Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/o8z2KoUjtdC4F_awGgVFXhBaFCg.roa
File:                     o8z2KoUjtdC4F_awGgVFXhBaFCg.roa (raw, json)
Hash identifier:          +kxGQWW2/rmrxU0wu+zxbfwJetpoXbBMLVa8EZ9FXIU=
Subject key identifier:   A3:CC:F6:2A:85:23:B5:D0:B8:17:F6:B0:1A:05:45:5E:10:5A:14:28
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       018CC26D73F499D2F4F39238C6EE41EC5479
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/o8z2KoUjtdC4F_awGgVFXhBaFCg.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42873
IP address blocks:        192.129.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:f4:99:d2:f4:f3:92:38:c6:ee:41:ec:54:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3ccf62a8523b5d0b817f6b01a05455e105a1428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c4:54:f7:91:4d:bf:a3:00:a9:33:84:11:9c:
                    e1:b6:3c:71:0f:75:1d:a3:3c:0b:f3:c9:3c:ef:8a:
                    11:9d:70:20:ac:32:72:9c:a8:ed:79:03:37:d7:5b:
                    6b:b4:7d:66:dd:29:44:9f:3e:23:5c:8a:cf:89:4d:
                    c3:65:01:fe:b8:6c:a2:88:e8:77:5b:9e:b8:2e:6a:
                    ff:59:f4:85:d3:6b:e6:45:4c:fe:fd:5e:94:3b:51:
                    57:d5:c8:74:dd:a7:bc:2e:49:df:24:99:aa:da:1d:
                    09:b2:95:2e:79:91:2f:76:bd:85:2c:d0:a4:21:cc:
                    8a:d6:6d:fc:7f:8e:28:93:85:da:a0:49:55:fb:fe:
                    d1:7f:6a:76:c2:5e:40:dc:0d:08:23:6c:24:6b:f6:
                    51:0e:d5:b2:49:cb:b7:66:d7:49:d7:90:7c:fb:f3:
                    bb:e7:7f:84:c8:52:4a:de:d8:35:8a:3f:d5:0e:ec:
                    dc:5f:6b:fe:e4:05:98:fa:2f:61:80:a7:4f:db:95:
                    83:45:50:36:f8:44:64:d5:18:5a:f6:1d:ec:b1:88:
                    70:e2:6f:f4:77:ee:81:38:7c:d4:c4:2e:5d:3c:36:
                    cd:54:8f:5a:70:85:bb:4b:c3:37:00:1d:35:07:24:
                    08:38:ff:f8:7c:69:2b:b3:ae:27:5c:a5:18:01:8c:
                    dd:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CC:F6:2A:85:23:B5:D0:B8:17:F6:B0:1A:05:45:5E:10:5A:14:28
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/o8z2KoUjtdC4F_awGgVFXhBaFCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.129.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d3:1e:ff:06:82:cc:2a:40:74:34:f6:98:79:28:4c:9f:f7:
         68:97:32:58:f7:88:4f:25:6e:9c:00:e4:93:a4:08:20:30:df:
         68:ad:5a:55:74:a1:8b:06:03:6c:ef:3e:76:09:4f:97:93:46:
         e4:3b:b5:8e:2a:e9:5e:f2:9a:a7:6c:64:35:6a:5a:f4:6a:b9:
         94:aa:e0:68:97:93:b7:57:83:01:aa:cd:26:69:94:72:9a:d2:
         e3:6b:ad:9e:a0:af:8c:91:78:b5:28:80:83:e6:b3:a9:70:3e:
         60:db:42:31:9f:4c:0e:40:22:ba:dd:1e:74:23:f9:0b:49:07:
         6b:3f:10:76:d2:d4:7d:87:94:5c:c2:5f:1f:39:d2:31:f6:45:
         3a:ca:68:90:7d:39:e6:59:62:5f:7c:f4:4c:43:fc:7f:c0:3c:
         5e:30:74:40:e1:21:ca:57:78:55:cf:60:4a:af:66:b5:52:0b:
         9b:95:5c:62:ca:f0:db:18:4a:ff:cf:05:80:aa:57:83:19:68:
         6a:43:f4:11:5f:88:b0:41:16:73:d9:e9:62:bb:db:46:cf:a6:
         d1:84:71:19:a1:92:8f:fa:5b:0b:79:61:f2:aa:f8:5a:00:7a:
         56:91:83:a8:d4:7a:bd:08:6f:2c:29:4e:3e:e0:45:18:d8:b7:
         1c:31:48:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXP0mdL085I4xu5B7FR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NjZjYyYTg1MjNiNWQwYjgxN2Y2YjAxYTA1NDU1ZTEwNWExNDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosRU95FNv6MAqTOEEZzhtjxxD3Ud
ozwL88k874oRnXAgrDJynKjteQM311trtH1m3SlEnz4jXIrPiU3DZQH+uGyiiOh3
W564Lmr/WfSF02vmRUz+/V6UO1FX1ch03ae8LknfJJmq2h0JspUueZEvdr2FLNCk
IcyK1m38f44ok4XaoElV+/7Rf2p2wl5A3A0II2wka/ZRDtWyScu3ZtdJ15B8+/O7
53+EyFJK3tg1ij/VDuzcX2v+5AWY+i9hgKdP25WDRVA2+ERk1Rha9h3ssYhw4m/0
d+6BOHzUxC5dPDbNVI9acIW7S8M3AB01ByQIOP/4fGkrs64nXKUYAYzdJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPM9iqFI7XQuBf2sBoFRV4QWhQoMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvbzh6MktvVWp0ZEM0Rl9hd0dnVkZYaEJhRkNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwIEeMA0G
CSqGSIb3DQEBCwUAA4IBAQAz0x7/BoLMKkB0NPaYeShMn/dolzJY94hPJW6cAOST
pAggMN9orVpVdKGLBgNs7z52CU+Xk0bkO7WOKule8pqnbGQ1alr0armUquBol5O3
V4MBqs0maZRymtLja62eoK+MkXi1KICD5rOpcD5g20Ixn0wOQCK63R50I/kLSQdr
PxB20tR9h5Rcwl8fOdIx9kU6ymiQfTnmWWJffPRMQ/x/wDxeMHRA4SHKV3hVz2BK
r2a1UgublVxiyvDbGEr/zwWAqleDGWhqQ/QRX4iwQRZz2eliu9tGz6bRhHEZoZKP
+lsLeWHyqvhaAHpWkYOo1Hq9CG8sKU4+4EUY2LccMUgo
-----END CERTIFICATE-----