Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/id30EDXQNsbbxjU1MG4E9BTBvh0.roa
File:                     id30EDXQNsbbxjU1MG4E9BTBvh0.roa (raw, json)
Hash identifier:          UU/2fDfPiHEx8ODNR/T28rkVGDjCzUnscKyNJNJKcZc=
Subject key identifier:   89:DD:F4:10:35:D0:36:C6:DB:C6:35:35:30:6E:04:F4:14:C1:BE:1D
Certificate issuer:       /CN=9aeafa96c9d563e650ba592ffb06e2ceeb6a0859
Certificate serial:       018CC9BAAECF2647E2382EECAA8552BA5F65
Authority key identifier: 9A:EA:FA:96:C9:D5:63:E6:50:BA:59:2F:FB:06:E2:CE:EB:6A:08:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mur6lsnVY-ZQulkv-wbizutqCFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/id30EDXQNsbbxjU1MG4E9BTBvh0.roa
Signing time:             Tue 02 Jan 2024 10:31:43 +0000
ROA not before:           Tue 02 Jan 2024 10:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44951
IP address blocks:        195.230.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/mur6lsnVY-ZQulkv-wbizutqCFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/mur6lsnVY-ZQulkv-wbizutqCFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mur6lsnVY-ZQulkv-wbizutqCFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:ae:cf:26:47:e2:38:2e:ec:aa:85:52:ba:5f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aeafa96c9d563e650ba592ffb06e2ceeb6a0859
        Validity
            Not Before: Jan  2 10:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89ddf41035d036c6dbc63535306e04f414c1be1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5e:b6:8e:69:a0:d1:0d:a1:94:03:59:b2:db:
                    9a:c6:90:cc:f4:e5:bf:5c:6c:ed:eb:10:85:21:04:
                    66:de:db:69:ba:4f:42:ce:c2:35:fe:48:a9:1e:f8:
                    00:38:3d:85:35:f2:f1:0a:6f:b2:b4:a9:dd:1a:dd:
                    0a:08:08:7e:4e:00:75:b8:40:ef:6e:ce:70:38:cc:
                    d0:ca:9f:b8:6e:c1:7d:df:15:d3:26:b7:71:bc:4d:
                    9d:a5:db:86:3a:dc:0c:36:bd:15:b2:ed:57:0b:62:
                    5c:70:d7:c5:25:73:36:8f:ed:11:fe:3e:2d:06:29:
                    6f:cb:1c:c0:c6:0d:9c:21:02:de:b6:b5:a4:02:99:
                    09:b4:4b:b9:e6:3a:a1:9b:d2:ad:65:a4:42:01:66:
                    5b:fe:97:92:6d:e9:9d:92:ce:75:67:b9:17:15:4e:
                    0b:f0:ed:73:d2:6b:98:c2:b5:b8:ce:a5:e1:6a:ba:
                    c5:97:79:a3:09:52:3d:99:03:94:06:6b:a1:ea:b6:
                    4e:79:54:68:b1:71:69:96:5d:cc:ae:3a:92:0d:88:
                    f4:b4:98:9e:b7:54:14:7b:f7:50:94:15:fa:2c:c3:
                    39:d4:92:3e:ca:9f:16:17:15:c5:33:06:77:b9:52:
                    1a:44:11:29:0f:8c:42:3a:c7:4c:bb:b7:95:3d:ed:
                    47:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:DD:F4:10:35:D0:36:C6:DB:C6:35:35:30:6E:04:F4:14:C1:BE:1D
            X509v3 Authority Key Identifier:
