Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/M5-8T8TFMcb3J2CvuaHGfYikil8.roa
File:                     M5-8T8TFMcb3J2CvuaHGfYikil8.roa (raw, json)
Hash identifier:          sEuV/u3YL8dSNJyH59zm3ikAH6V5LtH2iezUmG3BKhk=
Subject key identifier:   33:9F:BC:4F:C4:C5:31:C6:F7:27:60:AF:B9:A1:C6:7D:88:A4:8A:5F
Certificate issuer:       /CN=b0ad22643c2d97bd71f8b634fb8d1d4f9f01f4a7
Certificate serial:       018CC2DB5EDCB0EBD8758EE8BCB84332ABBA
Authority key identifier: B0:AD:22:64:3C:2D:97:BD:71:F8:B6:34:FB:8D:1D:4F:9F:01:F4:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sK0iZDwtl71x-LY0-40dT58B9Kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/M5-8T8TFMcb3J2CvuaHGfYikil8.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39020
IP address blocks:        193.203.118.0/24 maxlen: 24
                          193.203.119.0/24 maxlen: 24
                          195.88.152.0/24 maxlen: 24
                          195.88.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/sK0iZDwtl71x-LY0-40dT58B9Kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/sK0iZDwtl71x-LY0-40dT58B9Kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sK0iZDwtl71x-LY0-40dT58B9Kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:dc:b0:eb:d8:75:8e:e8:bc:b8:43:32:ab:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0ad22643c2d97bd71f8b634fb8d1d4f9f01f4a7
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=339fbc4fc4c531c6f72760afb9a1c67d88a48a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:45:7b:21:df:ce:20:ca:01:3c:25:94:d7:a9:
                    6f:68:07:27:fd:6a:b7:2c:30:1e:40:6b:62:6f:64:
                    5b:39:d1:f1:25:f1:58:d9:d3:31:d4:fd:38:6f:40:
                    cb:25:e7:4f:bb:dd:d0:fc:91:06:4d:4b:0b:50:9c:
                    fc:9b:fc:1f:da:89:d2:3d:b6:05:50:cf:04:70:a1:
                    a9:da:3d:54:15:05:57:e9:df:15:c8:66:64:ae:b7:
                    70:c2:a4:de:e4:7a:02:52:7d:ea:ad:c3:05:59:76:
                    d3:35:c5:33:30:a6:90:e7:94:38:7a:41:97:7a:21:
                    65:9b:27:68:eb:e2:a2:34:85:32:98:8f:1f:c3:c7:
                    c1:ef:77:0b:9a:dc:7b:b4:7c:25:d6:38:a5:3b:1e:
                    b2:38:19:de:46:69:78:92:b0:a0:23:25:3d:f7:ca:
                    de:01:3e:c5:95:e8:9a:c8:c3:de:2a:9f:7e:97:fc:
                    22:f3:59:73:80:e6:f1:12:47:a5:9e:09:f4:05:1d:
                    9e:0d:da:cd:cf:2a:ea:cd:93:ea:96:a9:f3:d1:37:
                    ad:79:6e:0a:e9:e9:2a:49:ed:a4:c3:25:8b:73:f9:
                    64:5c:25:13:35:38:3b:3f:da:f2:59:8f:c9:fe:40:
                    5e:81:42:24:d3:96:89:77:a3:bd:2f:cf:29:df:c3:
                    66:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9F:BC:4F:C4:C5:31:C6:F7:27:60:AF:B9:A1:C6:7D:88:A4:8A:5F
            X509v3 Authority Key Identifier:
