Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/gi40m2-6WIgq6s3y-vo93s5XQqI.roa
File:                     gi40m2-6WIgq6s3y-vo93s5XQqI.roa (raw, json)
Hash identifier:          ae7ASYvDDKYDz9UfcQjIs7W3reQaaL/BT/qjF4pNURU=
Subject key identifier:   82:2E:34:9B:6F:BA:58:88:2A:EA:CD:F2:FA:FA:3D:DE:CE:57:42:A2
Certificate issuer:       /CN=01d1a1353f7f8b505fc98750e86787f4e046432e
Certificate serial:       018D300C577446B261BF46F6950FB203CA51
Authority key identifier: 01:D1:A1:35:3F:7F:8B:50:5F:C9:87:50:E8:67:87:F4:E0:46:43:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/gi40m2-6WIgq6s3y-vo93s5XQqI.roa
Signing time:             Mon 22 Jan 2024 07:22:11 +0000
ROA not before:           Mon 22 Jan 2024 07:22:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12313
IP address blocks:        88.130.236.0/22 maxlen: 22
                          88.130.240.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:30:0c:57:74:46:b2:61:bf:46:f6:95:0f:b2:03:ca:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d1a1353f7f8b505fc98750e86787f4e046432e
        Validity
            Not Before: Jan 22 07:22:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=822e349b6fba58882aeacdf2fafa3ddece5742a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:58:77:3e:ec:eb:1e:af:42:71:83:da:89:a8:
                    f9:83:dc:a7:1a:85:e2:41:f6:64:9d:ac:04:cc:3a:
                    f8:4a:82:f1:3a:ca:3a:6c:b4:cd:e2:72:12:3f:dc:
                    3f:f8:4b:34:cf:b1:b5:c7:0f:0d:65:9f:56:44:13:
                    e2:54:28:8c:3c:00:e0:1d:ba:05:a4:4d:4e:cd:50:
                    af:f8:71:ba:2d:b8:86:1d:3c:31:4d:05:3b:47:4b:
                    40:cd:a5:5a:4e:61:d3:7c:1e:51:ab:a2:a9:7c:21:
                    42:ca:9f:18:24:d9:09:02:b3:a0:92:ee:7a:2a:4f:
                    dd:45:bf:6b:d4:40:dd:f4:49:55:58:71:70:c1:9e:
                    d2:05:d4:59:c5:98:67:b0:b0:03:65:45:0c:52:6e:
                    50:a7:7b:b9:01:de:ea:87:e6:a9:0f:e5:09:18:43:
                    0a:e7:1d:55:a3:97:db:41:2d:08:63:e3:7d:9a:40:
                    81:97:0b:f5:0f:38:ad:37:a3:7a:91:1e:38:50:fa:
                    0f:fc:3d:78:93:8f:d1:00:6f:57:6a:05:a0:40:a4:
                    8a:cd:3e:4e:82:e1:9f:1c:ef:ef:8d:70:df:02:c6:
                    26:38:c1:a4:7a:51:7b:4b:98:4f:e2:62:4a:97:6f:
                    6d:86:ef:0f:12:61:2d:d3:3c:bf:bc:ef:4f:e2:e5:
                    62:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2E:34:9B:6F:BA:58:88:2A:EA:CD:F2:FA:FA:3D:DE:CE:57:42:A2
            X509v3 Authority Key Identifier:
                keyid:01:D1:A1:35:3F:7F:8B:50:5F:C9:87:50:E8:67:87:F4:E0:46:43:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/gi40m2-6WIgq6s3y-vo93s5XQqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.130.236.0-88.130.255.255

