Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/i7qnljmTyxU93eqck4tL7k9_LIg.roa
File:                     i7qnljmTyxU93eqck4tL7k9_LIg.roa (raw, json)
Hash identifier:          qqYBKZOQOji2YySupRJr7WXGz/QKqW+WQAjprQC87N4=
Subject key identifier:   8B:BA:A7:96:39:93:CB:15:3D:DD:EA:9C:93:8B:4B:EE:4F:7F:2C:88
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC72757AB0837F79DC3EE77C975BFE416
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/i7qnljmTyxU93eqck4tL7k9_LIg.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212069
IP address blocks:        213.238.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:ab:08:37:f7:9d:c3:ee:77:c9:75:bf:e4:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bbaa7963993cb153dddea9c938b4bee4f7f2c88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:96:f8:f2:c6:29:fc:30:f5:8f:4f:66:12:1e:
                    2f:f3:d8:0b:58:4a:e1:74:9d:a1:55:fc:3e:17:1e:
                    b5:e1:5d:df:c9:96:49:78:87:38:aa:d4:92:ac:04:
                    12:b3:e1:4d:a6:70:7c:5e:15:7e:41:d8:40:2f:03:
                    2e:02:56:b9:a5:f0:bc:45:af:14:35:2c:46:92:be:
                    b1:64:1d:58:24:d6:80:84:33:e1:06:2d:25:41:05:
                    8e:46:e0:92:6a:4f:9c:45:3f:5e:64:b9:78:4b:8e:
                    87:4f:b2:a6:06:9b:d2:30:85:a2:77:d7:8c:84:eb:
                    9a:46:8c:93:55:1f:65:81:15:85:c1:62:95:0a:5b:
                    38:31:aa:1e:0a:d1:8f:25:79:37:fc:13:f7:ff:59:
                    3b:b9:70:2b:f5:df:12:f6:4b:5b:94:24:31:2c:17:
                    20:01:94:46:f3:eb:ba:66:3a:d2:f6:00:f5:fa:47:
                    c3:98:44:f1:38:eb:82:e9:1c:62:1e:72:58:26:3d:
                    8b:fd:cd:64:56:c7:46:62:7b:8f:a6:cf:71:f7:4a:
                    90:a6:49:1b:c4:fd:52:e0:7f:04:7a:23:29:55:43:
                    f4:b6:b7:a2:80:c8:5d:d8:69:63:d9:b8:9f:93:eb:
                    de:7b:bd:d6:40:13:0a:a9:b4:42:23:87:fd:96:dc:
                    15:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:BA:A7:96:39:93:CB:15:3D:DD:EA:9C:93:8B:4B:EE:4F:7F:2C:88
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/i7qnljmTyxU93eqck4tL7k9_LIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:a0:f4:a5:fd:03:62:58:9c:4a:d2:a8:76:30:1b:7a:f2:63:
         be:af:88:bf:35:f3:09:64:e4:70:be:17:a7:3f:1d:6a:18:70:
         eb:65:d8:89:e0:b2:4a:8c:a4:f3:e4:83:0e:96:c9:cc:42:a2:
         da:c0:8d:cd:bc:f1:ac:b3:a3:e1:44:f3:72:bb:af:f1:36:30:
         31:e7:f2:f1:58:1e:8b:c3:60:67:5d:c4:89:37:2d:45:0e:58:
         28:44:62:b9:92:78:1a:dc:88:5f:57:6d:52:35:e8:6b:26:3f:
         3e:e7:26:c5:88:38:da:c1:66:2e:8f:1d:a5:97:cc:1c:d4:65:
         b9:52:22:5f:d5:db:6c:ea:e3:ac:db:98:ec:aa:95:34:33:b5:
         28:10:57:22:03:56:43:6f:43:b7:55:b8:50:0d:70:0a:25:b1:
         db:6d:5f:87:eb:4e:4c:39:ea:93:17:66:67:ee:51:ed:41:bb:
         09:af:ff:9e:cf:bf:fa:ab:df:08:7e:4d:b1:61:8b:a1:1d:34:
         62:3a:cb:a5:61:f1:f1:10:37:85:42:e8:46:32:ad:2e:00:11:
         fc:03:6f:78:f1:70:75:8b:97:90:bc:d7:33:37:26:d2:71:b0:
         44:ec:85:27:b4:4d:e9:6b:58:62:05:00:4a:f4:fa:d4:4e:ac:
         d7:42:a0:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1erCDf3ncPud8l1v+QWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmJhYTc5NjM5OTNjYjE1M2RkZGVhOWM5MzhiNGJlZTRmN2YyYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Jb48sYp/DD1j09mEh4v89gLWErh
dJ2hVfw+Fx614V3fyZZJeIc4qtSSrAQSs+FNpnB8XhV+QdhALwMuAla5pfC8Ra8U
NSxGkr6xZB1YJNaAhDPhBi0lQQWORuCSak+cRT9eZLl4S46HT7KmBpvSMIWid9eM
hOuaRoyTVR9lgRWFwWKVCls4MaoeCtGPJXk3/BP3/1k7uXAr9d8S9ktblCQxLBcg
AZRG8+u6ZjrS9gD1+kfDmETxOOuC6RxiHnJYJj2L/c1kVsdGYnuPps9x90qQpkkb
xP1S4H8EeiMpVUP0treigMhd2Glj2bifk+vee73WQBMKqbRCI4f9ltwVrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIu6p5Y5k8sVPd3qnJOLS+5PfyyIMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvaTdxbmxqbVR5eFU5M2VxY2s0dEw3azlfTElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6oMA0G
CSqGSIb3DQEBCwUAA4IBAQCqoPSl/QNiWJxK0qh2MBt68mO+r4i/NfMJZORwvhen
Px1qGHDrZdiJ4LJKjKTz5IMOlsnMQqLawI3NvPGss6PhRPNyu6/xNjAx5/LxWB6L
w2BnXcSJNy1FDlgoRGK5knga3IhfV21SNehrJj8+5ybFiDjawWYujx2ll8wc1GW5
UiJf1dts6uOs25jsqpU0M7UoEFciA1ZDb0O3VbhQDXAKJbHbbV+H605MOeqTF2Zn
7lHtQbsJr/+ez7/6q98Ifk2xYYuhHTRiOsulYfHxEDeFQuhGMq0uABH8A2948XB1
i5eQvNczNybScbBE7IUntE3pa1hiBQBK9PrUTqzXQqA4
-----END CERTIFICATE-----