                keyid:B0:AD:22:64:3C:2D:97:BD:71:F8:B6:34:FB:8D:1D:4F:9F:01:F4:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sK0iZDwtl71x-LY0-40dT58B9Kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/M5-8T8TFMcb3J2CvuaHGfYikil8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/sK0iZDwtl71x-LY0-40dT58B9Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.118.0/23
                  195.88.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:f3:b4:9e:d4:2f:75:fc:35:98:d2:d5:21:35:90:f3:c6:23:
         28:45:fc:9a:f2:d2:aa:a8:ab:1e:ca:6b:ea:3c:4b:a0:af:b1:
         3d:ae:62:bc:36:0f:c9:ec:03:1e:e5:c6:c0:d4:94:22:27:bc:
         fd:93:bd:c1:cb:33:08:c4:7c:5b:6f:c0:fe:d8:f6:14:45:08:
         d2:19:5a:ec:b1:b8:6e:28:38:cd:8d:37:05:f1:23:cc:d6:96:
         88:61:14:c2:a0:c6:80:14:13:cd:6e:c7:47:47:0d:a9:85:0b:
         fb:fb:fa:b7:96:ce:20:78:0e:e4:16:a6:97:14:62:dd:0f:c4:
         a9:36:b9:cb:85:c4:25:d4:f4:f9:bc:56:85:1e:91:c9:88:cf:
         e2:84:90:72:9e:b8:df:f1:a1:6f:66:09:0b:14:40:9a:88:c4:
         2b:61:fb:eb:ea:93:b9:a8:06:94:b2:7e:87:70:2a:af:58:9d:
         0f:a0:60:89:3c:ae:5c:62:78:c4:3d:f0:be:74:46:fc:37:d7:
         c8:29:40:9e:71:f4:37:46:e8:eb:36:2e:0e:7a:58:14:d9:9d:
         78:d8:50:85:ce:57:d0:d6:c0:96:aa:ae:e5:1b:41:9f:b4:68:
         a9:2e:35:6a:36:d7:78:4b:e2:60:a9:36:9d:07:16:9a:7b:48:
         b0:55:83:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC217csOvYdY7ovLhDMqu6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYWQyMjY0M2MyZDk3YmQ3MWY4YjYzNGZiOGQxZDRmOWYw
MWY0YTcwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzlmYmM0ZmM0YzUzMWM2ZjcyNzYwYWZiOWExYzY3ZDg4YTQ4YTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkV7Id/OIMoBPCWU16lvaAcn/Wq3
LDAeQGtib2RbOdHxJfFY2dMx1P04b0DLJedPu93Q/JEGTUsLUJz8m/wf2onSPbYF
UM8EcKGp2j1UFQVX6d8VyGZkrrdwwqTe5HoCUn3qrcMFWXbTNcUzMKaQ55Q4ekGX
eiFlmydo6+KiNIUymI8fw8fB73cLmtx7tHwl1jilOx6yOBneRml4krCgIyU998re
AT7FleiayMPeKp9+l/wi81lzgObxEkelngn0BR2eDdrNzyrqzZPqlqnz0TeteW4K
6ekqSe2kwyWLc/lkXCUTNTg7P9ryWY/J/kBegUIk05aJd6O9L88p38Nm0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDOfvE/ExTHG9ydgr7mhxn2IpIpfMB8GA1UdIwQY
MBaAFLCtImQ8LZe9cfi2NPuNHU+fAfSnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0swaVpEd3RsNzF4LUxZMC00MGRUNThCOUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8zMGIzZmYtNzAzNi00YTJlLThlYjUt
MDc0ZmZiNDIzYzEzLzEvTTUtOFQ4VEZNY2IzSjJDdnVhSEdmWWlraWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8zMGIzZmYtNzAzNi00YTJlLThlYjUtMDc0ZmZiNDIzYzEz
LzEvc0swaVpEd3RsNzF4LUxZMC00MGRUNThCOUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwct2AwQB
w1iYMA0GCSqGSIb3DQEBCwUAA4IBAQCV87Se1C91/DWY0tUhNZDzxiMoRfya8tKq
qKseymvqPEugr7E9rmK8Ng/J7AMe5cbA1JQiJ7z9k73ByzMIxHxbb8D+2PYURQjS
GVrssbhuKDjNjTcF8SPM1paIYRTCoMaAFBPNbsdHRw2phQv7+/q3ls4geA7kFqaX
FGLdD8SpNrnLhcQl1PT5vFaFHpHJiM/ihJBynrjf8aFvZgkLFECaiMQrYfvr6pO5
qAaUsn6HcCqvWJ0PoGCJPK5cYnjEPfC+dEb8N9fIKUCecfQ3RujrNi4OelgU2Z14
2FCFzlfQ1sCWqq7lG0GftGipLjVqNtd4S+JgqTadBxaae0iwVYO1
-----END CERTIFICATE-----