Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/jdVTqO7VY82-HjE--ThdnCQOATg.roa
File:                     jdVTqO7VY82-HjE--ThdnCQOATg.roa (raw, json)
Hash identifier:          RF0wVfyN3QUFV+NemYXC49Chf7ngq5kfllbSRA3UMFI=
Subject key identifier:   8D:D5:53:A8:EE:D5:63:CD:BE:1E:31:3E:F9:38:5D:9C:24:0E:01:38
Certificate issuer:       /CN=36319bcd4747ed5b202bb578acb390d16fc411a5
Certificate serial:       018CC801CDD9D177FC33DCEF3E5B469A31E7
Authority key identifier: 36:31:9B:CD:47:47:ED:5B:20:2B:B5:78:AC:B3:90:D1:6F:C4:11:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/jdVTqO7VY82-HjE--ThdnCQOATg.roa
Signing time:             Tue 02 Jan 2024 02:30:10 +0000
ROA not before:           Tue 02 Jan 2024 02:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20740
IP address blocks:        194.29.188.0/22 maxlen: 22
                          193.109.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:cd:d9:d1:77:fc:33:dc:ef:3e:5b:46:9a:31:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36319bcd4747ed5b202bb578acb390d16fc411a5
        Validity
            Not Before: Jan  2 02:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dd553a8eed563cdbe1e313ef9385d9c240e0138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b1:98:81:f5:0d:5e:88:eb:54:1c:73:7d:de:
                    6d:7d:48:12:6c:49:0d:94:f5:8f:d4:b6:fe:e7:44:
                    36:29:a9:a6:2e:96:81:4d:b2:76:f9:7b:7c:10:fe:
                    43:89:c3:08:88:1a:ca:29:ab:46:eb:74:6a:70:d8:
                    f4:57:a5:31:44:22:64:5d:db:51:19:6c:b6:33:03:
                    cd:50:a5:02:6e:ee:20:c6:c8:f3:7a:36:22:dd:64:
                    50:67:8d:0b:60:95:af:2c:39:41:33:bb:08:ed:aa:
                    92:ee:f8:23:67:13:ae:b1:d8:40:4d:8e:5a:79:88:
                    17:72:fd:df:ed:80:e8:1e:70:0a:29:5b:ef:3a:91:
                    1b:09:6d:3b:10:71:cc:55:53:ab:ed:00:5d:6d:cc:
                    bf:a6:42:ac:23:9c:30:4a:19:e3:74:d1:ed:28:0e:
                    21:0e:c8:10:ea:32:13:ba:5e:96:6e:f7:36:37:97:
                    63:77:1a:4c:a3:2d:f3:58:b4:64:bd:32:e4:fb:92:
                    aa:cd:14:50:ce:6d:4a:4b:85:1f:01:1c:98:b8:f9:
                    fa:73:c2:f3:83:15:68:e7:41:83:b0:68:5a:4a:9c:
                    d9:e9:67:87:5b:95:8b:26:03:15:f3:2a:41:07:6a:
                    f3:a5:aa:e7:25:cc:79:ac:02:34:f9:0a:84:19:41:
                    6e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D5:53:A8:EE:D5:63:CD:BE:1E:31:3E:F9:38:5D:9C:24:0E:01:38
            X509v3 Authority Key Identifier:
                keyid:36:31:9B:CD:47:47:ED:5B:20:2B:B5:78:AC:B3:90:D1:6F:C4:11:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/jdVTqO7VY82-HjE--ThdnCQOATg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.4.0/22
