Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/G3BVg4yke4NDxUFlv_zFpSnF4Nc.roa
File:                     G3BVg4yke4NDxUFlv_zFpSnF4Nc.roa (raw, json)
Hash identifier:          w3g9C4T32tvVozRRis97p05rPe6oPb97zc/GoQ0Gvuw=
Subject key identifier:   1B:70:55:83:8C:A4:7B:83:43:C5:41:65:BF:FC:C5:A5:29:C5:E0:D7
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E0523EA4A9AAF9D9BC504AC851C7E
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/G3BVg4yke4NDxUFlv_zFpSnF4Nc.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201617
IP address blocks:        148.81.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:05:23:ea:4a:9a:af:9d:9b:c5:04:ac:85:1c:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b7055838ca47b8343c54165bffcc5a529c5e0d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:20:61:c2:23:6e:bf:f6:6c:89:57:e8:6a:8b:
                    05:0c:4b:c7:3c:33:c4:6e:5d:b5:51:21:eb:9a:e8:
                    cd:83:b4:2f:52:67:fb:da:4d:ad:7f:25:7e:e0:2b:
                    3b:e3:16:c8:22:b0:df:c6:74:53:3f:0f:df:17:0e:
                    1b:7b:95:62:77:2a:1b:0e:77:51:55:15:4d:cd:ea:
                    eb:13:8e:46:ca:83:41:bd:b8:ee:8d:b1:10:e2:36:
                    d6:c1:56:d7:77:4b:03:bd:c8:b0:37:f0:e1:e1:ec:
                    5c:6c:dd:b7:f4:a8:17:3b:b3:39:bd:8b:68:32:09:
                    e0:95:01:cc:c4:15:ee:87:88:89:52:3c:e8:54:3b:
                    0e:f5:55:f1:2d:0b:7c:03:9b:01:7c:e4:14:0e:11:
                    e1:6d:c8:7f:65:11:37:99:66:30:62:86:de:c4:54:
                    31:f0:5a:4e:59:4f:4c:61:5a:8e:e5:ba:19:e7:cf:
                    73:80:3c:bf:be:a5:40:a7:22:b4:be:d5:74:ea:a6:
                    3e:28:e5:da:55:a0:f0:e3:bd:8c:5d:cb:09:09:f9:
                    c3:ca:7e:f4:08:d3:11:c6:7f:60:73:46:04:c4:c3:
                    c8:1f:40:a0:48:d5:2e:dd:6f:7f:98:68:6b:ac:f5:
                    98:04:2b:07:8d:e8:1b:5f:66:d9:a4:85:53:b1:ad:
                    1f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:70:55:83:8C:A4:7B:83:43:C5:41:65:BF:FC:C5:A5:29:C5:E0:D7
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/G3BVg4yke4NDxUFlv_zFpSnF4Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.81.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:0d:d1:1e:97:ce:d0:ac:15:b4:5b:9c:58:75:fe:5b:14:e3:
         29:df:b3:02:b3:95:3e:50:2d:65:56:2c:a2:69:11:cf:a2:f2:
         04:9b:8f:09:84:8b:7b:ac:ae:f4:28:9c:f1:da:87:47:69:f8:
         fe:09:9c:fe:d7:37:3e:79:3d:5f:22:3b:09:ff:63:8f:88:8e:
         f7:78:4f:5a:43:5f:fe:94:29:78:13:35:5e:49:11:bb:95:d5:
         89:4b:b5:ca:0e:b2:0e:fb:6a:f7:7b:e4:64:19:85:b5:e5:6d:
         4a:39:7f:47:b5:44:86:3f:48:5f:8e:85:aa:1c:77:ad:25:95:
         87:61:f9:13:9c:23:c3:89:b7:cb:bc:64:a6:90:09:34:19:d0:
         8a:bc:cf:86:06:b4:cb:31:62:a3:6c:57:f8:07:bd:41:f0:b3:
         2a:1b:7a:c3:cd:2e:f8:5b:94:9c:b6:9b:f4:80:b3:57:a6:09:
         3b:5d:89:48:dc:c7:77:a7:c1:d9:85:3c:a3:bf:57:1c:13:c0:
         cf:c3:6a:e3:e9:e1:5b:af:ba:69:c2:6a:5c:17:53:d5:1a:3e:
         66:94:df:53:ed:ed:4a:72:76:a4:c4:c7:9d:6b:6a:31:25:44:
         12:f1:4d:b2:92:69:25:b2:97:fd:ee:6d:de:03:06:9c:0c:e2:
         3e:53:18:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgUj6kqar52bxQSshRx+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjcwNTU4MzhjYTQ3YjgzNDNjNTQxNjViZmZjYzVhNTI5YzVlMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgiBhwiNuv/ZsiVfoaosFDEvHPDPE
bl21USHrmujNg7QvUmf72k2tfyV+4Cs74xbIIrDfxnRTPw/fFw4be5VidyobDndR
VRVNzerrE45GyoNBvbjujbEQ4jbWwVbXd0sDvciwN/Dh4excbN239KgXO7M5vYto
MgnglQHMxBXuh4iJUjzoVDsO9VXxLQt8A5sBfOQUDhHhbch/ZRE3mWYwYobexFQx
8FpOWU9MYVqO5boZ589zgDy/vqVApyK0vtV06qY+KOXaVaDw472MXcsJCfnDyn70
CNMRxn9gc0YExMPIH0CgSNUu3W9/mGhrrPWYBCsHjegbX2bZpIVTsa0fMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtwVYOMpHuDQ8VBZb/8xaUpxeDXMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvRzNCVmc0eWtlNE5EeFVGbHZfekZwU25GNE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlFHmMA0G
CSqGSIb3DQEBCwUAA4IBAQBeDdEel87QrBW0W5xYdf5bFOMp37MCs5U+UC1lViyi
aRHPovIEm48JhIt7rK70KJzx2odHafj+CZz+1zc+eT1fIjsJ/2OPiI73eE9aQ1/+
lCl4EzVeSRG7ldWJS7XKDrIO+2r3e+RkGYW15W1KOX9HtUSGP0hfjoWqHHetJZWH
YfkTnCPDibfLvGSmkAk0GdCKvM+GBrTLMWKjbFf4B71B8LMqG3rDzS74W5Sctpv0
gLNXpgk7XYlI3Md3p8HZhTyjv1ccE8DPw2rj6eFbr7ppwmpcF1PVGj5mlN9T7e1K
cnakxMeda2oxJUQS8U2ykmklspf97m3eAwacDOI+Uxii
-----END CERTIFICATE-----