Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sIIAfNElvBbJ21X6UNcpxZKBaFY.roa
File:                     sIIAfNElvBbJ21X6UNcpxZKBaFY.roa (raw, json)
Hash identifier:          02lLmq9tpHuJe7DdBtM53qWPWL8/3c4mhiwKkAKcdc0=
Subject key identifier:   B0:82:00:7C:D1:25:BC:16:C9:DB:55:FA:50:D7:29:C5:92:81:68:56
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954E70CEEB58F3ADF15EB557589A1D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sIIAfNElvBbJ21X6UNcpxZKBaFY.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47388
IP address blocks:        188.215.93.0/24 maxlen: 24
                          94.176.42.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4e:70:ce:eb:58:f3:ad:f1:5e:b5:57:58:9a:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b082007cd125bc16c9db55fa50d729c592816856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:81:88:45:c8:05:b3:95:51:ed:e3:47:29:c9:
                    7f:8b:5b:cc:35:ef:d9:ee:5a:cf:e3:e5:99:a0:74:
                    43:f1:dc:44:6c:ca:8c:72:4d:fc:e1:04:79:93:dd:
                    f2:4c:ad:44:13:a0:86:47:df:06:2b:34:49:50:7a:
                    3d:4d:aa:8b:de:d9:b0:a5:0e:42:6b:78:ad:e7:95:
                    55:88:d0:05:ac:07:8e:ee:68:77:b7:bd:b9:ab:b7:
                    74:f8:79:b0:c3:77:25:d1:65:cc:95:fd:0c:78:6e:
                    13:89:6d:1f:1c:15:f0:0c:70:e8:5d:6e:49:19:f3:
                    43:e8:22:f0:d1:d0:53:1e:f3:d5:c9:8a:4e:96:bc:
                    53:4f:f9:1a:8e:57:09:fa:07:4c:55:53:f4:ab:38:
                    93:c7:0c:6a:61:49:d0:30:8b:bb:6a:14:bc:0d:e2:
                    cf:96:4e:66:b7:85:e5:a1:0c:c6:70:dd:9b:a9:76:
                    88:27:7d:1c:db:05:e0:69:f1:a7:c7:da:72:a1:75:
                    b5:a3:58:8a:f1:10:06:85:ab:69:ee:4a:41:a8:b0:
                    96:71:41:db:35:08:6a:d5:7a:d1:07:d8:e5:bb:08:
                    7e:f3:37:8e:db:2c:c5:aa:9e:17:77:ed:d1:1b:c7:
                    77:84:b4:44:3c:1c:5b:8e:6e:7a:9c:8c:78:af:27:
                    d5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:82:00:7C:D1:25:BC:16:C9:DB:55:FA:50:D7:29:C5:92:81:68:56
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sIIAfNElvBbJ21X6UNcpxZKBaFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.42.0/23
                  188.215.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:f8:8e:40:81:5b:71:73:b4:0f:68:48:2d:1a:33:eb:b7:46:
         4d:a2:02:2c:25:a8:8d:7e:5d:ff:f6:b0:7e:ac:55:c2:e3:bc:
         c2:cf:07:65:d7:57:fc:b2:0d:86:d2:84:fc:ea:29:fd:09:42:
         ed:aa:2d:bb:2d:01:57:35:d3:5d:eb:c8:61:0c:42:f9:b0:99:
         6e:3f:11:53:fb:2d:6a:7b:90:06:96:d5:0a:c7:71:9c:97:35:
         82:9a:3c:b2:bb:6c:ad:a9:a3:45:66:09:ab:e0:39:ad:3d:f1:
         5b:a7:9e:d8:89:1f:cb:c4:51:dc:a8:1f:09:6c:65:02:9d:a4:
         e8:2f:42:da:9b:22:d0:d9:fc:5f:b6:b2:45:3d:c4:69:75:0f:
         33:49:c0:0b:57:0a:fc:fa:47:61:87:c6:0e:08:1f:45:d3:cf:
         a1:a9:ad:42:39:a3:f3:fe:b9:5d:d1:a0:99:4f:4e:e6:23:a9:
         c8:8e:83:37:d1:2d:85:5d:62:56:7f:f5:5d:2b:3f:49:82:12:
         36:da:25:6c:00:54:49:2f:57:a1:39:17:28:8a:42:0a:7e:c5:
         7c:e9:00:15:0e:9a:7e:8e:a2:66:e5:93:22:e4:ff:d4:03:5d:
         dc:fb:75:aa:95:a9:c3:5d:b7:57:7f:9e:76:04:26:45:08:b6:
         c3:94:f8:78
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlU5wzutY863xXrVXWJodMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDgyMDA3Y2QxMjViYzE2YzlkYjU1ZmE1MGQ3MjljNTkyODE2ODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIGIRcgFs5VR7eNHKcl/i1vMNe/Z
7lrP4+WZoHRD8dxEbMqMck384QR5k93yTK1EE6CGR98GKzRJUHo9TaqL3tmwpQ5C
a3it55VViNAFrAeO7mh3t725q7d0+Hmww3cl0WXMlf0MeG4TiW0fHBXwDHDoXW5J
GfND6CLw0dBTHvPVyYpOlrxTT/kajlcJ+gdMVVP0qziTxwxqYUnQMIu7ahS8DeLP
lk5mt4XloQzGcN2bqXaIJ30c2wXgafGnx9pyoXW1o1iK8RAGhatp7kpBqLCWcUHb
NQhq1XrRB9jluwh+8zeO2yzFqp4Xd+3RG8d3hLREPBxbjm56nIx4ryfVUwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLCCAHzRJbwWydtV+lDXKcWSgWhWMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3NJSUFmTkVsdkJiSjIxWDZVTmNweFpLQmFGWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAFesCoD
BAC8110wDQYJKoZIhvcNAQELBQADggEBAB34jkCBW3FztA9oSC0aM+u3Rk2iAiwl
qI1+Xf/2sH6sVcLjvMLPB2XXV/yyDYbShPzqKf0JQu2qLbstAVc1013ryGEMQvmw
mW4/EVP7LWp7kAaW1QrHcZyXNYKaPLK7bK2po0VmCavgOa098VunntiJH8vEUdyo
HwlsZQKdpOgvQtqbItDZ/F+2skU9xGl1DzNJwAtXCvz6R2GHxg4IH0XTz6GprUI5
o/P+uV3RoJlPTuYjqciOgzfRLYVdYlZ/9V0rP0mCEjbaJWwAVEkvV6E5FyiKQgp+
xXzpABUOmn6OomblkyLk/9QDXdz7daqVqcNdt1d/nnYEJkUItsOU+Hg=
-----END CERTIFICATE-----