Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/S4M4iJHQKxi1HHpunlQbjNxxbWU.roa
File:                     S4M4iJHQKxi1HHpunlQbjNxxbWU.roa (raw, json)
Hash identifier:          GvtUI2IFj+Ij8DhMXbfq4eiR1KgXLTpfqDK8/u2Rm/A=
Subject key identifier:   4B:83:38:88:91:D0:2B:18:B5:1C:7A:6E:9E:54:1B:8C:DC:71:6D:65
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941481480A4DE5CBED03D663B83029
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/S4M4iJHQKxi1HHpunlQbjNxxbWU.roa
Signing time:             Tue 02 Jan 2024 00:30:19 +0000
ROA not before:           Tue 02 Jan 2024 00:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5505
IP address blocks:        188.130.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:14:81:48:0a:4d:e5:cb:ed:03:d6:63:b8:30:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b83388891d02b18b51c7a6e9e541b8cdc716d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:4e:3a:9b:13:3d:97:cc:be:2f:a8:a0:25:
                    7d:48:4d:e6:30:45:2e:de:a2:25:a5:19:64:8e:5c:
                    33:66:1a:5b:6f:d0:65:a7:49:61:04:32:d6:30:64:
                    7e:9f:ac:e8:2f:1c:10:ac:c0:8f:45:dc:fd:5b:08:
                    83:21:b0:e5:7d:f1:cb:db:c7:7d:d9:d4:eb:84:cb:
                    23:05:81:27:0a:8f:e8:76:32:12:d0:55:91:ff:2f:
                    aa:02:2c:9b:61:bc:b3:34:10:23:02:27:80:65:f6:
                    e2:bf:a3:fd:10:1e:aa:2e:c9:cb:36:3c:c3:a0:e5:
                    2a:e4:9e:b2:5e:e1:d9:fb:41:4d:59:55:00:01:75:
                    e8:c0:1c:8f:1e:f5:ac:e3:c7:68:c1:d5:ee:df:f3:
                    ad:5e:9c:8d:8f:5f:55:c3:68:1b:07:f1:1b:cf:bc:
                    7b:2d:6d:00:09:d2:81:12:21:a6:d0:48:55:e0:0c:
                    f2:85:b6:84:0e:de:fa:81:72:13:42:40:75:8d:6f:
                    b4:5e:87:d4:f7:39:95:5a:c8:1f:31:10:b0:3a:c5:
                    45:0e:9d:ff:4b:8d:2b:01:14:6d:97:44:37:4e:e7:
                    4e:aa:18:c7:22:dd:41:61:10:91:9a:6b:40:ea:eb:
                    7b:a1:74:d9:2d:98:46:51:f2:da:29:a9:2e:66:94:
                    4e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:83:38:88:91:D0:2B:18:B5:1C:7A:6E:9E:54:1B:8C:DC:71:6D:65
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/S4M4iJHQKxi1HHpunlQbjNxxbWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:9e:11:ae:c0:24:85:6d:1a:ac:6b:80:ba:33:46:fc:c9:49:
         2a:fd:ee:5a:2d:8b:3a:74:54:91:af:5f:46:94:c6:b1:56:16:
         21:02:3e:92:50:d6:e9:97:22:f7:f3:c4:10:1f:ef:02:98:ae:
         02:d5:d7:cb:40:81:7b:9d:29:b7:7c:45:96:3a:64:c9:0e:1b:
         2c:22:4f:07:fb:a9:3e:f8:aa:76:2e:c6:c6:61:06:d6:f6:de:
         ff:60:cf:d6:4e:7e:6e:ac:54:34:66:c6:6a:48:dc:e7:f8:a2:
         04:e4:85:94:d7:a0:7a:4b:2d:63:2e:6d:8d:48:cd:5d:db:b6:
         ee:2a:ec:6b:37:76:ce:a4:ea:ef:e8:ab:26:58:29:88:21:f4:
         34:d4:d3:c8:61:e7:19:76:bb:ca:14:b4:8e:1d:ae:7d:9c:29:
         82:86:2f:f0:5a:1d:61:74:03:64:ca:78:f2:38:68:fc:cf:7e:
         f6:be:38:a8:52:44:55:19:73:7b:cc:43:c9:35:8f:4f:4e:b9:
         f0:e5:48:7c:87:92:29:d9:e1:0f:27:16:36:35:7c:9e:4f:f7:
         f1:59:83:1c:b1:13:23:9a:a0:6e:66:38:a3:1b:7a:86:71:01:
         ff:89:dc:c7:29:da:0c:05:26:bb:e2:ae:7a:a2:88:6c:51:7a:
         2e:0b:c0:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBSBSApN5cvtA9ZjuDApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjgzMzg4ODkxZDAyYjE4YjUxYzdhNmU5ZTU0MWI4Y2RjNzE2ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua9OOpsTPZfMvi+ooCV9SE3mMEUu
3qIlpRlkjlwzZhpbb9Blp0lhBDLWMGR+n6zoLxwQrMCPRdz9WwiDIbDlffHL28d9
2dTrhMsjBYEnCo/odjIS0FWR/y+qAiybYbyzNBAjAieAZfbiv6P9EB6qLsnLNjzD
oOUq5J6yXuHZ+0FNWVUAAXXowByPHvWs48dowdXu3/OtXpyNj19Vw2gbB/Ebz7x7
LW0ACdKBEiGm0EhV4AzyhbaEDt76gXITQkB1jW+0XofU9zmVWsgfMRCwOsVFDp3/
S40rARRtl0Q3TudOqhjHIt1BYRCRmmtA6ut7oXTZLZhGUfLaKakuZpROIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuDOIiR0CsYtRx6bp5UG4zccW1lMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvUzRNNGlKSFFLeGkxSEhwdW5sUWJqTnh4YldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIL3MA0G
CSqGSIb3DQEBCwUAA4IBAQCDnhGuwCSFbRqsa4C6M0b8yUkq/e5aLYs6dFSRr19G
lMaxVhYhAj6SUNbplyL388QQH+8CmK4C1dfLQIF7nSm3fEWWOmTJDhssIk8H+6k+
+Kp2LsbGYQbW9t7/YM/WTn5urFQ0ZsZqSNzn+KIE5IWU16B6Sy1jLm2NSM1d27bu
KuxrN3bOpOrv6KsmWCmIIfQ01NPIYecZdrvKFLSOHa59nCmChi/wWh1hdANkynjy
OGj8z372vjioUkRVGXN7zEPJNY9PTrnw5Uh8h5Ip2eEPJxY2NXyeT/fxWYMcsRMj
mqBuZjijG3qGcQH/idzHKdoMBSa74q56oohsUXouC8DY
-----END CERTIFICATE-----