                keyid:9A:EA:FA:96:C9:D5:63:E6:50:BA:59:2F:FB:06:E2:CE:EB:6A:08:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mur6lsnVY-ZQulkv-wbizutqCFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/id30EDXQNsbbxjU1MG4E9BTBvh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/mur6lsnVY-ZQulkv-wbizutqCFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:cb:12:91:33:66:46:35:bc:1e:64:6a:22:5a:f0:68:26:8c:
         68:11:7b:b4:06:1f:ab:83:72:32:40:20:f0:a3:a0:b4:52:3c:
         b5:8c:13:58:9b:81:07:2a:d9:7a:bb:52:22:b9:00:77:26:64:
         f0:7c:55:32:c6:98:d1:90:06:7d:7f:86:37:3d:83:5f:10:e3:
         16:6e:15:be:24:24:37:b8:c7:14:a5:4f:2a:00:fd:13:62:07:
         b7:05:c0:da:93:a7:17:bd:48:f9:72:ac:c6:28:9c:8e:fb:d6:
         b8:c8:fc:cd:8f:1f:c2:1d:e7:19:50:67:e1:4a:28:fd:68:6b:
         f7:6f:80:0a:52:23:e1:15:b0:df:c3:10:62:72:bf:d6:d2:7d:
         a8:32:09:60:88:97:3a:72:08:bd:60:25:5f:d9:d1:f6:40:9d:
         46:3d:c6:3f:e2:80:35:6f:73:de:8a:6a:75:77:bf:d6:f4:07:
         65:81:57:cc:ae:ae:e4:6d:d3:c1:a1:8d:45:1b:b9:e2:60:ca:
         75:c8:35:b5:d4:2b:ad:61:b8:2a:4e:19:66:ab:2c:a1:45:fc:
         9a:e0:6f:de:23:d6:fd:5e:5e:a0:b7:ba:1c:81:20:79:38:5c:
         28:27:65:95:a9:1b:36:c6:0e:dc:35:44:b9:84:2e:f0:97:17:
         5f:6f:d6:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuq7PJkfiOC7sqoVSul9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWFmYTk2YzlkNTYzZTY1MGJhNTkyZmZiMDZlMmNlZWI2
YTA4NTkwHhcNMjQwMTAyMTAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWRkZjQxMDM1ZDAzNmM2ZGJjNjM1MzUzMDZlMDRmNDE0YzFiZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiV62jmmg0Q2hlANZstuaxpDM9OW/
XGzt6xCFIQRm3ttpuk9CzsI1/kipHvgAOD2FNfLxCm+ytKndGt0KCAh+TgB1uEDv
bs5wOMzQyp+4bsF93xXTJrdxvE2dpduGOtwMNr0Vsu1XC2JccNfFJXM2j+0R/j4t
BilvyxzAxg2cIQLetrWkApkJtEu55jqhm9KtZaRCAWZb/peSbemdks51Z7kXFU4L
8O1z0muYwrW4zqXharrFl3mjCVI9mQOUBmuh6rZOeVRosXFpll3MrjqSDYj0tJie
t1QUe/dQlBX6LMM51JI+yp8WFxXFMwZ3uVIaRBEpD4xCOsdMu7eVPe1HUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInd9BA10DbG28Y1NTBuBPQUwb4dMB8GA1UdIwQY
MBaAFJrq+pbJ1WPmULpZL/sG4s7raghZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXVyNmxzblZZLVpRdWxrdi13Yml6dXRxQ0ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80NzI3NWQtNWZhNy00YmIyLTk5ZWIt
MWYwMDczN2NiMmEyLzEvaWQzMEVEWFFOc2JieGpVMU1HNEU5QlRCdmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80NzI3NWQtNWZhNy00YmIyLTk5ZWItMWYwMDczN2NiMmEy
LzEvbXVyNmxzblZZLVpRdWxrdi13Yml6dXRxQ0ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+ZyMA0G
CSqGSIb3DQEBCwUAA4IBAQCGyxKRM2ZGNbweZGoiWvBoJoxoEXu0Bh+rg3IyQCDw
o6C0Ujy1jBNYm4EHKtl6u1IiuQB3JmTwfFUyxpjRkAZ9f4Y3PYNfEOMWbhW+JCQ3
uMcUpU8qAP0TYge3BcDak6cXvUj5cqzGKJyO+9a4yPzNjx/CHecZUGfhSij9aGv3
b4AKUiPhFbDfwxBicr/W0n2oMglgiJc6cgi9YCVf2dH2QJ1GPcY/4oA1b3Peimp1
d7/W9AdlgVfMrq7kbdPBoY1FG7niYMp1yDW11CutYbgqThlmqyyhRfya4G/eI9b9
Xl6gt7ocgSB5OFwoJ2WVqRs2xg7cNUS5hC7wlxdfb9bQ
-----END CERTIFICATE-----