Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/10xCUniBnJbUN4Ob-BAQXAN7vns.roa
File:                     10xCUniBnJbUN4Ob-BAQXAN7vns.roa (raw, json)
Hash identifier:          TCKJJBRwBA7nWOCrtCikfNr5IBUt85LCY3ex+/oWYVk=
Subject key identifier:   D7:4C:42:52:78:81:9C:96:D4:37:83:9B:F8:10:10:5C:03:7B:BE:7B
Certificate issuer:       /CN=e8464c8c167dd2c87aa3d88acbfae4c233ff77b0
Certificate serial:       018CC4935C09ACD0E3B71107F7588375710E
Authority key identifier: E8:46:4C:8C:16:7D:D2:C8:7A:A3:D8:8A:CB:FA:E4:C2:33:FF:77:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EZMjBZ90sh6o9iKy_rkwjP_d7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/10xCUniBnJbUN4Ob-BAQXAN7vns.roa
Signing time:             Mon 01 Jan 2024 10:30:40 +0000
ROA not before:           Mon 01 Jan 2024 10:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8422
IP address blocks:        194.55.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/6EZMjBZ90sh6o9iKy_rkwjP_d7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/6EZMjBZ90sh6o9iKy_rkwjP_d7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6EZMjBZ90sh6o9iKy_rkwjP_d7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5c:09:ac:d0:e3:b7:11:07:f7:58:83:75:71:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8464c8c167dd2c87aa3d88acbfae4c233ff77b0
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d74c425278819c96d437839bf810105c037bbe7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:20:54:ab:74:1a:29:b5:8f:8e:d6:33:39:09:
                    4b:47:82:81:27:36:d0:ef:c6:11:64:c4:f4:99:3c:
                    49:89:2e:71:77:4f:1b:75:96:78:a3:b2:f7:64:22:
                    f1:b2:11:10:1f:80:44:08:4b:0e:c2:15:5a:8e:bc:
                    84:20:74:c4:85:10:1b:9c:e4:05:5f:32:6e:83:43:
                    46:68:fe:71:b2:f4:3d:66:fc:4c:1c:da:99:fa:ed:
                    cb:3c:09:1b:29:4f:ad:e6:78:70:2d:c2:4c:00:18:
                    ea:2b:f9:4f:97:c1:f3:1d:b6:34:4d:3b:b2:d0:a1:
                    a1:3c:44:83:ac:60:da:ea:94:c4:e0:35:c6:5e:58:
                    04:d0:ce:de:02:58:dc:97:70:c1:bf:b4:37:f9:75:
                    59:f4:d2:8a:d4:c5:a9:ce:be:9b:40:57:6f:3d:92:
                    52:fb:bd:73:bb:51:1f:04:f5:d9:e6:99:53:4b:24:
                    d5:44:44:42:57:ea:73:54:38:4e:af:89:73:8b:c9:
                    15:d6:6f:f4:65:06:84:f7:6c:ed:16:f1:2e:fb:da:
                    60:ac:a8:f0:4e:35:08:2d:35:f5:39:90:be:fb:10:
                    d0:44:a5:7a:59:ae:7a:f8:4d:a4:e4:3b:25:f4:b4:
                    64:4a:04:b2:25:1b:6b:34:a0:93:08:44:54:ae:4d:
                    4a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:4C:42:52:78:81:9C:96:D4:37:83:9B:F8:10:10:5C:03:7B:BE:7B
            X509v3 Authority Key Identifier:
