Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/xJ8JTfsit06i8QtXicUfp5Qoqf4.roa
File:                     xJ8JTfsit06i8QtXicUfp5Qoqf4.roa (raw, json)
Hash identifier:          vxdgaNr3msTfh6DWjfp+lT0fMnk/iXP2l12DlZRkfsQ=
Subject key identifier:   C4:9F:09:4D:FB:22:B7:4E:A2:F1:0B:57:89:C5:1F:A7:94:28:A9:FE
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018CC8DF76DE2C2656A75816065E32B1AED7
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/xJ8JTfsit06i8QtXicUfp5Qoqf4.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15982
IP address blocks:        213.244.230.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:76:de:2c:26:56:a7:58:16:06:5e:32:b1:ae:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c49f094dfb22b74ea2f10b5789c51fa79428a9fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9a:94:44:99:19:0c:84:2f:d9:fb:e8:96:a9:
                    46:cb:cd:8e:f9:4b:68:e1:23:44:e8:55:f1:c3:3b:
                    1f:13:eb:45:b8:10:6a:53:38:38:33:21:ce:a4:70:
                    f5:fc:6a:41:e4:1e:44:fe:f8:7e:3a:d6:f9:35:fe:
                    8d:b8:0f:8f:db:b1:8c:62:8e:cf:4b:1a:3c:b4:19:
                    55:be:0c:ed:60:24:dc:f3:f5:c3:cd:c6:4b:18:6a:
                    3a:36:fb:bb:60:87:1f:49:77:8e:02:e2:55:e8:4d:
                    98:87:2a:60:a0:fe:7e:de:09:8e:99:a6:19:a7:84:
                    d2:05:c7:48:fb:ec:f9:ff:b8:cb:1a:e2:3b:9f:f4:
                    a5:09:40:8c:db:73:74:7d:d7:0c:00:d3:55:99:da:
                    a8:ee:6c:86:2f:61:80:87:74:9e:72:20:f6:2f:28:
                    25:58:ef:dc:c0:09:2d:96:58:64:c5:e8:a3:ad:c6:
                    4c:18:e2:50:6d:08:3a:8d:06:10:8c:e1:d4:e9:2d:
                    a9:ab:49:79:ae:cc:04:b2:4e:da:22:a6:3d:ae:6b:
                    2a:ab:50:60:80:85:89:ba:e7:8d:25:16:ea:6c:48:
                    69:f0:b4:6c:89:85:4a:0c:c0:c8:b9:a7:f7:76:80:
                    15:72:14:d1:09:ed:60:0c:36:aa:49:a0:d8:68:e1:
                    e2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:9F:09:4D:FB:22:B7:4E:A2:F1:0B:57:89:C5:1F:A7:94:28:A9:FE
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/xJ8JTfsit06i8QtXicUfp5Qoqf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.244.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:86:67:ba:ed:18:02:14:8a:3c:b8:f2:7a:ff:c7:b9:2c:64:
         d5:87:e0:56:05:45:16:6d:40:42:d4:5f:e6:21:d0:80:5d:94:
         66:b9:7b:fb:e4:23:5c:13:4b:0c:f2:32:ea:85:e5:ce:98:a8:
         b9:70:92:b9:4a:7d:af:29:e2:76:dc:65:8b:a3:57:80:6a:72:
         2d:e9:37:77:7e:70:9a:26:e0:37:7f:ba:0f:16:ef:f2:ee:90:
         93:d3:f2:ad:ba:8a:7c:72:51:46:55:fc:6a:9f:ae:bd:cc:ff:
         a4:88:3b:0c:7d:07:94:2c:87:7d:7a:2d:4e:03:7d:08:cc:2c:
         ce:d1:d1:5c:24:4f:26:50:4f:d0:66:f5:2e:ce:07:65:8b:50:
         96:43:61:67:77:7b:e4:8a:27:c0:f6:f9:a2:55:66:38:bb:4e:
         21:d7:d4:7d:b8:43:9e:29:62:41:2c:21:09:71:c1:57:04:54:
         42:e7:fe:42:55:18:11:52:69:0d:7a:d4:fe:21:98:29:35:b7:
         3a:63:7a:d9:02:ea:c2:3f:38:33:ad:68:07:ed:eb:c3:f3:6e:
         0a:22:0b:92:5b:48:d1:ae:53:0c:f9:d8:14:36:6b:d7:de:2f:
         b4:bc:48:92:41:55:b5:70:1b:c1:22:98:f4:b6:b2:fc:93:c5:
         67:fa:16:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33beLCZWp1gWBl4ysa7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDlmMDk0ZGZiMjJiNzRlYTJmMTBiNTc4OWM1MWZhNzk0MjhhOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJqURJkZDIQv2fvolqlGy82O+Uto
4SNE6FXxwzsfE+tFuBBqUzg4MyHOpHD1/GpB5B5E/vh+Otb5Nf6NuA+P27GMYo7P
Sxo8tBlVvgztYCTc8/XDzcZLGGo6Nvu7YIcfSXeOAuJV6E2YhypgoP5+3gmOmaYZ
p4TSBcdI++z5/7jLGuI7n/SlCUCM23N0fdcMANNVmdqo7myGL2GAh3SeciD2Lygl
WO/cwAktllhkxeijrcZMGOJQbQg6jQYQjOHU6S2pq0l5rswEsk7aIqY9rmsqq1Bg
gIWJuueNJRbqbEhp8LRsiYVKDMDIuaf3doAVchTRCe1gDDaqSaDYaOHimQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSfCU37IrdOovELV4nFH6eUKKn+MB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEveEo4SlRmc2l0MDZpOFF0WGljVWZwNVFvcWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1fTmMA0G
CSqGSIb3DQEBCwUAA4IBAQBbhme67RgCFIo8uPJ6/8e5LGTVh+BWBUUWbUBC1F/m
IdCAXZRmuXv75CNcE0sM8jLqheXOmKi5cJK5Sn2vKeJ23GWLo1eAanIt6Td3fnCa
JuA3f7oPFu/y7pCT0/Ktuop8clFGVfxqn669zP+kiDsMfQeULId9ei1OA30IzCzO
0dFcJE8mUE/QZvUuzgdli1CWQ2Fnd3vkiifA9vmiVWY4u04h19R9uEOeKWJBLCEJ
ccFXBFRC5/5CVRgRUmkNetT+IZgpNbc6Y3rZAurCPzgzrWgH7evD824KIguSW0jR
rlMM+dgUNmvX3i+0vEiSQVW1cBvBIpj0trL8k8Vn+har
-----END CERTIFICATE-----