Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/nEinaJtWbxCmaBOiVdQmAWlhzjs.roa
File:                     nEinaJtWbxCmaBOiVdQmAWlhzjs.roa (raw, json)
Hash identifier:          iBsHvR9Lpx+a+aHpd1AQ9NAM90W5S8TK6dOuYFr7KZk=
Subject key identifier:   9C:48:A7:68:9B:56:6F:10:A6:68:13:A2:55:D4:26:01:69:61:CE:3B
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       018CC8DCD847C1C8FAEF203897DB05D09C76
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/nEinaJtWbxCmaBOiVdQmAWlhzjs.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57444
IP address blocks:        188.247.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d8:47:c1:c8:fa:ef:20:38:97:db:05:d0:9c:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c48a7689b566f10a66813a255d426016961ce3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:77:bc:82:1f:e0:ce:f4:d8:d3:d3:fa:cb:2d:
                    8e:c3:00:ed:b0:94:a6:44:bd:82:13:d1:29:04:f8:
                    e0:18:3a:8b:77:48:9a:cc:37:e9:0e:0a:d0:3e:8c:
                    63:30:f8:ba:a9:bd:5e:2c:e6:a8:29:53:46:a3:27:
                    a9:d3:6a:1e:61:c5:68:2e:69:8c:60:b3:3e:3f:e3:
                    90:61:ab:4e:13:3d:e7:d2:df:cb:85:6a:7f:c1:c3:
                    41:b2:9f:a3:83:0c:da:49:03:5f:e9:ad:fc:b4:3a:
                    44:ae:68:e5:b2:ac:7c:14:14:ed:42:9c:4d:5a:be:
                    c9:bc:09:5a:37:4a:d9:96:f0:a9:6b:1c:d5:ba:ed:
                    5e:f2:af:e6:ce:4b:a6:c6:4f:8a:b6:07:12:57:c7:
                    49:cd:c4:ac:73:f4:e1:22:bf:e5:17:33:6a:d4:6e:
                    ca:f5:97:ef:64:98:75:44:24:63:5c:98:aa:24:11:
                    b3:a7:bd:88:7a:96:6f:ed:17:fb:a2:e6:0d:fe:22:
                    f0:0e:b1:d6:76:14:9b:56:c3:fe:47:6e:6b:00:64:
                    cd:be:1b:39:ce:51:32:7c:f8:8b:dc:be:23:57:7f:
                    28:0d:e6:70:2f:0d:02:09:20:99:10:f7:e5:66:23:
                    b0:c4:61:e1:5c:6d:b4:12:c1:32:b8:5c:b8:44:f6:
                    7d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:48:A7:68:9B:56:6F:10:A6:68:13:A2:55:D4:26:01:69:61:CE:3B
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/nEinaJtWbxCmaBOiVdQmAWlhzjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.247.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:8f:ae:bd:04:2c:e9:23:1c:70:db:98:4e:8e:96:23:67:9e:
         cf:76:64:65:63:82:18:bf:c8:03:5c:c8:f3:8a:98:ed:94:83:
         28:4f:0a:ff:b2:bd:e5:39:40:ff:c5:78:34:21:3d:48:27:3f:
         a6:09:3c:b4:bd:21:27:f8:69:83:b9:49:2d:49:dd:18:92:b1:
         47:82:bb:3e:d4:e3:a6:2f:f3:01:38:0f:70:a6:79:6d:17:aa:
         81:e3:81:46:8f:db:dd:19:3a:2a:d5:53:0f:a2:b7:50:1f:ef:
         85:37:94:22:00:fe:2f:38:28:28:dc:ac:d3:24:9e:7e:54:a7:
         32:02:dd:fc:bc:fb:05:37:fb:3a:4e:f7:32:53:e9:da:66:c4:
         cc:b9:26:d3:e7:67:52:ef:f4:ac:9e:5b:75:b5:73:0b:9b:85:
         95:99:49:b4:94:05:8c:75:27:83:c5:c3:c0:ee:d4:d5:8b:37:
         c0:00:b7:e5:9f:0e:cd:14:13:82:fa:71:0a:cf:28:11:e6:0a:
         a7:15:3f:e0:4e:63:0d:21:96:cb:8b:14:00:0e:8b:a0:0a:a8:
         03:fa:70:d8:2c:9c:39:5f:b1:3a:94:f1:91:8e:c4:a0:2a:30:
         51:e8:35:e2:ce:ac:95:32:15:61:2e:fe:0c:bb:06:4c:c9:1d:
         6d:81:7b:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NhHwcj67yA4l9sF0Jx2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQ4YTc2ODliNTY2ZjEwYTY2ODEzYTI1NWQ0MjYwMTY5NjFjZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHe8gh/gzvTY09P6yy2OwwDtsJSm
RL2CE9EpBPjgGDqLd0iazDfpDgrQPoxjMPi6qb1eLOaoKVNGoyep02oeYcVoLmmM
YLM+P+OQYatOEz3n0t/LhWp/wcNBsp+jgwzaSQNf6a38tDpErmjlsqx8FBTtQpxN
Wr7JvAlaN0rZlvCpaxzVuu1e8q/mzkumxk+KtgcSV8dJzcSsc/ThIr/lFzNq1G7K
9ZfvZJh1RCRjXJiqJBGzp72IepZv7Rf7ouYN/iLwDrHWdhSbVsP+R25rAGTNvhs5
zlEyfPiL3L4jV38oDeZwLw0CCSCZEPflZiOwxGHhXG20EsEyuFy4RPZ9lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxIp2ibVm8QpmgTolXUJgFpYc47MB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvbkVpbmFKdFdieENtYUJPaVZkUW1BV2xoempzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPfqMA0G
CSqGSIb3DQEBCwUAA4IBAQAEj669BCzpIxxw25hOjpYjZ57PdmRlY4IYv8gDXMjz
ipjtlIMoTwr/sr3lOUD/xXg0IT1IJz+mCTy0vSEn+GmDuUktSd0YkrFHgrs+1OOm
L/MBOA9wpnltF6qB44FGj9vdGToq1VMPordQH++FN5QiAP4vOCgo3KzTJJ5+VKcy
At38vPsFN/s6TvcyU+naZsTMuSbT52dS7/Ssnlt1tXMLm4WVmUm0lAWMdSeDxcPA
7tTVizfAALflnw7NFBOC+nEKzygR5gqnFT/gTmMNIZbLixQADougCqgD+nDYLJw5
X7E6lPGRjsSgKjBR6DXizqyVMhVhLv4MuwZMyR1tgXvR
-----END CERTIFICATE-----