Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/2P6kXl1w4W9_BWXcvTCb-aFXQ4k.roa
File:                     2P6kXl1w4W9_BWXcvTCb-aFXQ4k.roa (raw, json)
Hash identifier:          8sj0DOCsegtDtHprBtWqGf8JCVluKRYZR8mUNa8GTq4=
Subject key identifier:   D8:FE:A4:5E:5D:70:E1:6F:7F:05:65:DC:BD:30:9B:F9:A1:57:43:89
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E060DCEA9C0EA58EE92C077233A8B
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/2P6kXl1w4W9_BWXcvTCb-aFXQ4k.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202600
IP address blocks:        194.181.43.0/24 maxlen: 24
                          194.181.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:06:0d:ce:a9:c0:ea:58:ee:92:c0:77:23:3a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8fea45e5d70e16f7f0565dcbd309bf9a1574389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:95:44:97:b4:c6:3d:ec:eb:c5:aa:cb:9c:dd:
                    30:f8:07:e9:d9:ee:11:34:41:ad:1e:29:5e:8d:2c:
                    8a:00:7d:1a:a7:cd:5a:0d:40:29:ae:8a:3a:6a:da:
                    94:52:1c:c3:86:17:30:e6:cc:f5:88:50:9d:66:40:
                    ea:35:77:00:1e:f1:ca:d9:6b:6b:63:64:34:08:8a:
                    09:03:c8:25:d5:80:90:cb:54:c5:94:82:92:19:bc:
                    60:6e:5b:2d:81:3d:a9:9e:9b:51:f9:b3:b8:66:24:
                    7f:df:da:bf:e3:35:f5:57:35:d0:ca:f6:77:29:32:
                    e3:c9:2d:de:72:90:51:b4:78:3e:a2:b1:3f:78:52:
                    12:55:80:dc:f0:67:f2:67:b9:20:b1:a4:50:4d:65:
                    9d:8b:37:c6:05:88:9a:f1:3b:5c:b7:ba:cd:78:4a:
                    75:de:17:b5:35:f3:13:7b:7d:43:36:06:8e:e0:7e:
                    c6:47:fd:20:f5:a9:d4:bd:3e:e9:55:93:40:5d:c8:
                    36:3b:73:87:13:7e:ea:f9:de:19:83:9f:2d:ab:6d:
                    66:3a:b9:95:b5:04:a3:ff:34:4a:7d:75:fb:c2:f6:
                    e5:55:e5:d7:9f:45:d0:14:8b:e9:85:ea:6f:67:52:
                    92:56:df:3d:e8:b9:f6:d4:70:93:f1:f4:fb:d9:30:
                    ee:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:FE:A4:5E:5D:70:E1:6F:7F:05:65:DC:BD:30:9B:F9:A1:57:43:89
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/2P6kXl1w4W9_BWXcvTCb-aFXQ4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.181.43.0-194.181.44.255

    Signature Algorithm: sha256WithRSAEncryption
         49:dd:b0:2f:4b:b3:77:03:82:83:d3:38:c5:ad:b5:e4:0d:b0:
         a5:bd:ad:49:98:b5:e1:32:dc:f4:63:f6:8b:44:8d:82:b2:60:
         79:5e:54:00:57:4f:af:37:39:a9:6a:ac:0e:5b:f5:f4:40:09:
         75:f6:7e:4f:48:bf:dc:11:c3:ee:20:db:c1:e9:be:a1:2a:29:
         72:5a:e2:bf:5b:12:e9:82:92:24:dc:48:af:d4:dc:dc:41:e9:
         66:81:78:a0:53:b2:51:d0:7f:9f:f9:fd:10:ae:e1:02:8f:95:
         37:a7:87:5c:bc:ce:dd:63:db:fb:1f:b4:dd:dd:59:fd:a9:92:
         90:56:57:26:df:7a:ca:24:7b:b2:5b:9b:f2:5b:ae:c1:10:3b:
         9b:d8:96:7d:53:09:b2:59:e6:d9:84:4b:e9:9f:4e:e9:01:96:
         b7:63:fe:cd:05:d2:c8:47:f2:ef:60:4b:09:7c:26:39:0c:44:
         08:f7:25:f6:8c:59:a1:e4:94:b9:a9:b4:27:c8:5e:a7:f2:e4:
         e0:a1:3d:72:60:3b:ef:81:3d:d6:23:e0:42:52:5b:f8:2b:bd:
         f8:ab:32:96:ed:19:f8:d5:ed:34:cd:91:bb:46:01:a3:2e:c7:
         da:19:04:77:3d:71:e6:4e:6a:9a:14:73:33:5f:6b:3d:00:07:
         8d:6e:ab:7d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTgYNzqnA6ljuksB3IzqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGZlYTQ1ZTVkNzBlMTZmN2YwNTY1ZGNiZDMwOWJmOWExNTc0Mzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpVEl7TGPezrxarLnN0w+Afp2e4R
NEGtHilejSyKAH0ap81aDUAproo6atqUUhzDhhcw5sz1iFCdZkDqNXcAHvHK2Wtr
Y2Q0CIoJA8gl1YCQy1TFlIKSGbxgblstgT2pnptR+bO4ZiR/39q/4zX1VzXQyvZ3
KTLjyS3ecpBRtHg+orE/eFISVYDc8GfyZ7kgsaRQTWWdizfGBYia8Ttct7rNeEp1
3he1NfMTe31DNgaO4H7GR/0g9anUvT7pVZNAXcg2O3OHE37q+d4Zg58tq21mOrmV
tQSj/zRKfXX7wvblVeXXn0XQFIvphepvZ1KSVt896Ln21HCT8fT72TDurQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNj+pF5dcOFvfwVl3L0wm/mhV0OJMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvMlA2a1hsMXc0VzlfQldYY3ZUQ2ItYUZYUTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCtSsD
BADCtSwwDQYJKoZIhvcNAQELBQADggEBAEndsC9Ls3cDgoPTOMWtteQNsKW9rUmY
teEy3PRj9otEjYKyYHleVABXT683OalqrA5b9fRACXX2fk9Iv9wRw+4g28HpvqEq
KXJa4r9bEumCkiTcSK/U3NxB6WaBeKBTslHQf5/5/RCu4QKPlTenh1y8zt1j2/sf
tN3dWf2pkpBWVybfesoke7Jbm/JbrsEQO5vYln1TCbJZ5tmES+mfTukBlrdj/s0F
0shH8u9gSwl8JjkMRAj3JfaMWaHklLmptCfIXqfy5OChPXJgO++BPdYj4EJSW/gr
vfirMpbtGfjV7TTNkbtGAaMux9oZBHc9ceZOapoUczNfaz0AB41uq30=
-----END CERTIFICATE-----