Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ss2wEmPFoC9rElMrYxsxRuA_Mgs.roa
File:                     ss2wEmPFoC9rElMrYxsxRuA_Mgs.roa (raw, json)
Hash identifier:          QooIB3LMcTC+8HmiLUS07ACmfTg/fXpNG9WHgDD1mlU=
Subject key identifier:   B2:CD:B0:12:63:C5:A0:2F:6B:12:53:2B:63:1B:31:46:E0:3F:32:0B
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7952A07D5A7CB6487AA9C95BD46B5D8
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ss2wEmPFoC9rElMrYxsxRuA_Mgs.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        193.233.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2a:07:d5:a7:cb:64:87:aa:9c:95:bd:46:b5:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2cdb01263c5a02f6b12532b631b3146e03f320b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:69:3e:55:ba:88:55:06:c5:27:ca:75:b0:2a:
                    5b:e3:28:d8:35:1f:33:f8:6b:ec:2d:9e:8e:d3:34:
                    92:70:7b:78:38:24:66:a0:b8:e9:fe:04:46:fc:21:
                    98:d9:f7:0a:68:ff:66:ea:c6:0d:8e:6e:02:e2:9a:
                    02:0b:fc:64:7d:f7:61:f9:db:3f:59:3d:dd:bd:6b:
                    24:50:d0:34:61:5f:21:32:e8:a4:60:1a:61:97:22:
                    f2:c2:64:e8:51:15:44:22:50:14:21:b6:9a:b9:37:
                    0b:53:6e:da:23:00:61:47:ae:8d:c3:fe:35:ad:72:
                    e4:17:86:d1:5b:82:59:fe:f9:ca:b9:ff:57:5d:f7:
                    62:04:29:bb:57:60:5d:58:0a:d6:73:95:6f:67:7b:
                    59:24:e7:0d:66:7c:b8:0d:67:b1:1f:ce:f7:8e:fe:
                    5c:67:dc:ef:d0:64:a6:6c:fb:81:40:72:86:ee:ec:
                    76:bf:f6:3a:ff:d3:4c:d8:1e:c7:d6:d5:0b:28:46:
                    0c:03:42:45:da:b7:48:bb:2d:13:00:3e:61:4f:ce:
                    42:70:75:09:ce:c3:ba:f7:53:30:c0:64:a9:80:7e:
                    14:39:10:8a:9f:83:c6:e8:07:86:97:36:c3:5e:66:
                    47:dc:e8:b0:75:d2:3c:87:56:4a:19:6b:a8:e6:d8:
                    5a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CD:B0:12:63:C5:A0:2F:6B:12:53:2B:63:1B:31:46:E0:3F:32:0B
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ss2wEmPFoC9rElMrYxsxRuA_Mgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:a3:6e:fb:1a:aa:ba:28:80:40:a7:b1:33:ee:29:64:37:06:
         d7:41:88:30:55:bc:48:84:02:3b:65:db:d4:30:68:87:ed:c2:
         4b:07:e7:4a:ee:ac:eb:20:43:8c:f3:5e:fd:6e:f9:01:22:3d:
         99:0b:05:3e:57:85:28:eb:4d:60:d9:ba:2e:0a:53:cf:50:b3:
         40:72:99:d6:5a:11:18:33:4d:f0:a5:8d:b5:9b:6e:d3:a9:01:
         1c:c7:68:72:99:6a:23:4c:84:3c:07:6d:e6:b9:29:c0:5e:81:
         96:93:c9:7e:65:15:1a:d9:17:17:0c:a3:90:01:e7:29:89:04:
         98:99:98:06:6c:0b:0e:80:b1:fb:02:23:48:ff:34:48:4a:54:
         2d:ef:d1:bf:74:a7:10:82:8b:fe:6a:27:f3:99:93:6d:a6:f6:
         7d:dc:94:c3:87:14:4a:fe:e5:61:6c:d9:b6:26:02:09:97:c7:
         01:7c:ea:f7:4d:dd:ed:d1:3d:7a:14:92:a4:7c:59:06:86:b7:
         5a:6c:c5:67:47:5a:3d:8c:0c:26:53:f7:dc:b3:46:a3:54:2f:
         32:62:2b:78:39:fb:e9:d4:79:50:2a:4a:30:17:cb:a4:88:e0:
         6c:8f:14:20:4e:65:ee:8e:63:27:34:3b:99:ac:9d:ba:e4:f7:
         dc:ee:c3:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSoH1afLZIeqnJW9RrXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNkYjAxMjYzYzVhMDJmNmIxMjUzMmI2MzFiMzE0NmUwM2YzMjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWk+VbqIVQbFJ8p1sCpb4yjYNR8z
+GvsLZ6O0zSScHt4OCRmoLjp/gRG/CGY2fcKaP9m6sYNjm4C4poCC/xkffdh+ds/
WT3dvWskUNA0YV8hMuikYBphlyLywmToURVEIlAUIbaauTcLU27aIwBhR66Nw/41
rXLkF4bRW4JZ/vnKuf9XXfdiBCm7V2BdWArWc5VvZ3tZJOcNZny4DWexH873jv5c
Z9zv0GSmbPuBQHKG7ux2v/Y6/9NM2B7H1tULKEYMA0JF2rdIuy0TAD5hT85CcHUJ
zsO691MwwGSpgH4UORCKn4PG6AeGlzbDXmZH3OiwddI8h1ZKGWuo5thaHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLNsBJjxaAvaxJTK2MbMUbgPzILMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvc3Myd0VtUEZvQzlyRWxNcll4c3hSdUFfTWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwelYMA0G
CSqGSIb3DQEBCwUAA4IBAQCRo277Gqq6KIBAp7Ez7ilkNwbXQYgwVbxIhAI7ZdvU
MGiH7cJLB+dK7qzrIEOM8179bvkBIj2ZCwU+V4Uo601g2bouClPPULNAcpnWWhEY
M03wpY21m27TqQEcx2hymWojTIQ8B23muSnAXoGWk8l+ZRUa2RcXDKOQAecpiQSY
mZgGbAsOgLH7AiNI/zRISlQt79G/dKcQgov+aifzmZNtpvZ93JTDhxRK/uVhbNm2
JgIJl8cBfOr3Td3t0T16FJKkfFkGhrdabMVnR1o9jAwmU/fcs0ajVC8yYit4Ofvp
1HlQKkowF8ukiOBsjxQgTmXujmMnNDuZrJ265Pfc7sMe
-----END CERTIFICATE-----