    Signature Algorithm: sha256WithRSAEncryption
         8a:bc:fd:26:6f:87:72:ed:21:47:76:e0:60:5d:3e:b4:46:82:
         b9:6c:72:7a:9e:c2:e4:ea:c9:f7:88:98:0f:38:83:53:5d:72:
         d2:ce:d5:76:bd:9a:e8:83:6a:ab:8d:3f:d8:05:0f:f9:ba:11:
         f4:ff:0d:24:3e:0d:3c:8c:0c:12:12:55:31:15:03:60:7d:4b:
         d2:11:74:ea:42:bc:0b:72:4f:d6:41:db:4f:d1:84:e3:5f:89:
         d3:b6:95:40:7e:9c:e1:66:c3:47:66:8e:94:b6:7a:63:a5:57:
         cf:de:88:92:cb:3a:bd:24:96:51:fb:7d:e5:15:1b:d9:da:93:
         9a:ab:7c:d7:7f:64:cc:c9:f1:4e:ff:86:7a:fe:27:b3:ef:47:
         be:6c:fc:52:b5:54:81:00:10:f0:a2:a3:88:c1:61:ea:06:96:
         a6:35:6b:8c:77:f7:57:32:81:78:ef:0c:fb:a6:0d:e6:50:6e:
         68:d3:2f:64:38:d3:bd:93:d9:8c:03:0f:12:b7:c9:28:29:1b:
         ad:83:85:aa:5d:45:5f:4b:19:fc:25:9e:f3:37:79:bb:f5:46:
         f7:83:9d:44:4b:7b:15:ea:09:81:b1:a7:9e:6b:5f:93:d1:05:
         75:7c:00:5c:ea:bb:0f:5b:be:80:92:68:17:22:55:f3:77:50:
         51:66:1e:97
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAY0wDFd0RrJhv0b2lQ+yA8pRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDFhMTM1M2Y3ZjhiNTA1ZmM5ODc1MGU4Njc4N2Y0ZTA0
NjQzMmUwHhcNMjQwMTIyMDcyMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJlMzQ5YjZmYmE1ODg4MmFlYWNkZjJmYWZhM2RkZWNlNTc0MmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01h3PuzrHq9CcYPaiaj5g9ynGoXi
QfZknawEzDr4SoLxOso6bLTN4nISP9w/+Es0z7G1xw8NZZ9WRBPiVCiMPADgHboF
pE1OzVCv+HG6LbiGHTwxTQU7R0tAzaVaTmHTfB5Rq6KpfCFCyp8YJNkJArOgku56
Kk/dRb9r1EDd9ElVWHFwwZ7SBdRZxZhnsLADZUUMUm5Qp3u5Ad7qh+apD+UJGEMK
5x1Vo5fbQS0IY+N9mkCBlwv1DzitN6N6kR44UPoP/D14k4/RAG9XagWgQKSKzT5O
guGfHO/vjXDfAsYmOMGkelF7S5hP4mJKl29thu8PEmEt0zy/vO9P4uVi4wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIIuNJtvuliIKurN8vr6Pd7OV0KiMB8GA1UdIwQY
MBaAFAHRoTU/f4tQX8mHUOhnh/TgRkMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRHaE5UOV9pMUJmeVlkUTZHZUg5T0JHUXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9iMTM5M2QtY2NhOC00YTk3LTgxYWEt
NjQzYTQxNTlhYjQ2LzEvZ2k0MG0yLTZXSWdxNnMzeS12bzkzczVYUXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9iMTM5M2QtY2NhOC00YTk3LTgxYWEtNjQzYTQxNTlhYjQ2
LzEvQWRHaE5UOV9pMUJmeVlkUTZHZUg5T0JHUXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDBAJYguwD
AwBYgjANBgkqhkiG9w0BAQsFAAOCAQEAirz9Jm+Hcu0hR3bgYF0+tEaCuWxyep7C
5OrJ94iYDziDU11y0s7Vdr2a6INqq40/2AUP+boR9P8NJD4NPIwMEhJVMRUDYH1L
0hF06kK8C3JP1kHbT9GE41+J07aVQH6c4WbDR2aOlLZ6Y6VXz96Ikss6vSSWUft9
5RUb2dqTmqt8139kzMnxTv+Gev4ns+9Hvmz8UrVUgQAQ8KKjiMFh6gaWpjVrjHf3
VzKBeO8M+6YN5lBuaNMvZDjTvZPZjAMPErfJKCkbrYOFql1FX0sZ/CWe8zd5u/VG
94OdREt7FeoJgbGnnmtfk9EFdXwAXOq7D1u+gJJoFyJV83dQUWYelw==
-----END CERTIFICATE-----