Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e7e9ee-17d8-4e7e-bc28-7e1329e05ff4/1/MDsqo6RiqaXth6CqXc613Nr7v14.roa
File:                     MDsqo6RiqaXth6CqXc613Nr7v14.roa (raw, json)
Hash identifier:          ZdG9msmYxx4cI5rdVJG3I0VLJq85q3QF1tvnB4DJ5V8=
Subject key identifier:   30:3B:2A:A3:A4:62:A9:A5:ED:87:A0:AA:5D:CE:B5:DC:DA:FB:BF:5E
Certificate issuer:       /CN=237084712fdebb1bfc5a8c0262d919a8aa440603
Certificate serial:       018CC5DCAA0304A7A2119213550A93FC9A11
Authority key identifier: 23:70:84:71:2F:DE:BB:1B:FC:5A:8C:02:62:D9:19:A8:AA:44:06:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3CEcS_euxv8WowCYtkZqKpEBgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e7e9ee-17d8-4e7e-bc28-7e1329e05ff4/1/MDsqo6RiqaXth6CqXc613Nr7v14.roa
Signing time:             Mon 01 Jan 2024 16:30:22 +0000
ROA not before:           Mon 01 Jan 2024 16:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4201
IP address blocks:        87.199.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e7e9ee-17d8-4e7e-bc28-7e1329e05ff4/1/I3CEcS_euxv8WowCYtkZqKpEBgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e7e9ee-17d8-4e7e-bc28-7e1329e05ff4/1/I3CEcS_euxv8WowCYtkZqKpEBgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3CEcS_euxv8WowCYtkZqKpEBgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:aa:03:04:a7:a2:11:92:13:55:0a:93:fc:9a:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=237084712fdebb1bfc5a8c0262d919a8aa440603
        Validity
            Not Before: Jan  1 16:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=303b2aa3a462a9a5ed87a0aa5dceb5dcdafbbf5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4f:84:7b:e0:f6:4f:c0:f7:24:98:76:4a:0a:
                    f3:bd:e2:88:0c:05:5b:80:18:85:67:2b:60:8a:00:
                    74:c5:c2:b4:44:0d:8c:66:a6:11:a8:06:49:e1:ee:
                    0a:31:28:66:5c:56:b2:34:38:ee:1f:30:93:37:13:
                    e1:92:f8:71:f0:d2:bc:1c:93:98:66:ee:55:a2:b1:
                    3a:5c:8e:63:a2:de:80:ee:e4:6e:a3:41:60:a6:cf:
                    95:45:f4:3f:1f:74:93:58:91:de:3a:61:d1:7e:77:
                    cb:6d:95:46:ff:e2:2a:1d:9f:64:e1:50:df:66:9d:
                    33:64:3f:d1:b7:d7:ae:1d:13:1e:69:69:5a:3a:5c:
                    1b:e0:4f:f9:18:01:7e:ca:17:5f:03:b7:83:a8:af:
                    7e:bd:9a:56:43:79:5d:a6:17:36:a4:48:dc:03:84:
                    f4:1b:37:eb:3f:46:3c:46:77:e5:69:dd:b7:64:11:
                    ba:ce:23:c3:34:74:52:c3:27:bb:17:d8:ee:ac:13:
                    84:5f:24:d1:43:40:07:35:bc:7e:cc:69:66:0c:de:
                    fd:67:76:5b:1f:21:40:dc:6d:14:3f:26:78:98:e6:
                    5c:6d:72:63:12:c0:f6:fa:a4:6a:d9:45:04:2c:9d:
                    4b:9d:a6:71:87:22:95:e6:a6:42:98:69:8b:a2:b7:
                    b4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3B:2A:A3:A4:62:A9:A5:ED:87:A0:AA:5D:CE:B5:DC:DA:FB:BF:5E
            X509v3 Authority Key Identifier:
