bc:1b:
                    38:52:d6:2e:af:46:09:c7:79:ff:28:a3:23:d9:4f:
                    e1:5b:4d:6a:5d:4b:10:b9:0a:26:80:e9:4a:c1:8b:
                    2f:7a:81:5b:43:0e:2b:2c:ef:39:46:a8:25:38:5d:
                    30:9d:28:00:45:c1:78:97:a5:78:0c:98:45:84:39:
                    19:6f:ec:8d:84:3b:6c:17:c5:81:f6:77:04:e1:d3:
                    97:53:ca:d9:02:3a:31:d1:24:13:fa:8d:02:cd:ee:
                    e3:30:eb:da:da:1c:52:e3:10:32:38:e6:ae:03:52:
                    f8:5b:6e:b2:b4:b8:8e:26:80:64:ae:f0:bc:fc:7f:
                    c9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:0A:FE:00:C9:0E:9B:BC:FC:16:68:FA:6D:9F:DB:41:75:DF:72:4E
            X509v3 Authority Key Identifier:
                keyid:83:A0:62:52:52:92:A2:9E:97:FE:6A:05:5B:9B:D6:08:4A:77:19:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g6BiUlKSop6X_moFW5vWCEp3GXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/jwr-AMkOm7z8Fmj6bZ_bQXXfck4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/g6BiUlKSop6X_moFW5vWCEp3GXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:3a:81:e4:61:4f:e5:6d:11:fc:a1:64:05:46:c0:e7:f2:4a:
         28:d6:d7:76:67:53:80:37:f9:17:5c:49:a2:31:41:06:c6:51:
         b0:c6:cd:5b:db:a1:43:8d:bc:6a:78:ff:b5:80:e0:b6:6e:0f:
         59:dc:0e:32:21:dc:76:77:cd:43:cd:fd:7b:b8:60:05:87:79:
         b9:ef:50:e7:c5:c5:e2:d7:03:73:e3:07:86:b0:48:24:27:65:
         97:d1:35:d9:97:8f:65:fe:9c:da:5c:d4:1c:5c:a1:dd:6f:6c:
         3f:39:2f:7e:92:00:43:2e:03:e1:21:66:f5:c9:37:a3:af:b6:
         bb:de:28:45:d7:b5:a8:52:ef:a6:41:df:fe:3c:98:01:84:3e:
         f9:ff:cc:b7:62:e8:20:8b:c8:37:dd:98:7e:c1:d2:50:1e:44:
         f1:25:fd:a6:6f:b1:8e:1b:67:a4:dc:00:e6:e6:06:c9:d4:2d:
         66:92:8f:d3:79:04:cb:c5:be:17:89:c5:64:7f:5d:52:94:db:
         b4:99:f8:18:fa:8a:03:9f:db:3e:ff:31:4a:a2:9f:ce:a5:38:
         1c:de:bc:93:00:b6:69:05:99:2f:a9:bf:df:60:ff:72:15:fc:
         9f:87:d1:71:59:e3:6f:ba:ac:8e:a5:26:e5:73:d6:f8:8d:79:
         ef:b1:f6:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVTD3iYTadnNvFSOobOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYTA2MjUyNTI5MmEyOWU5N2ZlNmEwNTViOWJkNjA4NGE3
NzE5NzcwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjBhZmUwMGM5MGU5YmJjZmMxNjY4ZmE2ZDlmZGI0MTc1ZGY3MjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgn9iA9VuMf1GJ8XFV78ZejqN3W9
7AAc+bjpJyGucnUlaTXXiAWa7+YNjpVJ1GtkYqW0KgTzYu2sx7fb6us8rvPShgQH
G9r4qlzb4ZxGzB8VtEyZo+noT03AMy4ETuVDPqMi/VMXgvc3NK53qNxUjOnGSfCr
JTLGuWbvqfY9wueemebGvBs4UtYur0YJx3n/KKMj2U/hW01qXUsQuQomgOlKwYsv
eoFbQw4rLO85RqglOF0wnSgARcF4l6V4DJhFhDkZb+yNhDtsF8WB9ncE4dOXU8rZ
Ajox0SQT+o0Cze7jMOva2hxS4xAyOOauA1L4W26ytLiOJoBkrvC8/H/JswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8K/gDJDpu8/BZo+m2f20F133JOMB8GA1UdIwQY
MBaAFIOgYlJSkqKel/5qBVub1ghKdxl3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzZCaVVsS1NvcDZYX21vRlc1dldDRXAzR1hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS85NThhMmMtY2VmMC00YmNjLTk5YzIt
MzIxYzlkNjZjODQ3LzEvandyLUFNa09tN3o4Rm1qNmJaX2JRWFhmY2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS85NThhMmMtY2VmMC00YmNjLTk5YzItMzIxYzlkNjZjODQ3
LzEvZzZCaVVsS1NvcDZYX21vRlc1dldDRXAzR1hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ1IMA0G
CSqGSIb3DQEBCwUAA4IBAQAqOoHkYU/lbRH8oWQFRsDn8koo1td2Z1OAN/kXXEmi
MUEGxlGwxs1b26FDjbxqeP+1gOC2bg9Z3A4yIdx2d81Dzf17uGAFh3m571DnxcXi
1wNz4weGsEgkJ2WX0TXZl49l/pzaXNQcXKHdb2w/OS9+kgBDLgPhIWb1yTejr7a7
3ihF17WoUu+mQd/+PJgBhD75/8y3Yuggi8g33Zh+wdJQHkTxJf2mb7GOG2ek3ADm
5gbJ1C1mko/TeQTLxb4XicVkf11SlNu0mfgY+ooDn9s+/zFKop/OpTgc3ryTALZp
BZkvqb/fYP9yFfyfh9FxWeNvuqyOpSblc9b4jXnvsfZj
-----END CERTIFICATE-----