Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/f9d152-ca00-46c4-936a-e9093fee3fd3/1/jbSq7ZU0XifwPCMbTR_qkz08NkQ.roa
File:                     jbSq7ZU0XifwPCMbTR_qkz08NkQ.roa (raw, json)
Hash identifier:          87sf63I4dYNHzLGw/WvHB0JqWaKcxljMDyZmXaR7Pq8=
Subject key identifier:   8D:B4:AA:ED:95:34:5E:27:F0:3C:23:1B:4D:1F:EA:93:3D:3C:36:44
Certificate issuer:       /CN=54598408d23cef52560f7eaad4e1db0c862062c3
Certificate serial:       018CCA992A4444C00330FB16C179DD679E35
Authority key identifier: 54:59:84:08:D2:3C:EF:52:56:0F:7E:AA:D4:E1:DB:0C:86:20:62:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VFmECNI871JWD36q1OHbDIYgYsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/f9d152-ca00-46c4-936a-e9093fee3fd3/1/jbSq7ZU0XifwPCMbTR_qkz08NkQ.roa
Signing time:             Tue 02 Jan 2024 14:34:44 +0000
ROA not before:           Tue 02 Jan 2024 14:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203990
IP address blocks:        185.117.124.0/22 maxlen: 24
                          185.117.124.0/24 maxlen: 24
                          185.117.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/f9d152-ca00-46c4-936a-e9093fee3fd3/1/VFmECNI871JWD36q1OHbDIYgYsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/f9d152-ca00-46c4-936a-e9093fee3fd3/1/VFmECNI871JWD36q1OHbDIYgYsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VFmECNI871JWD36q1OHbDIYgYsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:2a:44:44:c0:03:30:fb:16:c1:79:dd:67:9e:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54598408d23cef52560f7eaad4e1db0c862062c3
        Validity
            Not Before: Jan  2 14:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8db4aaed95345e27f03c231b4d1fea933d3c3644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:63:51:06:13:f5:d7:9c:d3:e0:0d:e7:e2:9b:
                    d7:42:df:21:00:cd:0c:fd:83:36:b4:40:cf:25:5f:
                    09:7c:08:60:63:7a:90:0b:0b:f7:52:cf:1c:39:42:
                    ff:c8:da:0f:e0:e2:1a:05:d3:60:a4:11:1d:b0:bc:
                    68:30:e8:ca:1b:a0:78:9a:d2:b4:d9:76:a8:a9:0d:
                    78:3c:66:68:e0:0a:23:26:7c:60:5f:d6:55:67:c8:
                    e9:25:17:97:41:05:4f:35:fe:24:63:c6:11:dd:00:
                    75:25:be:93:d7:aa:ba:4d:77:7c:9a:91:26:5c:e1:
                    87:80:b6:e0:04:c8:88:5c:1f:ac:de:3d:32:f6:0d:
                    2d:8b:67:10:71:e4:59:a5:58:00:95:92:d4:c1:18:
                    ed:ae:92:6b:03:39:9f:78:6f:76:5a:c3:f3:87:b4:
                    c7:52:d9:07:4a:08:91:c0:4b:46:5f:5b:f5:97:d4:
                    a0:80:3d:f9:54:21:8d:1c:49:75:0d:56:67:cb:5a:
                    03:ae:12:3a:7e:ea:f5:45:59:5d:85:9d:a6:33:67:
                    65:a7:3f:65:b0:a5:26:73:12:80:7b:f4:a9:00:0e:
                    dc:24:ed:f3:5e:9f:20:bd:0d:eb:74:65:0c:3b:11:
                    c2:8e:76:5b:0e:5c:c7:8a:e0:3b:37:c4:c8:0e:44:
                    46:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:B4:AA:ED:95:34:5E:27:F0:3C:23:1B:4D:1F:EA:93:3D:3C:36:44
