Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/mG8Bkra50XtcA_lW5lqnDhkws28.roa
File:                     mG8Bkra50XtcA_lW5lqnDhkws28.roa (raw, json)
Hash identifier:          U1A56l8O3QnwzRYceouN7ESv8MHhQY2dfnqSEoeByKE=
Subject key identifier:   98:6F:01:92:B6:B9:D1:7B:5C:03:F9:56:E6:5A:A7:0E:19:30:B3:6F
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       018CC26CF9151E7C69ED32BC05E19C20D694
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/mG8Bkra50XtcA_lW5lqnDhkws28.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203978
IP address blocks:        185.176.104.0/22 maxlen: 24
                          185.106.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f9:15:1e:7c:69:ed:32:bc:05:e1:9c:20:d6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=986f0192b6b9d17b5c03f956e65aa70e1930b36f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2f:15:7b:4d:de:36:59:18:b1:df:c4:dd:3e:
                    32:e3:14:50:94:22:f5:16:35:cb:1d:dd:83:fd:6d:
                    52:33:52:ef:8f:bb:97:65:df:68:18:96:43:1d:fb:
                    2d:84:a5:1d:73:ba:44:82:36:6a:a5:e9:50:2a:2f:
                    80:41:c9:87:27:13:b7:f8:bc:56:e8:30:a1:b4:0b:
                    83:fe:7a:51:fb:ae:41:ac:56:ad:35:6e:b3:15:bd:
                    1f:ee:79:bb:d7:da:90:e8:12:7c:3d:6c:65:71:34:
                    42:9f:04:df:ba:09:92:f8:42:26:64:a3:74:56:36:
                    28:01:17:2d:38:d6:25:e3:b4:37:1c:d5:96:96:71:
                    19:74:29:d9:92:bc:56:f1:97:20:48:93:e8:d2:65:
                    78:d5:ca:b2:1a:54:25:e4:fe:f1:d4:ea:43:88:82:
                    d0:21:11:f7:32:64:81:db:f2:42:8e:06:c6:12:68:
                    87:ae:92:f8:ef:c0:27:8b:07:49:37:ff:0f:24:e5:
                    7b:14:73:8e:b0:be:89:70:b9:a9:a1:d3:d3:e4:ab:
                    be:10:58:da:30:5e:be:8a:04:35:08:e6:eb:08:42:
                    9c:76:38:25:d9:c5:35:11:c0:f3:cc:30:e1:da:4f:
                    f8:a4:7a:3f:7f:83:18:5b:fe:65:ea:3f:33:4b:79:
                    bc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:6F:01:92:B6:B9:D1:7B:5C:03:F9:56:E6:5A:A7:0E:19:30:B3:6F
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/mG8Bkra50XtcA_lW5lqnDhkws28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.44.0/22
                  185.176.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:ec:86:a9:d4:ea:a9:a5:92:17:2c:9a:98:85:06:c8:ee:85:
         fb:aa:29:ca:0f:2f:eb:e1:3d:4d:31:52:dd:7c:9f:2f:37:23:
         73:55:15:84:ee:a8:6f:fa:b0:f1:50:1d:0b:b0:27:15:b9:a3:
         90:24:16:38:47:49:2c:45:59:12:3e:29:20:2d:a3:c1:79:87:
         71:a6:d2:c5:67:e4:74:8f:23:5f:7f:10:eb:da:23:83:6f:8e:
         c5:19:07:c1:0a:b3:42:4d:ec:71:7f:39:32:b9:55:0c:4a:66:
         39:19:39:2a:aa:76:f2:35:14:71:3d:ca:4c:bb:d3:11:60:18:
         c7:9b:a6:64:76:24:39:d5:c8:78:d7:fe:1c:c6:f4:b5:b9:c7:
         34:7e:0f:e3:21:50:9a:95:e5:23:43:3e:40:0b:88:ab:df:dc:
         44:f3:12:ab:31:42:8d:8c:22:9a:4f:eb:9b:cc:3a:c7:ec:aa:
         f5:fb:6e:8c:62:b7:31:d0:8d:d2:e2:da:84:c5:9b:b5:2e:59:
         07:55:36:78:cc:6e:ff:15:b1:03:d9:2e:4a:0f:5e:ed:35:41:
         a4:b5:85:b2:99:d0:53:39:89:9d:17:7e:3c:c8:3a:fe:01:3c:
         97:b5:da:94:9a:3e:c2:f2:3d:33:9d:5d:f2:0c:a2:48:c2:6d:
         fb:7d:8a:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPkVHnxp7TK8BeGcINaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZmMDE5MmI2YjlkMTdiNWMwM2Y5NTZlNjVhYTcwZTE5MzBiMzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS8Ve03eNlkYsd/E3T4y4xRQlCL1
FjXLHd2D/W1SM1Lvj7uXZd9oGJZDHfsthKUdc7pEgjZqpelQKi+AQcmHJxO3+LxW
6DChtAuD/npR+65BrFatNW6zFb0f7nm719qQ6BJ8PWxlcTRCnwTfugmS+EImZKN0
VjYoARctONYl47Q3HNWWlnEZdCnZkrxW8ZcgSJPo0mV41cqyGlQl5P7x1OpDiILQ
IRH3MmSB2/JCjgbGEmiHrpL478AniwdJN/8PJOV7FHOOsL6JcLmpodPT5Ku+EFja
MF6+igQ1CObrCEKcdjgl2cU1EcDzzDDh2k/4pHo/f4MYW/5l6j8zS3m8iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhvAZK2udF7XAP5VuZapw4ZMLNvMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvbUc4QmtyYTUwWHRjQV9sVzVscW5EaGt3czI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWosAwQC
ubBoMA0GCSqGSIb3DQEBCwUAA4IBAQC/7Iap1OqppZIXLJqYhQbI7oX7qinKDy/r
4T1NMVLdfJ8vNyNzVRWE7qhv+rDxUB0LsCcVuaOQJBY4R0ksRVkSPikgLaPBeYdx
ptLFZ+R0jyNffxDr2iODb47FGQfBCrNCTexxfzkyuVUMSmY5GTkqqnbyNRRxPcpM
u9MRYBjHm6ZkdiQ51ch41/4cxvS1ucc0fg/jIVCaleUjQz5AC4ir39xE8xKrMUKN
jCKaT+ubzDrH7Kr1+26MYrcx0I3S4tqExZu1LlkHVTZ4zG7/FbED2S5KD17tNUGk
tYWymdBTOYmdF348yDr+ATyXtdqUmj7C8j0znV3yDKJIwm37fYrJ
-----END CERTIFICATE-----