Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/x8P7aFmWqsInbrqZ4-aFq2mnoEA.roa
File:                     x8P7aFmWqsInbrqZ4-aFq2mnoEA.roa (raw, json)
Hash identifier:          55MGpqcK5z2X+ank0nmLWobuVEk2gC7I/byKLfgHvbI=
Subject key identifier:   C7:C3:FB:68:59:96:AA:C2:27:6E:BA:99:E3:E6:85:AB:69:A7:A0:40
Certificate issuer:       /CN=30d66b66a3982d20a81ef201dc755ed3353b16a4
Certificate serial:       018CC5005B026B50AA8E412AA9BD726CCA9F
Authority key identifier: 30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/x8P7aFmWqsInbrqZ4-aFq2mnoEA.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197770
IP address blocks:        194.9.58.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5b:02:6b:50:aa:8e:41:2a:a9:bd:72:6c:ca:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d66b66a3982d20a81ef201dc755ed3353b16a4
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7c3fb685996aac2276eba99e3e685ab69a7a040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0e:d1:46:67:13:3b:b7:c7:81:2e:4e:25:f4:
                    2e:01:72:07:4b:ea:02:f3:b9:75:43:13:30:2f:9a:
                    61:9b:fd:d4:af:d6:eb:78:9b:fd:3f:4b:26:63:66:
                    27:e9:20:09:cf:52:b7:d6:81:01:a0:81:81:71:92:
                    40:23:d8:c8:14:10:14:26:f8:4e:05:83:74:ca:68:
                    b8:46:2a:45:47:f1:fe:b1:e0:ac:6f:41:71:d0:91:
                    7e:7a:b0:d9:fb:10:ce:28:d1:91:fb:84:a1:83:16:
                    f4:43:65:67:e4:da:5f:8f:74:69:57:65:03:b9:d7:
                    30:dd:f6:f7:92:a0:20:06:67:a8:71:7b:4d:b4:50:
                    8c:b2:83:85:df:12:f5:17:15:16:28:f2:fe:92:c6:
                    13:58:14:ac:f7:32:b6:27:a1:dc:c3:50:49:fb:5a:
                    38:2d:92:ea:df:7a:f4:50:b7:50:e1:79:fe:6d:f3:
                    12:f1:f8:79:f8:5d:3d:be:cc:dc:31:39:53:ac:c3:
                    99:88:f0:d8:88:57:35:9f:ea:ba:d3:6f:bc:f3:54:
                    96:83:66:7d:c3:40:8c:3d:c0:cb:a0:76:40:bd:bd:
                    98:85:02:c9:28:81:7f:ed:22:7d:92:7f:f4:fa:05:
                    26:93:f6:87:3f:02:15:b8:2a:7d:ba:66:e8:3f:1d:
                    c1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C3:FB:68:59:96:AA:C2:27:6E:BA:99:E3:E6:85:AB:69:A7:A0:40
            X509v3 Authority Key Identifier:
                keyid:30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/x8P7aFmWqsInbrqZ4-aFq2mnoEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:6c:7d:d8:38:5f:16:cf:84:92:9f:3e:b7:eb:4e:cf:2b:02:
         9a:d8:78:9f:1c:d1:1b:e9:44:37:12:11:3d:d5:8e:eb:10:13:
         4b:dd:25:9e:5a:13:b3:bd:02:b1:82:67:eb:f3:85:1c:61:3f:
         77:00:5b:7d:18:71:a6:a3:5f:6e:d3:87:1b:08:6c:6e:59:81:
         4b:5f:f9:c6:31:5f:8d:fc:bf:be:ba:a5:7a:d9:33:56:d5:05:
         28:39:c6:52:04:3f:ad:56:72:80:58:c6:e5:22:d8:d4:83:8a:
         8c:3a:d2:a4:8e:13:a5:c3:0f:ad:65:8c:48:78:ac:ea:1a:0b:
         b7:c8:46:d0:4c:2b:81:04:7c:f5:69:13:e0:35:59:6d:1f:66:
         cb:ea:51:d4:1e:ae:ce:77:9c:97:64:cf:dc:a6:5c:62:7e:99:
         3a:26:b8:8e:33:3c:24:19:84:e4:b9:d5:9b:32:20:1d:6f:f4:
         0a:59:09:a5:f5:23:6e:2a:09:ee:c0:a8:89:71:6f:cc:0f:c4:
         44:d4:19:2f:54:13:c3:e0:3d:0b:98:f3:10:5f:75:c4:0a:a9:
         52:0b:ec:59:b3:f3:a3:3f:a4:36:9c:82:ae:60:77:fd:99:a5:
         59:62:ea:45:bf:52:76:00:9d:ef:9f:0c:b5:52:48:77:b0:af:
         fa:65:9f:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFsCa1CqjkEqqb1ybMqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDY2YjY2YTM5ODJkMjBhODFlZjIwMWRjNzU1ZWQzMzUz
YjE2YTQwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2MzZmI2ODU5OTZhYWMyMjc2ZWJhOTllM2U2ODVhYjY5YTdhMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ7RRmcTO7fHgS5OJfQuAXIHS+oC
87l1QxMwL5phm/3Ur9breJv9P0smY2Yn6SAJz1K31oEBoIGBcZJAI9jIFBAUJvhO
BYN0ymi4RipFR/H+seCsb0Fx0JF+erDZ+xDOKNGR+4Shgxb0Q2Vn5Npfj3RpV2UD
udcw3fb3kqAgBmeocXtNtFCMsoOF3xL1FxUWKPL+ksYTWBSs9zK2J6Hcw1BJ+1o4
LZLq33r0ULdQ4Xn+bfMS8fh5+F09vszcMTlTrMOZiPDYiFc1n+q602+881SWg2Z9
w0CMPcDLoHZAvb2YhQLJKIF/7SJ9kn/0+gUmk/aHPwIVuCp9umboPx3BuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfD+2hZlqrCJ266mePmhatpp6BAMB8GA1UdIwQY
MBaAFDDWa2ajmC0gqB7yAdx1XtM1OxakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5aclpxT1lMU0NvSHZJQjNIVmUwelU3RnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84OGU0ODItODI3Ny00MjgwLTlmNWIt
ODE0NGIxNDBlZGY5LzEveDhQN2FGbVdxc0luYnJxWjQtYUZxMm1ub0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC84OGU0ODItODI3Ny00MjgwLTlmNWItODE0NGIxNDBlZGY5
LzEvTU5aclpxT1lMU0NvSHZJQjNIVmUwelU3RnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgk6MA0G
CSqGSIb3DQEBCwUAA4IBAQAFbH3YOF8Wz4SSnz63607PKwKa2HifHNEb6UQ3EhE9
1Y7rEBNL3SWeWhOzvQKxgmfr84UcYT93AFt9GHGmo19u04cbCGxuWYFLX/nGMV+N
/L++uqV62TNW1QUoOcZSBD+tVnKAWMblItjUg4qMOtKkjhOlww+tZYxIeKzqGgu3
yEbQTCuBBHz1aRPgNVltH2bL6lHUHq7Od5yXZM/cplxifpk6JriOMzwkGYTkudWb
MiAdb/QKWQml9SNuKgnuwKiJcW/MD8RE1BkvVBPD4D0LmPMQX3XECqlSC+xZs/Oj
P6Q2nIKuYHf9maVZYupFv1J2AJ3vnwy1Ukh3sK/6ZZ8F
-----END CERTIFICATE-----