Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/A8-av91QGroZNkUua6jhsKZgz0A.roa
File:                     A8-av91QGroZNkUua6jhsKZgz0A.roa (raw, json)
Hash identifier:          2oyN7oy/oVV5mfN23mWbfNGv1w3r5ZK3dCKky7RzRr8=
Subject key identifier:   03:CF:9A:BF:DD:50:1A:BA:19:36:45:2E:6B:A8:E1:B0:A6:60:CF:40
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E04EE1FF7CD5C8E59D4BCD6CA4DBE
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/A8-av91QGroZNkUua6jhsKZgz0A.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201448
IP address blocks:        194.181.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:04:ee:1f:f7:cd:5c:8e:59:d4:bc:d6:ca:4d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03cf9abfdd501aba1936452e6ba8e1b0a660cf40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d7:8f:ec:31:09:8c:68:ac:e8:7e:2d:d4:a8:
                    82:0a:c2:cc:cc:12:55:f5:b1:f2:92:35:c3:ef:78:
                    0e:9c:45:da:17:6f:ec:af:04:0d:81:df:cf:df:83:
                    87:ea:48:a0:b9:31:0e:d1:0d:8d:dc:05:9f:ca:0e:
                    63:d6:17:40:b2:88:9f:c6:91:6d:eb:16:03:ae:fd:
                    2e:7f:4a:f5:18:20:ae:74:7e:3d:57:18:34:7f:89:
                    cc:33:64:00:de:27:5f:4a:03:5b:3a:04:5f:1b:c0:
                    71:ab:4f:f5:2f:ad:f3:36:2f:b4:3a:fb:20:0c:f5:
                    e7:a7:f7:19:ba:1b:1c:bf:e4:2c:ce:2a:49:98:7c:
                    73:4a:80:2e:09:45:19:01:12:2e:24:6a:06:81:1a:
                    13:ba:36:f5:68:9c:83:fa:f5:fa:83:e0:48:50:08:
                    18:30:70:00:5a:7e:f2:1f:27:16:8a:ef:91:e9:2a:
                    6d:08:0a:be:b7:85:bd:45:54:27:3f:95:c0:f1:c6:
                    db:68:c9:95:27:9c:d2:99:27:b0:50:41:b0:94:8b:
                    a5:b1:dc:67:1c:f5:eb:f7:08:b3:17:73:65:15:23:
                    62:73:b3:18:1c:71:e0:61:0c:92:cf:f2:83:58:1c:
                    1a:07:f3:85:3b:bf:cd:9c:f9:5a:6d:bc:02:aa:d2:
                    62:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:CF:9A:BF:DD:50:1A:BA:19:36:45:2E:6B:A8:E1:B0:A6:60:CF:40
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/A8-av91QGroZNkUua6jhsKZgz0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.181.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:35:9f:2b:cd:e8:79:01:fa:34:e2:00:09:ce:fb:71:df:b1:
         ac:d3:35:1c:f8:c5:3b:9d:3b:0c:86:78:c8:cb:fa:3f:eb:ae:
         66:d7:61:c9:0c:fc:6f:3e:4d:27:b3:86:d3:c5:c8:41:e4:20:
         60:3a:ae:f9:19:82:97:c5:4f:2c:1e:2f:22:39:65:92:06:72:
         5c:1c:b3:27:15:34:0c:41:7b:45:5e:53:ed:fb:6d:de:c9:2c:
         ec:82:4f:8a:18:c1:e7:cb:7f:40:67:80:48:60:ce:24:80:af:
         f0:c9:16:6b:66:07:d4:03:f4:2d:7f:58:cd:3f:a1:9c:40:01:
         45:83:fa:72:6c:18:86:bf:fd:ba:a1:8f:54:88:11:0b:f0:64:
         2e:17:c3:3a:c4:4d:11:b6:e9:e7:b8:a2:8b:8e:a7:49:e5:99:
         62:87:0c:f1:92:f8:24:6f:a7:9c:3f:c8:b6:a6:d2:28:d8:ee:
         90:f0:8f:14:41:1e:8e:5e:5f:b5:01:98:81:a2:9e:a8:a5:39:
         99:8c:da:84:b3:e6:d8:bf:15:b1:68:da:1a:63:e0:19:02:23:
         6c:5a:9b:6e:2d:64:32:d9:2a:c9:15:68:db:a3:c6:9a:16:da:
         b3:62:2c:c6:f9:d5:7d:11:16:ed:02:eb:cf:2d:6f:74:23:4f:
         92:dd:f4:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgTuH/fNXI5Z1LzWyk2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2NmOWFiZmRkNTAxYWJhMTkzNjQ1MmU2YmE4ZTFiMGE2NjBjZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NeP7DEJjGis6H4t1KiCCsLMzBJV
9bHykjXD73gOnEXaF2/srwQNgd/P34OH6kiguTEO0Q2N3AWfyg5j1hdAsoifxpFt
6xYDrv0uf0r1GCCudH49Vxg0f4nMM2QA3idfSgNbOgRfG8Bxq0/1L63zNi+0Ovsg
DPXnp/cZuhscv+QszipJmHxzSoAuCUUZARIuJGoGgRoTujb1aJyD+vX6g+BIUAgY
MHAAWn7yHycWiu+R6SptCAq+t4W9RVQnP5XA8cbbaMmVJ5zSmSewUEGwlIulsdxn
HPXr9wizF3NlFSNic7MYHHHgYQySz/KDWBwaB/OFO7/NnPlabbwCqtJiMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPPmr/dUBq6GTZFLmuo4bCmYM9AMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvQTgtYXY5MVFHcm9aTmtVdWE2amhzS1pnejBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrUmMA0G
CSqGSIb3DQEBCwUAA4IBAQBDNZ8rzeh5Afo04gAJzvtx37Gs0zUc+MU7nTsMhnjI
y/o/665m12HJDPxvPk0ns4bTxchB5CBgOq75GYKXxU8sHi8iOWWSBnJcHLMnFTQM
QXtFXlPt+23eySzsgk+KGMHny39AZ4BIYM4kgK/wyRZrZgfUA/Qtf1jNP6GcQAFF
g/pybBiGv/26oY9UiBEL8GQuF8M6xE0RtunnuKKLjqdJ5Zlihwzxkvgkb6ecP8i2
ptIo2O6Q8I8UQR6OXl+1AZiBop6opTmZjNqEs+bYvxWxaNoaY+AZAiNsWptuLWQy
2SrJFWjbo8aaFtqzYizG+dV9ERbtAuvPLW90I0+S3fSi
-----END CERTIFICATE-----