            X509v3 Authority Key Identifier:
                keyid:54:59:84:08:D2:3C:EF:52:56:0F:7E:AA:D4:E1:DB:0C:86:20:62:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VFmECNI871JWD36q1OHbDIYgYsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/f9d152-ca00-46c4-936a-e9093fee3fd3/1/jbSq7ZU0XifwPCMbTR_qkz08NkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/f9d152-ca00-46c4-936a-e9093fee3fd3/1/VFmECNI871JWD36q1OHbDIYgYsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:f9:f7:99:43:82:b2:ee:3d:e1:4a:7e:d5:e2:c2:2c:49:7a:
         65:e9:76:9f:81:67:da:82:9e:86:c7:96:25:53:7d:c4:a1:8a:
         a6:39:71:9b:3f:34:21:3b:3b:f1:11:db:c4:7b:1a:c1:5c:df:
         b5:bc:85:bb:ab:c7:ad:47:1d:49:81:7a:2b:0a:74:60:ff:94:
         3f:be:0a:68:9b:43:59:ee:ee:74:fd:35:3d:7f:8f:88:5f:73:
         7a:b8:20:08:79:2c:dd:61:88:ce:28:85:96:6a:23:75:6a:4d:
         5f:03:8b:06:3b:ca:cc:68:f6:be:1f:ce:1a:82:98:50:7f:39:
         09:95:67:63:a6:c1:f9:58:7a:71:5d:70:f4:e2:66:5d:52:00:
         57:60:d8:b4:19:03:84:bc:de:cb:38:c8:2c:72:f2:38:31:3d:
         6a:25:5d:bd:bc:be:b1:6d:c5:3f:19:2c:83:34:21:2d:9a:71:
         e8:c1:69:c7:da:03:30:68:08:d7:b8:90:dc:f9:4a:4c:a0:9c:
         07:98:82:f6:97:f6:eb:4f:3b:b6:5d:88:ae:6b:0e:ca:79:ac:
         bb:ff:c4:69:96:5d:34:76:4e:2a:b2:f1:4b:42:ec:fb:db:7c:
         9f:24:56:f9:91:93:6c:e9:a5:ed:12:d5:2f:80:5c:41:a7:50:
         29:fa:fd:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmSpERMADMPsWwXndZ541MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NTk4NDA4ZDIzY2VmNTI1NjBmN2VhYWQ0ZTFkYjBjODYy
MDYyYzMwHhcNMjQwMTAyMTQzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGI0YWFlZDk1MzQ1ZTI3ZjAzYzIzMWI0ZDFmZWE5MzNkM2MzNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmNRBhP115zT4A3n4pvXQt8hAM0M
/YM2tEDPJV8JfAhgY3qQCwv3Us8cOUL/yNoP4OIaBdNgpBEdsLxoMOjKG6B4mtK0
2XaoqQ14PGZo4AojJnxgX9ZVZ8jpJReXQQVPNf4kY8YR3QB1Jb6T16q6TXd8mpEm
XOGHgLbgBMiIXB+s3j0y9g0ti2cQceRZpVgAlZLUwRjtrpJrAzmfeG92WsPzh7TH
UtkHSgiRwEtGX1v1l9SggD35VCGNHEl1DVZny1oDrhI6fur1RVldhZ2mM2dlpz9l
sKUmcxKAe/SpAA7cJO3zXp8gvQ3rdGUMOxHCjnZbDlzHiuA7N8TIDkRGZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI20qu2VNF4n8DwjG00f6pM9PDZEMB8GA1UdIwQY
MBaAFFRZhAjSPO9SVg9+qtTh2wyGIGLDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkZtRUNOSTg3MUpXRDM2cTFPSGJESVlnWXNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9mOWQxNTItY2EwMC00NmM0LTkzNmEt
ZTkwOTNmZWUzZmQzLzEvamJTcTdaVTBYaWZ3UENNYlRSX3FrejA4TmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9mOWQxNTItY2EwMC00NmM0LTkzNmEtZTkwOTNmZWUzZmQz
LzEvVkZtRUNOSTg3MUpXRDM2cTFPSGJESVlnWXNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXV8MA0G
CSqGSIb3DQEBCwUAA4IBAQA4+feZQ4Ky7j3hSn7V4sIsSXpl6XafgWfagp6Gx5Yl
U33EoYqmOXGbPzQhOzvxEdvEexrBXN+1vIW7q8etRx1JgXorCnRg/5Q/vgpom0NZ
7u50/TU9f4+IX3N6uCAIeSzdYYjOKIWWaiN1ak1fA4sGO8rMaPa+H84agphQfzkJ
lWdjpsH5WHpxXXD04mZdUgBXYNi0GQOEvN7LOMgscvI4MT1qJV29vL6xbcU/GSyD
NCEtmnHowWnH2gMwaAjXuJDc+UpMoJwHmIL2l/brTzu2XYiuaw7Keay7/8Rpll00
dk4qsvFLQuz723yfJFb5kZNs6aXtEtUvgFxBp1Ap+v02
-----END CERTIFICATE-----