                  194.29.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:50:1e:33:28:70:c8:ed:51:0d:a5:be:11:8d:4c:2a:e0:0d:
         ff:c6:fc:c6:90:84:eb:2e:38:54:a6:cb:fb:91:b8:f1:ef:ef:
         fc:55:c4:ef:b5:2b:bd:0c:b5:90:47:74:cc:cb:87:26:77:66:
         ba:c5:13:7d:12:d2:f1:6c:78:36:77:df:f2:52:95:fd:1e:d1:
         5c:90:bd:02:2a:06:63:a2:51:b7:e1:5a:7d:24:16:2e:e1:b6:
         45:ec:ce:b4:12:a2:15:71:48:58:88:3f:28:ee:d7:77:4b:03:
         55:96:bd:fa:d4:d5:49:14:29:7e:c9:5a:14:95:78:10:41:e4:
         3a:ba:a9:aa:7f:39:41:53:b1:8e:f4:72:ce:00:2a:9e:87:67:
         5e:18:77:d5:e1:ff:22:f3:2c:7d:72:47:61:7e:78:0f:d4:26:
         ec:78:09:34:74:19:d0:b4:d2:37:b8:43:97:df:90:ff:61:99:
         40:dd:de:f5:6b:93:28:c5:01:fa:2b:86:0f:42:24:01:c6:44:
         7c:d2:4c:8a:b1:21:5f:a6:bc:b9:72:c6:d1:09:72:4d:5a:c2:
         27:03:81:e8:a0:91:31:f0:d8:08:a6:6c:ee:a9:2d:95:30:e3:
         89:09:f7:ed:cc:5d:a8:94:13:f0:22:89:31:0d:8a:2e:5c:27:
         bd:36:6d:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAc3Z0Xf8M9zvPltGmjHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MzE5YmNkNDc0N2VkNWIyMDJiYjU3OGFjYjM5MGQxNmZj
NDExYTUwHhcNMjQwMTAyMDIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQ1NTNhOGVlZDU2M2NkYmUxZTMxM2VmOTM4NWQ5YzI0MGUwMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbGYgfUNXojrVBxzfd5tfUgSbEkN
lPWP1Lb+50Q2KammLpaBTbJ2+Xt8EP5DicMIiBrKKatG63RqcNj0V6UxRCJkXdtR
GWy2MwPNUKUCbu4gxsjzejYi3WRQZ40LYJWvLDlBM7sI7aqS7vgjZxOusdhATY5a
eYgXcv3f7YDoHnAKKVvvOpEbCW07EHHMVVOr7QBdbcy/pkKsI5wwShnjdNHtKA4h
DsgQ6jITul6Wbvc2N5djdxpMoy3zWLRkvTLk+5KqzRRQzm1KS4UfARyYuPn6c8Lz
gxVo50GDsGhaSpzZ6WeHW5WLJgMV8ypBB2rzparnJcx5rAI0+QqEGUFuJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI3VU6ju1WPNvh4xPvk4XZwkDgE4MB8GA1UdIwQY
MBaAFDYxm81HR+1bICu1eKyzkNFvxBGlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpHYnpVZEg3VnNnSzdWNHJMT1EwV19FRWFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iYTI0ZDgtZDQ4NC00ZTliLTg3YmEt
MjQ1NWY5ZjUyMTZmLzEvamRWVHFPN1ZZODItSGpFLS1UaGRuQ1FPQVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iYTI0ZDgtZDQ4NC00ZTliLTg3YmEtMjQ1NWY5ZjUyMTZm
LzEvTmpHYnpVZEg3VnNnSzdWNHJMT1EwV19FRWFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwW0EAwQC
wh28MA0GCSqGSIb3DQEBCwUAA4IBAQCPUB4zKHDI7VENpb4RjUwq4A3/xvzGkITr
LjhUpsv7kbjx7+/8VcTvtSu9DLWQR3TMy4cmd2a6xRN9EtLxbHg2d9/yUpX9HtFc
kL0CKgZjolG34Vp9JBYu4bZF7M60EqIVcUhYiD8o7td3SwNVlr361NVJFCl+yVoU
lXgQQeQ6uqmqfzlBU7GO9HLOACqeh2deGHfV4f8i8yx9ckdhfngP1CbseAk0dBnQ
tNI3uEOX35D/YZlA3d71a5MoxQH6K4YPQiQBxkR80kyKsSFfpry5csbRCXJNWsIn
A4HooJEx8NgIpmzuqS2VMOOJCfftzF2olBPwIokxDYouXCe9Nm1A
-----END CERTIFICATE-----