                keyid:23:70:84:71:2F:DE:BB:1B:FC:5A:8C:02:62:D9:19:A8:AA:44:06:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3CEcS_euxv8WowCYtkZqKpEBgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e7e9ee-17d8-4e7e-bc28-7e1329e05ff4/1/MDsqo6RiqaXth6CqXc613Nr7v14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e7e9ee-17d8-4e7e-bc28-7e1329e05ff4/1/I3CEcS_euxv8WowCYtkZqKpEBgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.199.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:95:01:0c:f1:58:e4:a9:0d:79:82:94:b5:b4:70:a2:85:0e:
         6e:4d:b2:e2:38:f6:12:54:0d:05:81:e5:ba:98:7e:bf:cf:df:
         52:ec:6e:b8:b9:58:30:15:50:be:2b:9f:7b:12:f4:06:aa:32:
         1a:f8:e4:25:c1:e2:ad:b8:41:15:6e:20:45:62:25:68:a4:8c:
         e6:b9:56:01:eb:6b:19:a6:a4:30:e6:81:ae:13:8c:12:7c:d9:
         a9:65:65:c7:66:d8:e1:38:3a:31:0e:fd:5d:c5:30:90:d2:b8:
         fc:d9:5b:6f:ee:ad:01:2f:cf:2c:9b:d1:ae:16:b2:e4:60:d5:
         5c:09:11:82:e8:cc:2d:ce:71:e1:0a:bf:65:34:a0:d9:b1:24:
         6f:4c:d5:f4:60:12:b8:34:25:53:4e:12:e3:50:34:ab:b1:43:
         a9:ae:fa:00:08:64:ac:cb:67:9d:5e:47:76:d9:0c:81:11:be:
         e3:51:33:c5:02:dc:03:f0:13:9a:8b:c7:d5:1e:75:78:55:f9:
         bf:cb:f0:60:31:15:de:b8:3d:11:46:21:7c:01:4b:ee:cd:a7:
         d7:32:f4:d5:8d:a7:bb:8a:40:4e:cf:aa:e7:c4:0a:32:a2:49:
         51:5f:3e:81:bf:97:08:e0:ce:42:2c:63:83:95:0c:3d:c9:13:
         fe:79:79:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KoDBKeiEZITVQqT/JoRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNzA4NDcxMmZkZWJiMWJmYzVhOGMwMjYyZDkxOWE4YWE0
NDA2MDMwHhcNMjQwMTAxMTYzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNiMmFhM2E0NjJhOWE1ZWQ4N2EwYWE1ZGNlYjVkY2RhZmJiZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhE+Ee+D2T8D3JJh2SgrzveKIDAVb
gBiFZytgigB0xcK0RA2MZqYRqAZJ4e4KMShmXFayNDjuHzCTNxPhkvhx8NK8HJOY
Zu5VorE6XI5jot6A7uRuo0Fgps+VRfQ/H3STWJHeOmHRfnfLbZVG/+IqHZ9k4VDf
Zp0zZD/Rt9euHRMeaWlaOlwb4E/5GAF+yhdfA7eDqK9+vZpWQ3ldphc2pEjcA4T0
GzfrP0Y8Rnflad23ZBG6ziPDNHRSwye7F9jurBOEXyTRQ0AHNbx+zGlmDN79Z3Zb
HyFA3G0UPyZ4mOZcbXJjEsD2+qRq2UUELJ1LnaZxhyKV5qZCmGmLore0ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDA7KqOkYqml7Yegql3Otdza+79eMB8GA1UdIwQY
MBaAFCNwhHEv3rsb/FqMAmLZGaiqRAYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNDRWNTX2V1eHY4V293Q1l0a1pxS3BFQmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lN2U5ZWUtMTdkOC00ZTdlLWJjMjgt
N2UxMzI5ZTA1ZmY0LzEvTURzcW82UmlxYVh0aDZDcVhjNjEzTnI3djE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lN2U5ZWUtMTdkOC00ZTdlLWJjMjgtN2UxMzI5ZTA1ZmY0
LzEvSTNDRWNTX2V1eHY4V293Q1l0a1pxS3BFQmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV8cCMA0G
CSqGSIb3DQEBCwUAA4IBAQB8lQEM8VjkqQ15gpS1tHCihQ5uTbLiOPYSVA0FgeW6
mH6/z99S7G64uVgwFVC+K597EvQGqjIa+OQlweKtuEEVbiBFYiVopIzmuVYB62sZ
pqQw5oGuE4wSfNmpZWXHZtjhODoxDv1dxTCQ0rj82Vtv7q0BL88sm9GuFrLkYNVc
CRGC6MwtznHhCr9lNKDZsSRvTNX0YBK4NCVTThLjUDSrsUOprvoACGSsy2edXkd2
2QyBEb7jUTPFAtwD8BOai8fVHnV4Vfm/y/BgMRXeuD0RRiF8AUvuzafXMvTVjae7
ikBOz6rnxAoyoklRXz6Bv5cI4M5CLGODlQw9yRP+eXkR
-----END CERTIFICATE-----