Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/01335c-b345-4815-bb9e-fd5faed1c1d0/1/0kmQlWgzYiNjPtsUMnH5OnJVxAc.roa
File:                     0kmQlWgzYiNjPtsUMnH5OnJVxAc.roa (raw, json)
Hash identifier:          sxOEDB5RLYVPNTsJlV4o39o2VGnIzuJAkJR7u7N7JBY=
Subject key identifier:   D2:49:90:95:68:33:62:23:63:3E:DB:14:32:71:F9:3A:72:55:C4:07
Certificate issuer:       /CN=ab59b462efc04583960a205f2f45659dc7fe3c6c
Certificate serial:       018D24DD7D208676849812DCE472C812243E
Authority key identifier: AB:59:B4:62:EF:C0:45:83:96:0A:20:5F:2F:45:65:9D:C7:FE:3C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1m0Yu_ARYOWCiBfL0Vlncf-PGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/01335c-b345-4815-bb9e-fd5faed1c1d0/1/0kmQlWgzYiNjPtsUMnH5OnJVxAc.roa
Signing time:             Sat 20 Jan 2024 03:15:11 +0000
ROA not before:           Sat 20 Jan 2024 03:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215695
IP address blocks:        188.92.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/01335c-b345-4815-bb9e-fd5faed1c1d0/1/q1m0Yu_ARYOWCiBfL0Vlncf-PGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/01335c-b345-4815-bb9e-fd5faed1c1d0/1/q1m0Yu_ARYOWCiBfL0Vlncf-PGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1m0Yu_ARYOWCiBfL0Vlncf-PGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:24:dd:7d:20:86:76:84:98:12:dc:e4:72:c8:12:24:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab59b462efc04583960a205f2f45659dc7fe3c6c
        Validity
            Not Before: Jan 20 03:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d249909568336223633edb143271f93a7255c407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:19:7c:3c:00:85:98:dc:aa:4d:8f:8e:4d:2a:
                    cb:c4:8b:6a:76:9f:78:44:a4:8c:da:5e:89:f6:db:
                    ec:28:89:e7:39:5b:29:bd:5c:d3:90:1b:24:d0:50:
                    5f:fb:ab:52:1c:00:61:e3:f1:8a:c1:45:f9:fd:6b:
                    8d:33:45:11:47:0a:42:d9:0e:82:eb:9c:99:94:e7:
                    70:f8:e3:b1:b7:9a:8f:29:b1:fc:21:16:a3:f5:f4:
                    ac:67:e0:91:f7:c2:b6:5d:c7:03:a0:81:ca:6d:ff:
                    f6:03:d8:13:1a:51:87:0a:0f:37:e0:b1:5c:b7:85:
                    2d:3b:f1:ba:cd:b5:0f:cf:f7:91:dc:69:2a:4e:b7:
                    71:fc:54:2d:2d:e8:19:74:f0:fb:ea:f6:42:1d:7a:
                    ae:03:e1:37:40:c0:13:1a:ad:02:23:f8:cc:fe:50:
                    ca:92:be:0c:63:37:dc:6c:c2:52:74:99:0e:b1:ae:
                    e4:28:92:a8:ea:27:bb:9a:d3:2e:7b:5b:52:ca:11:
                    80:c9:1b:f6:05:cd:6d:e7:ec:2c:4b:93:0a:d4:6a:
                    c0:96:2c:d7:1d:36:15:aa:d9:fb:a1:01:d6:7f:66:
                    90:29:33:06:9f:68:8f:1b:ca:78:b3:5c:5a:62:d8:
                    e4:fb:9e:23:fc:5b:e2:d0:e9:cd:aa:9d:9b:15:ff:
                    e7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:49:90:95:68:33:62:23:63:3E:DB:14:32:71:F9:3A:72:55:C4:07
            X509v3 Authority Key Identifier:
