Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/m82VyEkW6fHi0OaYvMCvLjBDmhE.roa
File:                     m82VyEkW6fHi0OaYvMCvLjBDmhE.roa (raw, json)
Hash identifier:          zK0ltneiNVoaR7T5+wRdC11ULapghbwzZX/BOYhaPVY=
Subject key identifier:   9B:CD:95:C8:49:16:E9:F1:E2:D0:E6:98:BC:C0:AF:2E:30:43:9A:11
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       018CC493748EC6CF09A03B8930BB6CB98E97
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/m82VyEkW6fHi0OaYvMCvLjBDmhE.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        88.157.230.0/24 maxlen: 24
                          88.157.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:74:8e:c6:cf:09:a0:3b:89:30:bb:6c:b9:8e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bcd95c84916e9f1e2d0e698bcc0af2e30439a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d1:ef:6b:37:ac:64:2c:ac:39:2e:23:86:5f:
                    91:1b:c5:b6:ec:7d:fe:41:cb:68:84:04:21:7f:46:
                    ac:53:2f:d9:96:e6:f7:48:71:0a:25:5a:80:d7:c9:
                    06:91:0f:4e:96:af:7b:49:86:f7:eb:40:cb:89:9b:
                    28:db:01:9f:fb:bf:06:50:46:4f:55:0d:d2:f4:d6:
                    df:03:9c:ea:8e:1b:66:8f:71:12:c5:f3:da:0b:1b:
                    22:59:28:2e:d5:47:f2:aa:a0:36:83:cc:ea:f7:47:
                    b8:ed:60:3f:4a:27:cb:39:56:a3:db:66:8c:b4:52:
                    97:f3:e7:2f:d5:9b:ae:d8:84:06:05:2b:e0:d9:4a:
                    33:5d:bf:52:50:bd:68:2a:fa:ef:e3:96:f2:5b:79:
                    ef:62:fe:ec:76:b3:bb:36:e6:17:bb:8a:96:5c:96:
                    c1:f0:7b:30:67:62:1f:88:56:6a:89:d4:8b:d1:01:
                    d1:29:be:7d:21:0e:18:64:3b:5b:a4:66:7c:c2:19:
                    f4:e7:c8:b2:29:45:1f:64:db:4a:28:ae:71:73:8c:
                    76:08:e3:22:15:bc:6d:bb:5d:1a:ac:c7:c6:24:56:
                    33:82:cf:fd:f0:1d:2b:78:1b:50:60:f3:5f:c1:97:
                    8a:30:28:be:3c:a9:62:3f:99:db:7f:dc:d2:ca:39:
                    8b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CD:95:C8:49:16:E9:F1:E2:D0:E6:98:BC:C0:AF:2E:30:43:9A:11
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/m82VyEkW6fHi0OaYvMCvLjBDmhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.157.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:c7:d6:55:e7:75:11:eb:93:f9:3a:48:38:f6:fc:e7:e0:ec:
         be:67:14:a4:71:13:86:9a:37:0f:29:34:52:12:d6:1b:df:d4:
         e8:cb:d1:85:af:1e:15:a0:96:e7:3d:15:44:6e:af:d5:47:de:
         35:76:01:08:03:3d:f5:66:c7:95:99:bc:63:ce:45:b0:f4:eb:
         01:68:fc:97:87:c4:07:40:4d:e1:a8:68:77:36:5b:f4:57:d0:
         fd:dd:a5:e6:25:02:88:f0:03:00:4f:36:25:01:b0:a9:e9:b8:
         cb:3a:cd:7b:f6:be:96:b9:3c:cc:45:4d:c2:ee:ca:47:85:a7:
         0a:f8:0e:e7:be:9c:af:99:f9:99:ca:99:48:64:d9:65:a7:2a:
         bc:d1:c8:62:c0:12:0b:8e:a3:ea:16:5a:8d:e8:c1:39:8b:69:
         8a:f0:88:1a:82:c4:e9:a5:87:08:df:bb:19:e2:ac:24:56:dc:
         e1:ea:52:7e:f6:0d:ca:85:4c:fb:52:4a:e6:49:13:47:53:ca:
         19:a2:15:4c:92:66:8c:d5:c3:52:0c:08:57:0c:33:f9:d0:22:
         82:fa:c9:31:22:6c:c3:e0:4e:71:ba:8b:ed:9f:c1:7c:43:f5:
         81:85:4e:ea:90:c1:ba:0e:3e:b5:0f:b9:b2:3e:f8:c5:f0:7f:
         15:f4:11:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3SOxs8JoDuJMLtsuY6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNkOTVjODQ5MTZlOWYxZTJkMGU2OThiY2MwYWYyZTMwNDM5YTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNHvazesZCysOS4jhl+RG8W27H3+
QctohAQhf0asUy/Zlub3SHEKJVqA18kGkQ9Olq97SYb360DLiZso2wGf+78GUEZP
VQ3S9NbfA5zqjhtmj3ESxfPaCxsiWSgu1UfyqqA2g8zq90e47WA/SifLOVaj22aM
tFKX8+cv1Zuu2IQGBSvg2UozXb9SUL1oKvrv45byW3nvYv7sdrO7NuYXu4qWXJbB
8HswZ2IfiFZqidSL0QHRKb59IQ4YZDtbpGZ8whn058iyKUUfZNtKKK5xc4x2COMi
Fbxtu10arMfGJFYzgs/98B0reBtQYPNfwZeKMCi+PKliP5nbf9zSyjmLsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvNlchJFunx4tDmmLzAry4wQ5oRMB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvbTgyVnlFa1c2ZkhpME9hWXZNQ3ZMakJEbWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWJ3mMA0G
CSqGSIb3DQEBCwUAA4IBAQB+x9ZV53UR65P5Okg49vzn4Oy+ZxSkcROGmjcPKTRS
EtYb39Toy9GFrx4VoJbnPRVEbq/VR941dgEIAz31ZseVmbxjzkWw9OsBaPyXh8QH
QE3hqGh3Nlv0V9D93aXmJQKI8AMATzYlAbCp6bjLOs179r6WuTzMRU3C7spHhacK
+A7nvpyvmfmZyplIZNllpyq80chiwBILjqPqFlqN6ME5i2mK8IgagsTppYcI37sZ
4qwkVtzh6lJ+9g3KhUz7UkrmSRNHU8oZohVMkmaM1cNSDAhXDDP50CKC+skxImzD
4E5xuovtn8F8Q/WBhU7qkMG6Dj61D7myPvjF8H8V9BEa
-----END CERTIFICATE-----