Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/Iw20cHOSTnJ5LrmjydopTB_Y3ko.roa
File:                     Iw20cHOSTnJ5LrmjydopTB_Y3ko.roa (raw, json)
Hash identifier:          1Spm5ZeZS6z5Y6FvKVXuUziOc1K4GA5FBbCjm3GXT7k=
Subject key identifier:   23:0D:B4:70:73:92:4E:72:79:2E:B9:A3:C9:DA:29:4C:1F:D8:DE:4A
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94DFDDC6380771E696E193EE6E18AF3
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/Iw20cHOSTnJ5LrmjydopTB_Y3ko.roa
Signing time:             Tue 02 Jan 2024 08:33:00 +0000
ROA not before:           Tue 02 Jan 2024 08:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49035
IP address blocks:        195.187.156.0/23 maxlen: 23
                          195.187.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fd:dc:63:80:77:1e:69:6e:19:3e:e6:e1:8a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=230db47073924e72792eb9a3c9da294c1fd8de4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:69:5b:b9:8c:8b:68:11:cd:77:6f:fa:03:78:
                    76:d2:40:f5:d7:9f:bd:59:8e:73:4a:7f:2b:42:d9:
                    43:02:69:f0:14:4e:f3:3d:30:3e:a1:99:84:5a:66:
                    48:d7:b6:e6:69:76:dc:b9:f3:3d:2d:9c:b1:3a:94:
                    25:a8:4a:5c:01:8a:00:09:80:35:f7:4c:c2:12:95:
                    b6:be:70:0a:4c:c9:40:78:3d:f7:c0:db:e4:ed:aa:
                    9b:75:1f:ee:7f:31:3b:72:ef:18:c8:68:5f:49:f2:
                    16:65:b1:81:47:89:c5:6e:41:4e:93:55:b4:31:d0:
                    55:4c:30:6d:51:c8:d1:38:cf:07:36:3e:42:f2:c3:
                    74:cd:32:af:c3:32:72:31:b0:33:a3:52:ab:75:5f:
                    29:4a:fc:3a:e4:ff:39:73:08:19:22:c4:e1:af:16:
                    7b:91:cc:39:b6:dc:c5:0a:25:6f:b1:d8:97:33:55:
                    e4:44:97:74:61:43:01:9d:86:97:33:7d:a4:06:96:
                    35:a7:90:98:d6:56:cf:f2:a8:1e:eb:a2:f1:8d:ef:
                    93:8e:a9:1c:08:a5:7d:82:4d:78:7c:c9:00:bd:af:
                    70:80:4b:c0:fe:b1:f9:42:83:7f:7f:8d:af:25:a7:
                    41:a9:ac:ef:53:8f:95:85:91:1d:8f:49:72:63:2f:
                    67:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0D:B4:70:73:92:4E:72:79:2E:B9:A3:C9:DA:29:4C:1F:D8:DE:4A
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/Iw20cHOSTnJ5LrmjydopTB_Y3ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.187.156.0-195.187.158.255

    Signature Algorithm: sha256WithRSAEncryption
         14:81:d3:e5:01:f9:3c:39:b2:8e:fa:bf:79:f0:16:b8:f1:4b:
         b0:85:81:5b:b6:45:93:e4:ed:07:5c:c7:fc:4d:75:3b:bd:8e:
         8f:4f:77:c3:83:e7:23:85:df:9b:7e:75:a5:f8:3b:a8:b2:cd:
         17:4c:6c:f9:f8:16:fc:a1:05:a9:16:31:9d:67:62:9d:44:b5:
         ab:8a:0e:96:2b:b3:29:2f:22:54:a4:0a:9d:2e:91:9e:63:95:
         3a:68:26:cc:e9:57:de:83:29:0d:c4:0b:07:85:0f:69:23:d3:
         13:85:86:6e:14:43:ed:27:46:a7:5f:55:d0:b9:42:f1:80:cf:
         fe:56:47:85:8a:76:3f:d5:9e:65:08:cb:94:83:f4:cd:e7:c4:
         eb:17:9a:eb:de:3f:be:a8:e1:9a:0a:0f:2a:1a:30:e4:2c:c4:
         0c:96:57:4a:d3:61:33:54:08:5c:00:7c:1e:20:e6:ea:ec:cf:
         78:fe:b0:11:f7:e3:cc:37:21:f3:ed:2f:28:83:81:56:bf:1f:
         77:c8:e6:b4:93:c2:f3:09:85:6b:56:bf:ff:c2:5b:b8:78:53:
         1f:95:8e:58:fb:0c:db:85:ea:fd:e7:b3:c2:c7:d6:5c:ae:5f:
         47:27:a7:82:2b:17:ac:8b:49:ef:be:a5:e5:fe:be:00:b4:f6:
         9f:bf:c7:6b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTf3cY4B3HmluGT7m4YrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzBkYjQ3MDczOTI0ZTcyNzkyZWI5YTNjOWRhMjk0YzFmZDhkZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGlbuYyLaBHNd2/6A3h20kD115+9
WY5zSn8rQtlDAmnwFE7zPTA+oZmEWmZI17bmaXbcufM9LZyxOpQlqEpcAYoACYA1
90zCEpW2vnAKTMlAeD33wNvk7aqbdR/ufzE7cu8YyGhfSfIWZbGBR4nFbkFOk1W0
MdBVTDBtUcjROM8HNj5C8sN0zTKvwzJyMbAzo1KrdV8pSvw65P85cwgZIsThrxZ7
kcw5ttzFCiVvsdiXM1XkRJd0YUMBnYaXM32kBpY1p5CY1lbP8qge66Lxje+Tjqkc
CKV9gk14fMkAva9wgEvA/rH5QoN/f42vJadBqazvU4+VhZEdj0lyYy9nfwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCMNtHBzkk5yeS65o8naKUwf2N5KMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvSXcyMGNIT1NUbko1THJtanlkb3BUQl9ZM2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALDu5wD
BADDu54wDQYJKoZIhvcNAQELBQADggEBABSB0+UB+Tw5so76v3nwFrjxS7CFgVu2
RZPk7Qdcx/xNdTu9jo9Pd8OD5yOF35t+daX4O6iyzRdMbPn4FvyhBakWMZ1nYp1E
tauKDpYrsykvIlSkCp0ukZ5jlTpoJszpV96DKQ3ECweFD2kj0xOFhm4UQ+0nRqdf
VdC5QvGAz/5WR4WKdj/VnmUIy5SD9M3nxOsXmuveP76o4ZoKDyoaMOQsxAyWV0rT
YTNUCFwAfB4g5ursz3j+sBH348w3IfPtLyiDgVa/H3fI5rSTwvMJhWtWv//CW7h4
Ux+Vjlj7DNuF6v3ns8LH1lyuX0cnp4IrF6yLSe++peX+vgC09p+/x2s=
-----END CERTIFICATE-----