Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/qLX5pl0nHD9CtP61VlWI8P7V0BA.roa
File:                     qLX5pl0nHD9CtP61VlWI8P7V0BA.roa (raw, json)
Hash identifier:          8xg5DWHnPxE1h3CxQQRtDmjqiAE+sviUoH0K61D7svs=
Subject key identifier:   A8:B5:F9:A6:5D:27:1C:3F:42:B4:FE:B5:56:55:88:F0:FE:D5:D0:10
Certificate issuer:       /CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
Certificate serial:       018CC94D7C65FC4176171C3047DC65267885
Authority key identifier: 23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/qLX5pl0nHD9CtP61VlWI8P7V0BA.roa
Signing time:             Tue 02 Jan 2024 08:32:27 +0000
ROA not before:           Tue 02 Jan 2024 08:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205364
IP address blocks:        195.230.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7c:65:fc:41:76:17:1c:30:47:dc:65:26:78:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
        Validity
            Not Before: Jan  2 08:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8b5f9a65d271c3f42b4feb5565588f0fed5d010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ce:c5:ef:7a:28:3a:b8:55:e5:4d:16:c0:00:
                    d0:8f:57:1a:3b:0a:e1:6f:d2:c2:7a:a0:25:62:cf:
                    28:cd:ef:e9:2f:e2:c8:dc:0a:fc:1c:06:fb:5d:5d:
                    73:3f:45:ea:86:93:56:2b:06:0a:98:61:5a:95:4e:
                    da:69:39:32:39:17:d4:00:70:7c:de:5a:5d:c8:e7:
                    e1:73:a0:31:32:59:49:5b:56:1b:c3:34:05:54:2c:
                    6d:70:13:3a:1e:b4:95:61:78:28:0a:05:82:35:5a:
                    ce:48:5d:2c:5b:9c:d6:1b:2e:3a:a0:3b:0c:25:ac:
                    cf:f7:3e:23:59:8d:89:fd:fe:e8:b1:33:5e:70:6a:
                    83:c6:65:ad:67:f9:ad:13:6e:c6:dd:b6:b2:11:8a:
                    94:d3:72:70:15:bf:03:fa:e5:3a:f1:66:9c:ec:02:
                    bd:f4:96:e3:d7:e2:9f:6f:dc:25:2e:e1:98:e9:9f:
                    12:ee:a8:1e:ee:e5:a9:2d:8c:79:46:63:ca:14:bd:
                    0f:1c:dd:35:91:f6:6e:15:23:79:97:5d:61:93:fa:
                    35:64:71:c7:c2:1a:f8:31:d7:83:89:4e:62:40:66:
                    ac:aa:7b:26:4a:c9:1b:d5:90:02:84:89:93:78:f8:
                    e8:ec:2e:5c:f7:97:33:2d:f6:8b:99:6e:54:a1:23:
                    d8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B5:F9:A6:5D:27:1C:3F:42:B4:FE:B5:56:55:88:F0:FE:D5:D0:10
            X509v3 Authority Key Identifier:
                keyid:23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/qLX5pl0nHD9CtP61VlWI8P7V0BA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:fe:c7:1f:65:a0:eb:33:1d:01:5c:97:02:54:f8:7c:b5:68:
         a1:ec:74:d4:ee:82:de:5e:62:e5:90:2f:c3:da:87:5a:c7:1f:
         bf:9b:e2:ec:cc:e3:cf:9e:67:e0:e3:d4:ac:2b:27:ca:aa:05:
         86:27:e5:0c:f8:dd:47:51:bd:bd:16:dd:b1:3c:fc:de:2e:c4:
         98:4a:67:84:49:3c:9f:2a:b0:b1:1a:36:00:ad:08:87:80:ea:
         dd:73:9f:24:40:8d:32:27:76:2f:a0:3e:bb:24:3c:04:4f:f4:
         a8:ed:b9:0f:9b:30:5f:44:ce:39:1e:93:13:8d:87:29:af:a2:
         9f:26:29:ae:e5:1a:8d:ee:40:22:bc:d1:c2:24:17:ec:81:20:
         36:17:92:85:1c:08:d0:64:38:f4:27:d6:9a:8b:26:76:53:cc:
         e9:8c:fc:56:52:eb:a2:9d:ac:79:69:ca:3d:c4:02:46:c8:f9:
         d6:58:41:3e:2f:db:d9:b9:37:25:9d:67:a8:a6:f4:94:54:80:
         73:cc:9b:b3:84:cc:5d:ed:57:94:eb:a1:5f:d4:0a:8e:d1:98:
         08:06:54:93:c7:e8:d1:07:14:ee:bb:f3:e2:58:cb:6a:33:71:
         3b:c2:e2:c8:cf:a5:61:ce:6f:b1:89:2a:a2:2d:15:a1:51:cd:
         7d:f5:72:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXxl/EF2FxwwR9xlJniFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNzhhNGE5YzUyMzI1YTg1OTIwODA5YmExYTRkODllMjFj
MDJmMTcwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGI1ZjlhNjVkMjcxYzNmNDJiNGZlYjU1NjU1ODhmMGZlZDVkMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgc7F73ooOrhV5U0WwADQj1caOwrh
b9LCeqAlYs8oze/pL+LI3Ar8HAb7XV1zP0XqhpNWKwYKmGFalU7aaTkyORfUAHB8
3lpdyOfhc6AxMllJW1YbwzQFVCxtcBM6HrSVYXgoCgWCNVrOSF0sW5zWGy46oDsM
JazP9z4jWY2J/f7osTNecGqDxmWtZ/mtE27G3bayEYqU03JwFb8D+uU68Wac7AK9
9Jbj1+Kfb9wlLuGY6Z8S7qge7uWpLYx5RmPKFL0PHN01kfZuFSN5l11hk/o1ZHHH
whr4MdeDiU5iQGasqnsmSskb1ZAChImTePjo7C5c95czLfaLmW5UoSPYLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKi1+aZdJxw/QrT+tVZViPD+1dAQMB8GA1UdIwQY
MBaAFCN4pKnFIyWoWSCAm6Gk2J4hwC8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmIt
OTM3ZTI3ZWUxYjViLzEvcUxYNXBsMG5IRDlDdFA2MVZsV0k4UDdWMEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmItOTM3ZTI3ZWUxYjVi
LzEvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+aUMA0G
CSqGSIb3DQEBCwUAA4IBAQBU/scfZaDrMx0BXJcCVPh8tWih7HTU7oLeXmLlkC/D
2odaxx+/m+LszOPPnmfg49SsKyfKqgWGJ+UM+N1HUb29Ft2xPPzeLsSYSmeESTyf
KrCxGjYArQiHgOrdc58kQI0yJ3YvoD67JDwET/So7bkPmzBfRM45HpMTjYcpr6Kf
Jimu5RqN7kAivNHCJBfsgSA2F5KFHAjQZDj0J9aaiyZ2U8zpjPxWUuuinax5aco9
xAJGyPnWWEE+L9vZuTclnWeopvSUVIBzzJuzhMxd7VeU66Ff1AqO0ZgIBlSTx+jR
BxTuu/PiWMtqM3E7wuLIz6Vhzm+xiSqiLRWhUc199XKD
-----END CERTIFICATE-----