                keyid:AB:59:B4:62:EF:C0:45:83:96:0A:20:5F:2F:45:65:9D:C7:FE:3C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1m0Yu_ARYOWCiBfL0Vlncf-PGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/01335c-b345-4815-bb9e-fd5faed1c1d0/1/0kmQlWgzYiNjPtsUMnH5OnJVxAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/01335c-b345-4815-bb9e-fd5faed1c1d0/1/q1m0Yu_ARYOWCiBfL0Vlncf-PGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:45:15:18:d1:f6:95:db:f5:69:e0:ac:b5:d0:ee:a1:a6:b6:
         79:80:a1:98:73:bf:a5:17:d2:2e:46:ca:d3:2e:42:a5:c6:7d:
         73:4e:57:5e:69:4c:83:67:cd:53:af:be:14:c0:5a:d1:c4:17:
         50:cb:57:d5:e1:f7:8d:c6:e5:80:18:a3:e3:56:51:9d:25:3a:
         50:43:cc:03:d0:76:42:8c:ae:e1:2b:88:67:dd:bb:3d:e8:fc:
         e9:c3:d2:d9:32:11:f5:31:ba:c3:fd:c1:79:12:19:10:61:8e:
         cb:74:cc:fd:57:af:49:af:79:3c:b8:72:4a:dd:7c:df:0f:8c:
         67:3d:3a:dc:3a:4a:81:e7:ec:67:be:d7:85:af:80:cd:00:4d:
         f0:40:f3:53:b6:04:ac:92:bb:2e:b5:89:96:c7:14:9e:3b:cc:
         10:74:cf:2e:bb:d1:d8:aa:dc:df:6b:c1:44:bd:3d:1d:29:e2:
         ce:cd:d8:4d:db:25:fd:6e:e3:70:81:5f:cf:8c:8d:af:10:2f:
         df:2d:48:bd:ac:54:bd:d0:31:a3:e1:d3:27:4f:41:f5:d4:89:
         0d:4d:29:61:07:ca:9e:a1:12:af:9a:d7:16:87:27:24:97:46:
         08:4f:16:90:06:51:3f:5e:57:1f:25:b3:18:8a:2e:7c:46:15:
         5d:97:8a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0k3X0ghnaEmBLc5HLIEiQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTliNDYyZWZjMDQ1ODM5NjBhMjA1ZjJmNDU2NTlkYzdm
ZTNjNmMwHhcNMjQwMTIwMDMxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQ5OTA5NTY4MzM2MjIzNjMzZWRiMTQzMjcxZjkzYTcyNTVjNDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhl8PACFmNyqTY+OTSrLxItqdp94
RKSM2l6J9tvsKInnOVspvVzTkBsk0FBf+6tSHABh4/GKwUX5/WuNM0URRwpC2Q6C
65yZlOdw+OOxt5qPKbH8IRaj9fSsZ+CR98K2XccDoIHKbf/2A9gTGlGHCg834LFc
t4UtO/G6zbUPz/eR3GkqTrdx/FQtLegZdPD76vZCHXquA+E3QMATGq0CI/jM/lDK
kr4MYzfcbMJSdJkOsa7kKJKo6ie7mtMue1tSyhGAyRv2Bc1t5+wsS5MK1GrAlizX
HTYVqtn7oQHWf2aQKTMGn2iPG8p4s1xaYtjk+54j/Fvi0OnNqp2bFf/n3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJJkJVoM2IjYz7bFDJx+TpyVcQHMB8GA1UdIwQY
MBaAFKtZtGLvwEWDlgogXy9FZZ3H/jxsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFtMFl1X0FSWU9XQ2lCZkwwVmxuY2YtUEd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMTMzNWMtYjM0NS00ODE1LWJiOWUt
ZmQ1ZmFlZDFjMWQwLzEvMGttUWxXZ3pZaU5qUHRzVU1uSDVPbkpWeEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMTMzNWMtYjM0NS00ODE1LWJiOWUtZmQ1ZmFlZDFjMWQw
LzEvcTFtMFl1X0FSWU9XQ2lCZkwwVmxuY2YtUEd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFweMA0G
CSqGSIb3DQEBCwUAA4IBAQApRRUY0faV2/Vp4Ky10O6hprZ5gKGYc7+lF9IuRsrT
LkKlxn1zTldeaUyDZ81Tr74UwFrRxBdQy1fV4feNxuWAGKPjVlGdJTpQQ8wD0HZC
jK7hK4hn3bs96Pzpw9LZMhH1MbrD/cF5EhkQYY7LdMz9V69Jr3k8uHJK3XzfD4xn
PTrcOkqB5+xnvteFr4DNAE3wQPNTtgSskrsutYmWxxSeO8wQdM8uu9HYqtzfa8FE
vT0dKeLOzdhN2yX9buNwgV/PjI2vEC/fLUi9rFS90DGj4dMnT0H11IkNTSlhB8qe
oRKvmtcWhyckl0YITxaQBlE/XlcfJbMYii58RhVdl4qx
-----END CERTIFICATE-----