Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/lE1Mz2J2yJoagw4LmSWuS9aXoV0.roa
File:                     lE1Mz2J2yJoagw4LmSWuS9aXoV0.roa (raw, json)
Hash identifier:          X6s2D8G6tFJVPzibOMwbGeVuSKw1fBB+fdofdV58vPI=
Subject key identifier:   94:4D:4C:CF:62:76:C8:9A:1A:83:0E:0B:99:25:AE:4B:D6:97:A1:5D
Certificate issuer:       /CN=230e9ac64510fa391846bb139ab52b8001d58038
Certificate serial:       018CC86EF4FA46BDD0DC76AC9E53295501D5
Authority key identifier: 23:0E:9A:C6:45:10:FA:39:18:46:BB:13:9A:B5:2B:80:01:D5:80:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/lE1Mz2J2yJoagw4LmSWuS9aXoV0.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        193.30.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 04:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f4:fa:46:bd:d0:dc:76:ac:9e:53:29:55:01:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230e9ac64510fa391846bb139ab52b8001d58038
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=944d4ccf6276c89a1a830e0b9925ae4bd697a15d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:90:c5:99:2d:95:56:0b:39:d9:db:b9:32:91:
                    87:c0:3c:7b:36:fa:f7:74:bc:10:bd:39:f7:7b:21:
                    58:f4:d4:5b:14:ea:d3:18:9c:08:c6:c3:f4:d7:11:
                    c4:5c:2f:8e:a4:e8:62:c9:da:2f:f0:64:e5:ae:09:
                    48:a1:6c:bf:01:0b:b6:2e:f4:c1:dc:8f:c3:8e:e6:
                    eb:11:af:c8:55:2b:7a:59:d9:5d:22:ad:53:56:4c:
                    39:db:68:b0:41:05:03:cc:44:43:4a:28:b4:51:15:
                    f0:c0:f6:b7:64:6e:1e:84:5e:dd:56:f4:c5:21:af:
                    aa:6a:98:e3:e5:32:82:64:50:34:fd:fb:01:43:eb:
                    f8:f7:7f:34:94:9c:c3:d8:e2:f5:4a:ad:b3:f2:5f:
                    86:a6:4d:27:fa:cd:14:55:04:d4:6f:f9:11:e2:ad:
                    81:22:a8:63:8e:e5:55:51:d2:00:c5:d2:1d:b0:ca:
                    a3:c5:a7:ec:b8:cd:25:0c:2a:2d:12:b7:54:85:76:
                    f4:84:53:5a:b2:f5:af:95:ea:67:2f:59:c6:95:6a:
                    ed:8f:e4:1f:5c:91:ff:86:fd:a5:6b:f1:4c:ad:84:
                    61:16:9d:12:01:36:59:4c:70:47:b5:eb:f6:10:f7:
                    8c:ca:75:21:eb:ec:ad:c3:a1:db:4c:e8:21:5e:57:
                    dd:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:4D:4C:CF:62:76:C8:9A:1A:83:0E:0B:99:25:AE:4B:D6:97:A1:5D
            X509v3 Authority Key Identifier:
                keyid:23:0E:9A:C6:45:10:FA:39:18:46:BB:13:9A:B5:2B:80:01:D5:80:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/lE1Mz2J2yJoagw4LmSWuS9aXoV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3b:65:bb:1f:93:db:1e:95:34:59:2c:69:a0:9b:1f:97:33:
         75:01:de:31:8a:d2:1e:48:08:3b:28:0a:9e:fa:6c:8c:96:74:
         e4:4b:2f:03:53:38:85:c4:ea:b4:4f:1b:3d:e9:03:c4:41:0c:
         27:d1:dc:c0:ef:f7:28:2c:d9:54:39:4e:d0:8d:31:80:4b:42:
         4b:56:ef:3c:eb:13:c4:19:03:c5:61:9d:33:0c:23:dd:d2:1e:
         7f:01:7d:0f:ba:5c:f7:84:d4:1c:24:7d:4f:b9:bd:2b:9a:2e:
         4b:7e:e9:37:d2:68:ba:cc:c4:7f:de:8a:a2:2b:9c:c8:b6:0b:
         50:1f:d4:5c:88:06:56:c2:34:3c:4c:c2:b2:e3:89:a9:7b:17:
         ba:78:ed:e6:23:c0:d0:90:fc:83:39:a5:f1:0e:48:e5:cb:db:
         a9:f0:00:db:f6:0d:9d:45:30:77:ca:09:3d:a0:0f:9a:e2:8f:
         ed:7e:a9:f6:95:5c:70:93:f4:ee:18:7a:a6:82:02:6d:09:6a:
         41:4d:eb:45:b0:98:d1:e9:ba:09:73:28:f3:60:a8:0a:42:6a:
         4c:55:f6:0e:e9:03:02:56:0e:09:1d:16:5b:7c:5f:e7:1e:93:
         50:64:34:c3:50:50:97:bd:ff:68:0c:b4:7c:f1:a4:77:f0:e9:
         82:3c:ec:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvT6Rr3Q3HasnlMpVQHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMGU5YWM2NDUxMGZhMzkxODQ2YmIxMzlhYjUyYjgwMDFk
NTgwMzgwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDRkNGNjZjYyNzZjODlhMWE4MzBlMGI5OTI1YWU0YmQ2OTdhMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJDFmS2VVgs52du5MpGHwDx7Nvr3
dLwQvTn3eyFY9NRbFOrTGJwIxsP01xHEXC+OpOhiydov8GTlrglIoWy/AQu2LvTB
3I/DjubrEa/IVSt6WdldIq1TVkw522iwQQUDzERDSii0URXwwPa3ZG4ehF7dVvTF
Ia+qapjj5TKCZFA0/fsBQ+v49380lJzD2OL1Sq2z8l+Gpk0n+s0UVQTUb/kR4q2B
IqhjjuVVUdIAxdIdsMqjxafsuM0lDCotErdUhXb0hFNasvWvlepnL1nGlWrtj+Qf
XJH/hv2la/FMrYRhFp0SATZZTHBHtev2EPeMynUh6+ytw6HbTOghXlfdLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRNTM9idsiaGoMOC5klrkvWl6FdMB8GA1UdIwQY
MBaAFCMOmsZFEPo5GEa7E5q1K4AB1YA4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXc2YXhrVVEtamtZUnJzVG1yVXJnQUhWZ0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYTY4ZTgtNTE1Ny00NmI2LWI1ODQt
ZWE5MmQ4MGFiMTg4LzEvbEUxTXoySjJ5Sm9hZ3c0TG1TV3VTOWFYb1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYTY4ZTgtNTE1Ny00NmI2LWI1ODQtZWE5MmQ4MGFiMTg4
LzEvSXc2YXhrVVEtamtZUnJzVG1yVXJnQUhWZ0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR6MMA0G
CSqGSIb3DQEBCwUAA4IBAQAKO2W7H5PbHpU0WSxpoJsflzN1Ad4xitIeSAg7KAqe
+myMlnTkSy8DUziFxOq0Txs96QPEQQwn0dzA7/coLNlUOU7QjTGAS0JLVu886xPE
GQPFYZ0zDCPd0h5/AX0Pulz3hNQcJH1Pub0rmi5Lfuk30mi6zMR/3oqiK5zItgtQ
H9RciAZWwjQ8TMKy44mpexe6eO3mI8DQkPyDOaXxDkjly9up8ADb9g2dRTB3ygk9
oA+a4o/tfqn2lVxwk/TuGHqmggJtCWpBTetFsJjR6boJcyjzYKgKQmpMVfYO6QMC
Vg4JHRZbfF/nHpNQZDTDUFCXvf9oDLR88aR38OmCPOzT
-----END CERTIFICATE-----