Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/OPcJqXjNyhHemALd44JMrKE8fE4.roa
File:                     OPcJqXjNyhHemALd44JMrKE8fE4.roa (raw, json)
Hash identifier:          PlTlyrULX+bER7G+9V7iFKkbtY2KzeLKt3xOPwDERWw=
Subject key identifier:   38:F7:09:A9:78:CD:CA:11:DE:98:02:DD:E3:82:4C:AC:A1:3C:7C:4E
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       018CC8DCDB560D21D78B94B759CE447FD1DA
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/OPcJqXjNyhHemALd44JMrKE8fE4.roa
Signing time:             Tue 02 Jan 2024 06:29:26 +0000
ROA not before:           Tue 02 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198173
IP address blocks:        188.247.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:db:56:0d:21:d7:8b:94:b7:59:ce:44:7f:d1:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  2 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38f709a978cdca11de9802dde3824caca13c7c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1a:4b:a2:e0:e9:7a:e6:d8:50:aa:e5:cf:57:
                    95:6d:3f:61:19:33:66:d3:b4:9c:85:53:53:e1:00:
                    de:25:44:e5:79:6e:61:4b:7e:b1:09:5b:66:bb:af:
                    8b:e0:2d:48:9a:6a:58:a8:37:f5:ba:af:7d:f8:cf:
                    2f:8a:25:56:41:1f:91:07:b8:60:10:10:ce:65:bb:
                    0c:97:c5:9c:3d:c1:50:1b:8c:b7:a3:6e:6b:37:d2:
                    02:e0:de:e9:94:ee:6a:9e:b9:a3:93:a6:d8:f4:0f:
                    e9:94:27:78:5b:c6:94:90:1b:b8:cb:26:bf:7b:59:
                    d0:ec:02:79:43:59:27:63:44:af:01:57:dc:3f:f1:
                    2c:27:21:60:60:83:39:4c:7c:43:79:7d:68:ff:7d:
                    ca:d2:5a:11:89:88:d0:aa:5e:9f:f6:16:ce:fc:2f:
                    85:c2:e5:9c:d9:22:f7:29:05:f8:93:44:ea:51:08:
                    18:e2:1e:5a:1b:53:ad:89:12:94:d7:27:e9:bb:ef:
                    f6:84:7f:bc:ab:09:39:70:cf:fe:4f:eb:9c:74:7c:
                    d8:b9:88:f8:c5:81:0f:9b:21:69:bf:35:7b:7f:5a:
                    9f:2d:78:92:93:cf:48:50:81:03:da:ef:fd:a0:14:
                    93:19:e5:c9:d8:18:cb:33:6c:c8:f0:bb:11:fb:b0:
                    92:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F7:09:A9:78:CD:CA:11:DE:98:02:DD:E3:82:4C:AC:A1:3C:7C:4E
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/OPcJqXjNyhHemALd44JMrKE8fE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.247.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:25:1c:e8:16:94:7f:75:77:0f:58:0a:6d:4d:eb:ce:60:7e:
         6c:c5:d4:9f:f3:98:b7:81:db:37:68:11:e4:44:d5:96:a8:6f:
         d5:9a:99:d7:9f:b6:28:db:df:6b:3c:91:55:7f:7b:fe:97:b8:
         2d:60:d9:e6:4e:dd:52:25:cb:b3:e9:fc:40:df:d6:f3:c9:1f:
         98:fe:37:56:9f:07:62:06:cd:91:e8:6a:cd:40:fc:63:c2:9a:
         6e:bc:3c:a7:01:ff:0d:ed:96:18:41:c7:2f:c5:e3:b4:5f:21:
         0f:1c:f0:00:03:89:05:36:91:a9:17:e5:a4:59:6f:2a:98:82:
         a1:1c:56:b7:58:61:40:84:94:75:fb:e1:a8:b5:55:b6:c0:c9:
         f5:66:f9:df:2d:6b:2f:bc:c9:c7:4b:c1:b2:3d:c4:15:4f:46:
         21:ea:62:31:de:1e:94:bd:42:92:9d:54:d4:f4:ce:82:84:7c:
         d5:f7:a8:10:41:75:9c:2e:1a:ad:08:d5:c1:e6:00:27:30:bb:
         94:7d:99:7c:af:69:1b:15:1c:d3:1f:6b:e9:64:09:5c:db:30:
         c8:42:fa:c6:3a:bd:ef:29:24:47:c2:58:ac:a4:c3:8a:c7:1c:
         ce:7f:81:66:ae:e2:42:05:a9:5a:12:c3:33:e3:76:ca:f7:63:
         dd:e4:f8:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NtWDSHXi5S3Wc5Ef9HaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGY3MDlhOTc4Y2RjYTExZGU5ODAyZGRlMzgyNGNhY2ExM2M3YzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxpLouDpeubYUKrlz1eVbT9hGTNm
07SchVNT4QDeJUTleW5hS36xCVtmu6+L4C1ImmpYqDf1uq99+M8viiVWQR+RB7hg
EBDOZbsMl8WcPcFQG4y3o25rN9IC4N7plO5qnrmjk6bY9A/plCd4W8aUkBu4yya/
e1nQ7AJ5Q1knY0SvAVfcP/EsJyFgYIM5THxDeX1o/33K0loRiYjQql6f9hbO/C+F
wuWc2SL3KQX4k0TqUQgY4h5aG1OtiRKU1yfpu+/2hH+8qwk5cM/+T+ucdHzYuYj4
xYEPmyFpvzV7f1qfLXiSk89IUIED2u/9oBSTGeXJ2BjLM2zI8LsR+7CSGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDj3Cal4zcoR3pgC3eOCTKyhPHxOMB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvT1BjSnFYak55aEhlbUFMZDQ0Sk1yS0U4ZkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPfpMA0G
CSqGSIb3DQEBCwUAA4IBAQDCJRzoFpR/dXcPWAptTevOYH5sxdSf85i3gds3aBHk
RNWWqG/VmpnXn7Yo299rPJFVf3v+l7gtYNnmTt1SJcuz6fxA39bzyR+Y/jdWnwdi
Bs2R6GrNQPxjwppuvDynAf8N7ZYYQccvxeO0XyEPHPAAA4kFNpGpF+WkWW8qmIKh
HFa3WGFAhJR1++GotVW2wMn1ZvnfLWsvvMnHS8GyPcQVT0Yh6mIx3h6UvUKSnVTU
9M6ChHzV96gQQXWcLhqtCNXB5gAnMLuUfZl8r2kbFRzTH2vpZAlc2zDIQvrGOr3v
KSRHwlispMOKxxzOf4FmruJCBalaEsMz43bK92Pd5Phv
-----END CERTIFICATE-----