                keyid:E8:46:4C:8C:16:7D:D2:C8:7A:A3:D8:8A:CB:FA:E4:C2:33:FF:77:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EZMjBZ90sh6o9iKy_rkwjP_d7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/10xCUniBnJbUN4Ob-BAQXAN7vns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/6EZMjBZ90sh6o9iKy_rkwjP_d7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:4e:e5:9e:df:6a:9c:de:8f:88:32:c3:94:af:85:bf:f5:6d:
         c2:7d:04:9d:e9:15:44:01:92:fc:4c:ba:dd:b4:cb:3a:4b:e2:
         ae:0d:3c:18:0b:c6:66:b8:8b:03:02:8d:81:1b:bc:ca:9e:fe:
         9c:77:5e:fe:30:0b:5f:cd:38:89:70:4b:5e:4a:0d:41:15:b0:
         53:d4:93:e4:ed:1e:45:52:e6:61:df:74:cd:9d:20:a2:d9:89:
         cc:a0:4c:a2:30:09:f0:6c:17:a8:a9:a1:58:52:ff:9a:ea:a7:
         ce:a4:70:86:71:62:34:6b:1b:d3:24:0c:dd:b0:27:82:54:13:
         c2:1b:94:c1:36:e9:ad:4c:7b:b8:12:88:8c:0b:b2:96:ce:b8:
         df:6e:d8:a7:2d:e9:19:3d:36:31:a1:8d:cd:b7:3f:b2:f2:3f:
         27:fb:4a:86:ca:f4:af:96:01:55:9b:14:9f:c2:8f:77:18:f8:
         30:32:b3:d1:fb:38:f0:d5:a1:21:c6:b0:6d:0c:88:2d:81:c0:
         c9:30:55:6c:7a:d2:16:73:80:b7:fa:9e:dd:3d:dd:86:16:e6:
         54:26:b5:16:a4:53:9a:c0:a5:cc:71:04:a9:4e:fd:fd:0a:1a:
         85:3a:4f:47:df:ad:50:7b:d4:95:27:dd:25:b4:c9:3c:d9:f6:
         05:7e:82:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1wJrNDjtxEH91iDdXEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDY0YzhjMTY3ZGQyYzg3YWEzZDg4YWNiZmFlNGMyMzNm
Zjc3YjAwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzRjNDI1Mjc4ODE5Yzk2ZDQzNzgzOWJmODEwMTA1YzAzN2JiZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySBUq3QaKbWPjtYzOQlLR4KBJzbQ
78YRZMT0mTxJiS5xd08bdZZ4o7L3ZCLxshEQH4BECEsOwhVajryEIHTEhRAbnOQF
XzJug0NGaP5xsvQ9ZvxMHNqZ+u3LPAkbKU+t5nhwLcJMABjqK/lPl8HzHbY0TTuy
0KGhPESDrGDa6pTE4DXGXlgE0M7eAljcl3DBv7Q3+XVZ9NKK1MWpzr6bQFdvPZJS
+71zu1EfBPXZ5plTSyTVRERCV+pzVDhOr4lzi8kV1m/0ZQaE92ztFvEu+9pgrKjw
TjUILTX1OZC++xDQRKV6Wa56+E2k5Dsl9LRkSgSyJRtrNKCTCERUrk1K/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdMQlJ4gZyW1DeDm/gQEFwDe757MB8GA1UdIwQY
MBaAFOhGTIwWfdLIeqPYisv65MIz/3ewMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVaTWpCWjkwc2g2bzlpS3lfcmt3alBfZDdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jY2E2YzQtZWM3MC00NDA1LWE2YTgt
NmVhYTU5YjBkNzUwLzEvMTB4Q1VuaUJuSmJVTjRPYi1CQVFYQU43dm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jY2E2YzQtZWM3MC00NDA1LWE2YTgtNmVhYTU5YjBkNzUw
LzEvNkVaTWpCWjkwc2g2bzlpS3lfcmt3alBfZDdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjceMA0G
CSqGSIb3DQEBCwUAA4IBAQBoTuWe32qc3o+IMsOUr4W/9W3CfQSd6RVEAZL8TLrd
tMs6S+KuDTwYC8ZmuIsDAo2BG7zKnv6cd17+MAtfzTiJcEteSg1BFbBT1JPk7R5F
UuZh33TNnSCi2YnMoEyiMAnwbBeoqaFYUv+a6qfOpHCGcWI0axvTJAzdsCeCVBPC
G5TBNumtTHu4EoiMC7KWzrjfbtinLekZPTYxoY3Ntz+y8j8n+0qGyvSvlgFVmxSf
wo93GPgwMrPR+zjw1aEhxrBtDIgtgcDJMFVsetIWc4C3+p7dPd2GFuZUJrUWpFOa
wKXMcQSpTv39ChqFOk9H361Qe9SVJ90ltMk82fYFfoIG
-----END CERTIFICATE-----