Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/a_m4suhyyL9flQPp241fj4DRVCA.roa
File:                     a_m4suhyyL9flQPp241fj4DRVCA.roa (raw, json)
Hash identifier:          8XVetIJ9D/jeF/QQ0Oi5/OE3gev61B9ttSvU41YSX6k=
Subject key identifier:   6B:F9:B8:B2:E8:72:C8:BF:5F:95:03:E9:DB:8D:5F:8F:80:D1:54:20
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018FA48B96D5828BE9AE4149DB2AE985742E
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/a_m4suhyyL9flQPp241fj4DRVCA.roa
Signing time:             Thu 23 May 2024 08:22:42 +0000
ROA not before:           Thu 23 May 2024 08:22:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209474
IP address blocks:        188.191.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 20:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a4:8b:96:d5:82:8b:e9:ae:41:49:db:2a:e9:85:74:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: May 23 08:22:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bf9b8b2e872c8bf5f9503e9db8d5f8f80d15420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ae:16:2a:df:0b:98:0c:a9:49:c9:28:92:f1:
                    29:55:86:c7:4f:82:16:13:ad:0a:6d:75:b9:4f:cb:
                    92:c9:6d:1e:41:f1:03:5d:bf:11:5d:55:00:24:0a:
                    24:75:de:9c:5b:22:a9:df:62:bf:41:c6:2e:e4:fc:
                    97:cc:49:a6:b4:0e:f9:1f:a1:fc:b7:66:69:6e:ee:
                    5e:fe:3a:b8:5a:2a:67:6d:23:63:e0:58:79:cf:ca:
                    0a:74:22:c5:5d:5b:c1:53:41:38:0b:dc:e2:a4:cb:
                    37:7a:ce:59:ed:72:d4:30:f8:9a:d0:d2:3e:1e:68:
                    4b:ab:b2:34:86:b4:e5:f6:3b:ca:d6:47:b3:20:5d:
                    bb:5f:69:b0:ed:c1:88:ed:90:55:6f:61:d0:3b:06:
                    45:88:a6:d7:8e:6d:46:27:68:51:df:e7:dc:ba:95:
                    2d:be:8a:61:93:cb:06:9d:08:6b:fa:3d:d6:e9:1b:
                    7c:ff:18:ac:2b:0b:34:04:b4:41:0a:9f:a8:db:f0:
                    ef:4a:1e:0a:f3:37:5a:b0:a4:ab:a3:97:a0:3c:f7:
                    b4:d3:85:90:87:f5:29:8c:13:c3:dd:ba:9b:93:10:
                    8a:89:72:6c:32:43:4b:19:fd:74:f5:a6:a4:10:ea:
                    ec:09:4b:79:2c:08:b1:9f:81:cd:5c:c0:f7:a3:77:
                    df:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F9:B8:B2:E8:72:C8:BF:5F:95:03:E9:DB:8D:5F:8F:80:D1:54:20
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/a_m4suhyyL9flQPp241fj4DRVCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:c7:ec:31:9d:bc:c1:f7:98:63:55:dd:52:d5:5d:a7:4b:56:
         1f:b7:df:52:11:de:36:7b:65:0e:07:c4:22:38:04:1c:63:b6:
         a2:70:d9:8e:0f:a6:2e:52:4d:c2:05:ba:03:3f:20:f7:20:6f:
         bb:b5:13:49:1f:ed:54:fa:89:52:a4:4c:fc:39:d7:e9:9a:3b:
         76:8e:79:62:b5:e5:af:35:fa:5d:d3:b8:c4:cc:9f:a0:15:4a:
         7b:99:f0:3b:69:ef:63:44:4a:10:e9:07:0f:42:f8:68:97:c8:
         17:0b:86:ec:d1:39:ae:e6:96:93:42:92:44:e6:87:03:a5:4c:
         b5:bb:b5:46:d5:4f:7d:92:15:ff:b2:44:14:b9:df:f7:3b:08:
         82:e3:20:18:a5:f4:f4:6c:00:8e:30:56:7a:20:44:54:da:86:
         e5:9f:bd:ef:e1:d8:64:3d:10:9e:af:c7:cb:d3:c9:77:1e:0b:
         48:8e:b8:1e:cf:84:c1:d7:e7:f0:d9:70:4d:78:44:0c:0c:c0:
         cd:4f:be:42:29:27:31:63:d0:60:f9:4f:dc:1c:81:91:d2:80:
         b6:b2:6d:02:bf:2d:d7:3d:c0:1b:80:c3:75:d1:50:e3:9e:4f:
         e5:f9:38:85:9f:c3:4c:54:a9:82:39:69:5e:00:0d:fa:31:eb:
         c7:f4:99:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+ki5bVgovprkFJ2yrphXQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwNTIzMDgyMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmY5YjhiMmU4NzJjOGJmNWY5NTAzZTlkYjhkNWY4ZjgwZDE1NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza4WKt8LmAypSckokvEpVYbHT4IW
E60KbXW5T8uSyW0eQfEDXb8RXVUAJAokdd6cWyKp32K/QcYu5PyXzEmmtA75H6H8
t2Zpbu5e/jq4WipnbSNj4Fh5z8oKdCLFXVvBU0E4C9zipMs3es5Z7XLUMPia0NI+
HmhLq7I0hrTl9jvK1kezIF27X2mw7cGI7ZBVb2HQOwZFiKbXjm1GJ2hR3+fcupUt
vophk8sGnQhr+j3W6Rt8/xisKws0BLRBCp+o2/DvSh4K8zdasKSro5egPPe004WQ
h/UpjBPD3bqbkxCKiXJsMkNLGf109aakEOrsCUt5LAixn4HNXMD3o3ffzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv5uLLocsi/X5UD6duNX4+A0VQgMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvYV9tNHN1aHl5TDlmbFFQcDI0MWZqNERSVkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9rMA0G
CSqGSIb3DQEBCwUAA4IBAQB3x+wxnbzB95hjVd1S1V2nS1Yft99SEd42e2UOB8Qi
OAQcY7aicNmOD6YuUk3CBboDPyD3IG+7tRNJH+1U+olSpEz8Odfpmjt2jnliteWv
Nfpd07jEzJ+gFUp7mfA7ae9jREoQ6QcPQvhol8gXC4bs0Tmu5paTQpJE5ocDpUy1
u7VG1U99khX/skQUud/3OwiC4yAYpfT0bACOMFZ6IERU2obln73v4dhkPRCer8fL
08l3HgtIjrgez4TB1+fw2XBNeEQMDMDNT75CKScxY9Bg+U/cHIGR0oC2sm0Cvy3X
PcAbgMN10VDjnk/l+TiFn8NMVKmCOWleAA36MevH9JnS
-----END CERTIFICATE-----