Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/814325-2191-41c6-b2ed-e229a42c4085/1/qIBIhPUVkTGNPbgf9UsSA_VNwZM.roa
File:                     qIBIhPUVkTGNPbgf9UsSA_VNwZM.roa (raw, json)
Hash identifier:          aX/s9bGatrSWtut5BYc66YesTo51i3iVjoYdc5twLvk=
Subject key identifier:   A8:80:48:84:F5:15:91:31:8D:3D:B8:1F:F5:4B:12:03:F5:4D:C1:93
Certificate issuer:       /CN=49d15a10e74710936cb8c37b7c6f5f1fb38c121f
Certificate serial:       018CC6B936060D336D1DF1336A8159048827
Authority key identifier: 49:D1:5A:10:E7:47:10:93:6C:B8:C3:7B:7C:6F:5F:1F:B3:8C:12:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SdFaEOdHEJNsuMN7fG9fH7OMEh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/814325-2191-41c6-b2ed-e229a42c4085/1/qIBIhPUVkTGNPbgf9UsSA_VNwZM.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48930
IP address blocks:        195.88.98.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/814325-2191-41c6-b2ed-e229a42c4085/1/SdFaEOdHEJNsuMN7fG9fH7OMEh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/814325-2191-41c6-b2ed-e229a42c4085/1/SdFaEOdHEJNsuMN7fG9fH7OMEh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SdFaEOdHEJNsuMN7fG9fH7OMEh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:36:06:0d:33:6d:1d:f1:33:6a:81:59:04:88:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49d15a10e74710936cb8c37b7c6f5f1fb38c121f
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8804884f51591318d3db81ff54b1203f54dc193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:40:d4:21:3e:ec:01:f1:fc:ea:27:09:03:08:
                    bb:9c:be:d3:b1:47:41:6f:f9:d0:38:5c:4b:ef:95:
                    b0:25:8d:77:b1:f8:f2:62:7b:79:9e:4b:81:cc:82:
                    07:92:9c:a7:90:9c:f7:99:34:bb:e4:92:db:48:f2:
                    1a:69:3f:17:e1:76:cd:4a:31:60:4a:cf:5b:5d:b7:
                    fe:9c:6d:68:32:44:c2:c6:13:8a:b2:6a:6e:56:9b:
                    bb:5a:41:41:12:da:ea:91:90:a7:16:7a:11:9d:5c:
                    2b:bd:83:89:da:28:dd:f2:e9:39:38:75:0d:53:e9:
                    40:c1:82:33:79:c4:a6:28:fa:fa:93:8f:10:2c:a3:
                    8b:91:3a:fb:66:6d:d7:bc:3d:02:83:cb:d7:6b:33:
                    be:b9:47:53:07:c4:7e:92:cc:ad:e3:1b:9f:8b:9b:
                    20:a7:03:1c:44:25:da:2b:96:05:69:f5:b8:33:b2:
                    34:c8:52:0b:66:8f:74:83:45:06:39:25:b7:8b:1c:
                    7c:b7:04:35:d8:a3:06:f0:62:a6:7a:ef:88:ee:83:
                    6a:8a:25:51:c5:dc:58:b0:04:a1:23:5d:52:17:6c:
                    bc:b7:01:dc:94:a6:bd:ed:82:f7:f1:32:56:19:06:
                    e1:ee:bb:92:9e:97:26:e3:a4:6a:f9:03:92:30:36:
                    4d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:80:48:84:F5:15:91:31:8D:3D:B8:1F:F5:4B:12:03:F5:4D:C1:93
            X509v3 Authority Key Identifier:
                keyid:49:D1:5A:10:E7:47:10:93:6C:B8:C3:7B:7C:6F:5F:1F:B3:8C:12:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SdFaEOdHEJNsuMN7fG9fH7OMEh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/814325-2191-41c6-b2ed-e229a42c4085/1/qIBIhPUVkTGNPbgf9UsSA_VNwZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/814325-2191-41c6-b2ed-e229a42c4085/1/SdFaEOdHEJNsuMN7fG9fH7OMEh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:cf:c3:e7:ad:dd:a8:7c:4a:73:ce:66:de:d2:5c:81:02:1f:
         e9:3f:6c:f0:75:67:bc:e9:1d:78:a7:22:0d:5a:ff:10:e3:f6:
         df:b8:19:a5:28:46:a3:db:21:dc:68:81:74:ed:f0:e0:0d:1e:
         14:3b:0f:2f:eb:09:39:d3:67:61:de:11:9e:73:1c:b2:9b:88:
         c4:36:dd:53:48:e5:78:92:5b:e9:60:64:4e:7a:a1:f8:90:f3:
         5c:95:89:81:3e:33:c6:c7:82:ab:cd:9f:c1:ed:70:c1:7d:84:
         d6:c5:cc:92:4d:e0:b4:fc:29:eb:e8:ab:ea:d5:dd:b0:54:c4:
         a7:6e:9a:a2:9e:a8:c7:df:b5:1b:dc:a5:10:e7:32:43:e6:0a:
         21:da:2f:44:28:8a:f6:3d:7d:09:cd:91:84:d5:c7:38:bb:72:
         5f:e0:d5:e4:64:71:24:57:68:08:3c:f0:93:31:50:33:24:bd:
         6b:4e:9f:07:86:d0:5a:a1:a3:48:ca:3d:6f:ac:4c:00:69:9f:
         4f:e8:a7:1e:54:ec:59:e2:57:68:38:d2:b0:13:19:0d:84:1a:
         2d:14:79:87:a9:10:bb:1d:be:06:61:7d:ce:da:3b:72:b0:b6:
         ff:06:e9:4b:68:7d:2d:dd:31:88:a7:84:fa:5a:25:af:39:b8:
         78:10:97:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTYGDTNtHfEzaoFZBIgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZDE1YTEwZTc0NzEwOTM2Y2I4YzM3YjdjNmY1ZjFmYjM4
YzEyMWYwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODgwNDg4NGY1MTU5MTMxOGQzZGI4MWZmNTRiMTIwM2Y1NGRjMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEDUIT7sAfH86icJAwi7nL7TsUdB
b/nQOFxL75WwJY13sfjyYnt5nkuBzIIHkpynkJz3mTS75JLbSPIaaT8X4XbNSjFg
Ss9bXbf+nG1oMkTCxhOKsmpuVpu7WkFBEtrqkZCnFnoRnVwrvYOJ2ijd8uk5OHUN
U+lAwYIzecSmKPr6k48QLKOLkTr7Zm3XvD0Cg8vXazO+uUdTB8R+ksyt4xufi5sg
pwMcRCXaK5YFafW4M7I0yFILZo90g0UGOSW3ixx8twQ12KMG8GKmeu+I7oNqiiVR
xdxYsAShI11SF2y8twHclKa97YL38TJWGQbh7ruSnpcm46Rq+QOSMDZNAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiASIT1FZExjT24H/VLEgP1TcGTMB8GA1UdIwQY
MBaAFEnRWhDnRxCTbLjDe3xvXx+zjBIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2RGYUVPZEhFSk5zdU1ON2ZHOWZIN09NRWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84MTQzMjUtMjE5MS00MWM2LWIyZWQt
ZTIyOWE0MmM0MDg1LzEvcUlCSWhQVVZrVEdOUGJnZjlVc1NBX1ZOd1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84MTQzMjUtMjE5MS00MWM2LWIyZWQtZTIyOWE0MmM0MDg1
LzEvU2RGYUVPZEhFSk5zdU1ON2ZHOWZIN09NRWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1hiMA0G
CSqGSIb3DQEBCwUAA4IBAQA5z8Pnrd2ofEpzzmbe0lyBAh/pP2zwdWe86R14pyIN
Wv8Q4/bfuBmlKEaj2yHcaIF07fDgDR4UOw8v6wk502dh3hGecxyym4jENt1TSOV4
klvpYGROeqH4kPNclYmBPjPGx4KrzZ/B7XDBfYTWxcySTeC0/Cnr6Kvq1d2wVMSn
bpqinqjH37Ub3KUQ5zJD5goh2i9EKIr2PX0JzZGE1cc4u3Jf4NXkZHEkV2gIPPCT
MVAzJL1rTp8HhtBaoaNIyj1vrEwAaZ9P6KceVOxZ4ldoONKwExkNhBotFHmHqRC7
Hb4GYX3O2jtysLb/BulLaH0t3TGIp4T6WiWvObh4EJcy
-----END CERTIFICATE-----